1
00:00:00,840 --> 00:00:01,990
Hello and welcome back.

2
00:00:02,430 --> 00:00:09,540
In this video, we are going to do a practical walkthrough on their behavior and look how the expert

3
00:00:09,540 --> 00:00:15,870
directory structure, which the country to the air and comparing the V90 large.

4
00:00:17,630 --> 00:00:20,660
So I mean, maybe two machine windows seven.

5
00:00:22,080 --> 00:00:23,650
I created a photo call.

6
00:00:23,670 --> 00:00:24,600
Now they have to.

7
00:00:26,040 --> 00:00:34,470
And then you can go in download this zip file this project and Zip, put it in my desk to inside here

8
00:00:34,500 --> 00:00:44,190
I have a window and the Dark Age here for which you can obtain by reading this, opening this text file

9
00:00:44,190 --> 00:00:45,790
here you show you writing it.

10
00:00:46,530 --> 00:00:50,220
He might be slightly different for yours, but basically he's in this.

11
00:00:51,210 --> 00:00:54,990
So to get this view 90, you will go to this path here.

12
00:00:55,230 --> 00:01:04,730
It means you open the sea dry, cleaning your seafood and go to program for x86 and then go to windows.

13
00:01:04,830 --> 00:01:05,090
It's.

14
00:01:07,310 --> 00:01:12,720
Can they look for 10 for Windows, 10 in before eating food?

15
00:01:13,790 --> 00:01:15,590
And they look for 10 zero zero?

16
00:01:15,950 --> 00:01:18,470
Maybe this number here helping is.

17
00:01:19,720 --> 00:01:25,390
And then you say here there's a U.N. for the one year for Libya and throughout the region.

18
00:01:26,820 --> 00:01:31,620
And then w-, you should be able to locate your win in the.

19
00:01:34,250 --> 00:01:44,790
He's the one who invented a hedge, so a copy of me and he he copies in and put in this for the two

20
00:01:45,080 --> 00:01:45,740
I this one.

21
00:01:48,940 --> 00:01:49,420
Copy and.

22
00:01:50,470 --> 00:01:56,350
So the reason the copyright is you don't want to accidentally add is far from this location.

23
00:01:57,850 --> 00:02:02,830
So now you can open this, we need a huge rectly added, you know that?

24
00:02:05,130 --> 00:02:13,960
And while you know, that is open, you can control if you search or you can just click on this search,

25
00:02:13,960 --> 00:02:19,680
you search, find and here look for a spot.

26
00:02:19,830 --> 00:02:21,120
And it's called dear.

27
00:02:23,820 --> 00:02:25,200
You finally just go on.

28
00:02:26,130 --> 00:02:31,710
So this is a structure for the part of the paper that contains the export directory.

29
00:02:32,790 --> 00:02:41,870
Now we are going to open the country to the L in B using B B.

30
00:02:42,540 --> 00:02:44,660
So let's go and look for an entity to the.

31
00:02:46,250 --> 00:02:54,650
Connected to the oil is found in the sea dry windows system, 32.

32
00:02:57,040 --> 00:02:58,290
System System32,

33
00:03:01,380 --> 00:03:03,120
again, you can scroll down.

34
00:03:04,860 --> 00:03:07,890
And under care, there should be kind of three to.

35
00:03:09,430 --> 00:03:09,790
Yeah.

36
00:03:09,820 --> 00:03:11,790
So you can directly copy this.

37
00:03:13,150 --> 00:03:18,860
A PC in your this folder here, 90s.

38
00:03:20,830 --> 00:03:24,160
All right, so this way you accidentally go in this far.

39
00:03:24,910 --> 00:03:26,710
So now you can open this web.

40
00:03:27,190 --> 00:03:28,930
So fire your bidet.

41
00:03:32,420 --> 00:03:40,040
Now, all of these these files here shortcuts, so these shortcuts created from the flight order and

42
00:03:40,040 --> 00:03:41,000
the activities.

43
00:03:42,790 --> 00:03:45,400
You can find your B that he actually.

44
00:03:46,610 --> 00:03:52,370
He would be back, you just right click and drag to the desktop to create your shortcut.

45
00:03:56,380 --> 00:03:57,670
So now open feedback.

46
00:03:59,550 --> 00:04:02,950
And then you're going to jail in the.

47
00:04:06,690 --> 00:04:08,160
And BBC Sun say.

48
00:04:10,350 --> 00:04:13,350
So if you go to the option here, there.

49
00:04:15,020 --> 00:04:21,520
It is, but highly paid it, scroll down, you can see, and that has punditry directory structure,

50
00:04:21,520 --> 00:04:22,510
he said this address.

51
00:04:23,620 --> 00:04:26,740
So this is Schoharie reality to address.

52
00:04:27,610 --> 00:04:32,600
So if you want to follow this in the memory, you just right click is full.

53
00:04:32,860 --> 00:04:34,360
Are we in the FC?

54
00:04:34,780 --> 00:04:36,340
Click on it and you come here.

55
00:04:36,970 --> 00:04:37,960
Yes, how you get this?

56
00:04:39,010 --> 00:04:43,120
So now this is a off your spot that it is right here.

57
00:04:43,750 --> 00:04:50,200
And this is the member of the structure, so you can see characteristics here.

58
00:04:50,470 --> 00:04:52,750
Refer to give it.

59
00:04:54,050 --> 00:04:57,020
Which is this four characters this form right here?

60
00:04:58,500 --> 00:05:07,360
Album Money Song Zeros, and then if you want to have a human readable view of this, all you need to

61
00:05:07,360 --> 00:05:09,220
do is click on next step.

62
00:05:10,910 --> 00:05:15,110
And then you can see the human readable view for all these bites here.

63
00:05:16,140 --> 00:05:24,410
So characteristics here is referring to this four year because it's a dual format and the value is always

64
00:05:24,420 --> 00:05:33,770
zero zero next only stand is in the Valley five five four six three one five, which is this in reverse

65
00:05:33,790 --> 00:05:37,580
Phi Phi for the S.S. when fight.

66
00:05:40,000 --> 00:05:49,510
Next, one major motion, two zeros to advice, you can confirm here you can see pediatrician and then

67
00:05:49,540 --> 00:05:55,240
here my new addition is an excellent also zero referring to two base here.

68
00:05:56,170 --> 00:06:00,490
And the next one will be a name, a 364 here in.

69
00:06:01,060 --> 00:06:10,390
So this name is a name for this year, and the name is following this address a 364, which is this

70
00:06:11,020 --> 00:06:13,060
a three six four?

71
00:06:14,270 --> 00:06:20,900
So you can actually click this and follow this here and now you will see.

72
00:06:21,850 --> 00:06:30,510
And this address is a name, Colonel 9:57 referring to this connected, you can tell that via Zoom enough

73
00:06:31,630 --> 00:06:34,360
now to go back to the previous RV.

74
00:06:34,720 --> 00:06:37,990
Just click on that you go back to the.

75
00:06:39,550 --> 00:06:44,980
Now the next one is this one, so a busy highway is one.

76
00:06:45,160 --> 00:06:47,140
So this refers to this one.

77
00:06:47,140 --> 00:06:50,130
Here is for back to me.

78
00:06:51,130 --> 00:06:59,710
So this one here is telling you that the ordinal starts from one deciding a Saturn one.

79
00:06:59,710 --> 00:07:01,360
So we have a few ordinance.

80
00:07:02,440 --> 00:07:10,420
You have to remember to get to the base one to get the actual arena.

81
00:07:11,110 --> 00:07:12,400
So that's the meaning of this.

82
00:07:12,880 --> 00:07:15,490
These are offsets and this is the base.

83
00:07:15,850 --> 00:07:22,550
So if you if you want to calculate the actual know, you need to take these numbers at the base and

84
00:07:22,570 --> 00:07:23,950
then you get your chance in a.

85
00:07:26,920 --> 00:07:30,880
So there's a meeting on this next one is number of functions.

86
00:07:31,720 --> 00:07:33,190
Assign them no functions as a diva.

87
00:07:33,730 --> 00:07:37,510
So here the normal functions is Hex five seven.

88
00:07:37,510 --> 00:07:45,700
Oh, which in this case vice handle and the number of names also see x y.

89
00:07:45,730 --> 00:07:52,120
So that means that five hundred and seventy functions in Hex.

90
00:07:53,200 --> 00:07:59,000
So you want to know actually how many of these you have to convert into decimal.

91
00:07:59,020 --> 00:08:03,580
You can use their calculator, you can convert Hex.

92
00:08:06,020 --> 00:08:10,670
So they're facing zero in decimal.

93
00:08:10,850 --> 00:08:14,390
It is one thousand three hundred two functions.

94
00:08:14,900 --> 00:08:18,740
So currently through the has gone one thousand three hundred ninety two functions.

95
00:08:19,040 --> 00:08:20,240
Hey, spot that tightens.

96
00:08:21,950 --> 00:08:24,440
So these two are referring to the fi sound.

97
00:08:24,440 --> 00:08:24,980
Really nice.

98
00:08:25,760 --> 00:08:26,570
No function.

99
00:08:26,570 --> 00:08:27,500
Refer to this.

100
00:08:29,120 --> 00:08:30,930
A number of.

101
00:08:32,600 --> 00:08:35,540
Names refer to this is one.

102
00:08:36,930 --> 00:08:44,010
So a number of functions referring to a number of her address here, actually, and my needs us to refer

103
00:08:44,020 --> 00:08:44,460
to this.

104
00:08:45,630 --> 00:08:47,870
So he got that done.

105
00:08:48,010 --> 00:08:50,790
Her next one is to address all functions.

106
00:08:51,450 --> 00:08:59,850
So this is the address where you have an array containing all the functions so you can right click this

107
00:09:00,150 --> 00:09:01,290
folder, Harvey.

108
00:09:01,770 --> 00:09:02,820
And here you go.

109
00:09:03,900 --> 00:09:05,310
So the first address is.

110
00:09:06,730 --> 00:09:09,610
This one, the first function, he said, is address.

111
00:09:11,190 --> 00:09:19,920
He he wants zero, and you can even see here he he won't see zero second function, he said his address.

112
00:09:22,130 --> 00:09:28,870
He even even he he when he when he is here, it is functioning, so this address.

113
00:09:32,920 --> 00:09:35,170
Three zero three three zero.

114
00:09:35,320 --> 00:09:37,630
And you can trace it all the way down.

115
00:09:38,080 --> 00:09:43,990
So this is the original memory which contains the real functions.

116
00:09:44,410 --> 00:09:53,200
So this area of function here is also known as a spot address table, which we have seen before in the

117
00:09:53,200 --> 00:09:54,070
PowerPoint tonight.

118
00:09:54,910 --> 00:09:57,220
This is a spot address table.

119
00:10:02,680 --> 00:10:05,200
And then in the next one is the address of names.

120
00:10:05,890 --> 00:10:09,670
So this is a friendly name for each of these functions.

121
00:10:10,540 --> 00:10:17,350
Here you only see addresses of the aforementioned you don't know what they are, but this this table

122
00:10:17,350 --> 00:10:19,900
here, this array here tells you what they are.

123
00:10:20,350 --> 00:10:23,740
So you can actually click on this now and follow the memory.

124
00:10:24,840 --> 00:10:30,960
So the first first address, which is this one, a few nights.

125
00:10:32,100 --> 00:10:39,330
A three nine, six nine one contestant name the first function correctly likeliness and follow this

126
00:10:40,290 --> 00:10:46,720
and then in memory, you can see the name of the function, which is acquired exclusive and you gave

127
00:10:46,760 --> 00:10:48,920
and you will see acquire licensee.

128
00:10:50,810 --> 00:10:56,030
You can do the same thing for the next one, right click for this information, and you can see the

129
00:10:56,030 --> 00:10:57,250
second one is so long.

130
00:10:57,470 --> 00:10:58,490
Is quite exclusive.

131
00:10:58,880 --> 00:11:03,770
Now you can take a look at this, right click this and go there.

132
00:11:03,770 --> 00:11:07,790
You can see is had had them, he added to me and so on.

133
00:11:08,780 --> 00:11:14,150
So this is a real friendliness, which is human readable strings.

134
00:11:15,020 --> 00:11:18,710
All right, the next one ordinance rectly follow.

135
00:11:19,550 --> 00:11:21,280
And this is very ordinance type.

136
00:11:21,990 --> 00:11:31,010
So ordinance signed to Vice what which is to base the first ordinance zero zero and this one uses zero

137
00:11:31,010 --> 00:11:34,940
one eight one two zero two and zero three and so on.

138
00:11:35,180 --> 00:11:37,100
And they're referring to this column here.

139
00:11:38,870 --> 00:11:47,180
So as you recall from our site, the ordinance is the numbers referring to the location in the address

140
00:11:47,570 --> 00:11:54,230
where they are met, where each of these function needs are met in the address that there is a purpose

141
00:11:54,230 --> 00:11:55,130
of ordinance.

142
00:11:56,360 --> 00:12:00,640
OK, so there's a meeting about this spot, actually.

143
00:12:01,850 --> 00:12:07,910
The only thing you need to be aware of is that some of these effort going forward is now this amazing.

144
00:12:07,910 --> 00:12:16,310
And see for this mean that this addresses contained does not contain the actual code for that function,

145
00:12:16,910 --> 00:12:21,650
but you need to refer to another year for that actual code.

146
00:12:22,430 --> 00:12:26,980
So how do you know that this is not the IP address of your chocolate?

147
00:12:27,800 --> 00:12:37,460
You have to compare the if range how they explained that a tree so your x y data nine FC plus CFC when

148
00:12:37,460 --> 00:12:40,340
we give you the range on the spot territory.

149
00:12:40,910 --> 00:12:51,920
So if you are, if this particular address is false within within this range, then you can be sure

150
00:12:51,920 --> 00:12:52,970
that it is.

151
00:12:55,410 --> 00:13:05,970
It is a forwarding address, so be hit below that we need to go and look up and try to find the functioning

152
00:13:06,150 --> 00:13:09,030
condition for this function.

153
00:13:10,270 --> 00:13:14,650
Some of we don't have this folding, for example, like edit them.

154
00:13:15,010 --> 00:13:22,090
So for those instances you can use and likely follow this, and in here you can see the actual implementation

155
00:13:22,390 --> 00:13:26,300
for that particular function for the rest.

156
00:13:26,350 --> 00:13:29,470
You will need to follow the folder.

157
00:13:30,430 --> 00:13:39,430
So this is basically the practical walkthrough on examining the --, specifically the export

158
00:13:39,460 --> 00:13:40,120
territory.

159
00:13:40,720 --> 00:13:47,980
So these are basic knowledge which you need to have for these costs and to be using this basic foundational

160
00:13:47,980 --> 00:13:50,590
knowledge in the coming lessons.

161
00:13:50,950 --> 00:13:52,900
So that's all for these practical.

162
00:13:53,350 --> 00:13:55,480
Thank you for which he.