1
00:00:00,630 --> 00:00:08,310
Hello and welcome to a new section in this new section, we are going to study the important address

2
00:00:08,310 --> 00:00:17,590
table structure by studying Microsoft Paint Haider and analysis.

3
00:00:17,670 --> 00:00:18,970
So Microsoft Paint.

4
00:00:19,830 --> 00:00:30,750
Hey, there, the Windows and the not hate files contains the structure of the unified descriptor.

5
00:00:31,410 --> 00:00:39,180
The entire descriptor is to date that structure that contains information and address tables and import

6
00:00:39,180 --> 00:00:40,050
lookup tables.

7
00:00:41,280 --> 00:00:43,800
Microsoft pages its location.

8
00:00:46,310 --> 00:00:55,680
In this diagram on the left is your window in Kigali, he hit a foul, which I have open in bat plus

9
00:00:55,680 --> 00:01:02,270
plus, and then I search for this structure called input descriptor.

10
00:01:02,750 --> 00:01:04,250
And this is the structure.

11
00:01:04,670 --> 00:01:09,680
And this is why it looks like you can see that, yeah, altogether.

12
00:01:10,810 --> 00:01:19,590
Five members, the first member and union consisting of characteristics with an arena first dunk guy

13
00:01:19,730 --> 00:01:22,960
with characteristic duties now unused.

14
00:01:23,470 --> 00:01:26,020
Now aides using only the first dunk.

15
00:01:27,370 --> 00:01:31,270
Then the second member is what time this time?

16
00:01:32,440 --> 00:01:37,330
And then you have follow the change, you would name you and first don't give it.

17
00:01:38,500 --> 00:01:48,190
So all these members are this important descriptor is intended to stall data relating to where to find

18
00:01:48,190 --> 00:01:51,870
the API functions for any particular SFR.

19
00:01:52,930 --> 00:02:01,210
So it is using the following we take a look at be back on the right who is open and I've loaded Microsoft

20
00:02:01,210 --> 00:02:10,730
been into eBay and in here I click on the optional header and then I scroll down and there will be a

21
00:02:11,020 --> 00:02:16,570
physical input directory and RV here the address.

22
00:02:17,230 --> 00:02:27,790
So if I right click on this, I will come to this region of the file, which contains all the files

23
00:02:28,240 --> 00:02:34,990
that I use and buy this Microsoft Paint and all of these details here.

24
00:02:35,290 --> 00:02:38,800
I actually this structure.

25
00:02:40,210 --> 00:02:43,600
So let's move on to the next slide and you be clear for you.

26
00:02:44,620 --> 00:02:53,020
So now he's seen two files with the Andean Haitien, the left and May because I've been there, right?

27
00:02:53,530 --> 00:02:59,410
But this time I think on important step and is now clearer, as you can see.

28
00:03:00,610 --> 00:03:05,680
This part of the memory is actually the.

29
00:03:06,730 --> 00:03:07,750
For advocacy.

30
00:03:08,960 --> 00:03:14,750
And how these values, Xia refers to this structure, find rugby.

31
00:03:16,490 --> 00:03:22,370
And then if you look at this one here, the first for vice e-cars now this tank.

32
00:03:22,880 --> 00:03:25,310
One two three four four by.

33
00:03:27,080 --> 00:03:34,190
And you know, the first tank is also found here we see through to a ship.

34
00:03:34,520 --> 00:03:35,180
She's this.

35
00:03:37,030 --> 00:03:43,780
And then the next four vice would be your time stamp, which is in this case.

36
00:03:44,320 --> 00:03:46,420
And you can see a time stamp is on this.

37
00:03:48,280 --> 00:03:52,820
And then the next member is your follow the chain, which is again.

38
00:03:52,850 --> 00:03:53,440
Oh yes.

39
00:03:54,040 --> 00:03:56,290
And as you see here in less.

40
00:03:57,680 --> 00:04:04,490
And then the next member is your name, which is your friendly name for this out of a PDA.

41
00:04:05,000 --> 00:04:07,430
So this is the offset there.

42
00:04:07,430 --> 00:04:11,330
You will find a friendly name for this game.

43
00:04:11,630 --> 00:04:16,190
So if you went actually went to this location, you can, you can see, will be able to see the name

44
00:04:16,670 --> 00:04:17,450
of this.

45
00:04:17,610 --> 00:04:19,490
Yeah, in the string section.

46
00:04:20,840 --> 00:04:23,480
And then the last one is first tank.

47
00:04:23,930 --> 00:04:28,370
So the last four here is offering two nine seven zero zero zero.

48
00:04:29,090 --> 00:04:32,660
This is the offset to your first function.

49
00:04:33,140 --> 00:04:35,120
Can I start in by this idea?

50
00:04:36,140 --> 00:04:38,450
So and not be experts on this?

51
00:04:38,540 --> 00:04:39,140
Yes.

52
00:04:39,800 --> 00:04:48,760
And the tank member of Need It after the restaurant structure is pointing to the first function that

53
00:04:48,770 --> 00:04:51,230
is is 640.

54
00:04:52,220 --> 00:04:53,450
So this is how you read it.

55
00:04:54,380 --> 00:04:58,100
So the same thing happens for the second part here and in blue.

56
00:04:58,640 --> 00:05:02,030
The second part here refers to connectivity to Dan.

57
00:05:02,810 --> 00:05:14,720
So maybe the if I see here is the zero three five eight are here and then this is this business.

58
00:05:14,720 --> 00:05:23,350
If I have actually the first member and then the second member is timely STEM, which is this one again,

59
00:05:23,360 --> 00:05:23,900
we have.

60
00:05:24,950 --> 00:05:26,210
For baseball, yes.

61
00:05:26,870 --> 00:05:29,960
And in baseball bats, an official holiday cheer.

62
00:05:31,060 --> 00:05:36,140
Here and here, and then the next member is here.

63
00:05:37,400 --> 00:05:41,180
NIM, which is here is four based here.

64
00:05:41,840 --> 00:05:42,530
Also here.

65
00:05:43,660 --> 00:05:49,840
And this is if you went to this, I certainly would be you would be able to see the name to to get out

66
00:05:50,740 --> 00:05:55,600
and the last member is first sunk, which is the last four base here.

67
00:05:56,260 --> 00:06:03,190
And this will be the offset to your first function that is supported by an artery to the head.

68
00:06:04,150 --> 00:06:08,260
So this is how you understand this important descriptor.

69
00:06:08,740 --> 00:06:14,980
Now what we mean, maybe see it put an address table refers to the first tank.

70
00:06:15,610 --> 00:06:21,610
So the first time here is a pointer to the first function of the input address table.

71
00:06:23,550 --> 00:06:33,130
And then the first time here is known as the look up table function and cut cable system.

72
00:06:33,510 --> 00:06:37,020
So when the program first, he actually first starts.

73
00:06:37,410 --> 00:06:47,010
The idea is empty, but the original first tank will have some data that will contain the that functions.

74
00:06:47,520 --> 00:06:55,320
But he doesn't know the address, so he will use these hints here to try to look this address into the

75
00:06:56,190 --> 00:06:57,600
first 10 down here.

76
00:06:58,290 --> 00:07:05,550
So once all the addresses included, the first down, our Heidi would be fully loaded and contains all

77
00:07:05,550 --> 00:07:07,680
the addresses for the functions.

78
00:07:08,670 --> 00:07:16,350
So this how the process of resolving function in Haiti works.

79
00:07:16,890 --> 00:07:19,590
All these numbers here are the hints.

80
00:07:20,160 --> 00:07:27,930
That means is something like the ordinal, which we studied before the previous lesson where we have

81
00:07:27,930 --> 00:07:32,520
all of these numbers corresponding to the function names.

82
00:07:32,910 --> 00:07:38,790
So this actually offsets to the address of the function in memory.

83
00:07:39,300 --> 00:07:42,330
So we use this the people order, we use.

84
00:07:42,330 --> 00:07:46,410
This hints to try to locate the address of these functions in memory.

85
00:07:47,010 --> 00:07:54,060
Once it's loaded, first time will contain the complete IED table with corresponding addresses for every

86
00:07:54,060 --> 00:07:54,420
function.

87
00:07:55,440 --> 00:08:02,220
So that's all for this video In the next video, we are going to do a practical walkthrough on how to

88
00:08:02,220 --> 00:08:07,200
look at the the entire descriptor using a calculator program.

89
00:08:07,710 --> 00:08:09,270
So I'll see you in the next few minutes.

90
00:08:09,270 --> 00:08:10,590
VIDEO Thank you for watching.