1
00:00:00,420 --> 00:00:03,090
Welcome to the new session.

2
00:00:03,640 --> 00:00:10,980
So we're going to do a practical walkthrough on the important descriptor and I'd table.

3
00:00:11,760 --> 00:00:17,550
So going download this project here to I.E.D. and put it in day to food.

4
00:00:18,780 --> 00:00:22,980
And you say here you find a I and he'd have fun.

5
00:00:23,430 --> 00:00:28,050
If you open really far, you can see your location where you can get it from.

6
00:00:29,430 --> 00:00:31,500
And also the location for kill.

7
00:00:31,530 --> 00:00:31,970
Yes.

8
00:00:33,090 --> 00:00:34,050
So let us open in.

9
00:00:34,050 --> 00:00:34,980
Been in TV.

10
00:00:36,660 --> 00:00:37,890
You can us plus.

11
00:00:43,020 --> 00:00:47,130
And then we look for in this descriptor by searching for it.

12
00:00:47,250 --> 00:00:53,430
Click on Search, find in time in point on this car descriptor.

13
00:00:53,610 --> 00:00:58,580
Oh yes, he name he has found it here.

14
00:01:00,240 --> 00:01:08,910
And then we'll open the location for calculator, which is following this path.

15
00:01:09,780 --> 00:01:12,000
So the eBay.

16
00:01:14,980 --> 00:01:22,320
And you can file look, be and go straight to see windows.

17
00:01:27,530 --> 00:01:35,060
System32 and then count hack to open.

18
00:01:37,960 --> 00:01:38,680
Yesterday.

19
00:01:39,340 --> 00:01:43,330
So now we'll put her in for the script.

20
00:01:43,510 --> 00:01:47,200
Side by side with, he'll be there.

21
00:01:48,890 --> 00:01:56,060
Hear what the options are here to hear and scroll down and and these fill in Project three exactly on

22
00:01:56,060 --> 00:01:56,480
this.

23
00:01:57,130 --> 00:01:59,290
Follow we're up here.

24
00:02:03,600 --> 00:02:14,280
So now in this hour, we're here, you can see the the all of these structures for this important descriptor.

25
00:02:15,030 --> 00:02:16,200
Yeah, quite a few here.

26
00:02:17,850 --> 00:02:18,720
So let's see.

27
00:02:19,800 --> 00:02:20,880
Click on imports here.

28
00:02:21,210 --> 00:02:27,450
The first one is about B to the ale, and if you say offset the one here.

29
00:02:29,260 --> 00:02:29,890
The UAE.

30
00:02:32,320 --> 00:02:38,250
It's bites here, so this for base here is for Hammarby and.

31
00:02:39,600 --> 00:02:41,400
It stretches all the way.

32
00:02:43,720 --> 00:02:47,560
And do the next one, which is the two four zero.

33
00:02:50,480 --> 00:02:50,810
Here.

34
00:02:53,060 --> 00:03:03,810
This is the stunt, the next structure issue for second of three to zero two four for the two fold and

35
00:03:03,810 --> 00:03:05,660
then a nation will be DFAC, so.

36
00:03:07,210 --> 00:03:08,470
The foresee so.

37
00:03:12,880 --> 00:03:13,840
Which starts here.

38
00:03:15,580 --> 00:03:16,540
Need for Cecil.

39
00:03:17,170 --> 00:03:18,980
This is the structure.

40
00:03:19,720 --> 00:03:25,390
So you have many structures altogether, think you can count the number of structures here?

41
00:03:26,410 --> 00:03:31,240
If you come from here, you can see in one two three four five six seven eight.

42
00:03:32,590 --> 00:03:40,990
Nine, 10, 11 to 13, 14 year, 14 in police descriptor here, want to get it?

43
00:03:41,770 --> 00:03:45,720
So let's study the first one and not be a business there.

44
00:03:46,240 --> 00:03:46,970
Do you want year?

45
00:03:48,390 --> 00:03:54,110
So we start to hear stretches here continues until.

46
00:03:55,990 --> 00:04:04,780
Until you hear the next one is zero two four zero, which is going to 32 secretary to structure assessment

47
00:04:04,780 --> 00:04:05,020
here.

48
00:04:05,980 --> 00:04:12,370
So from here to here is a structure for MLP.

49
00:04:13,390 --> 00:04:19,510
So the first for base refers to the original first tank or union system.

50
00:04:21,810 --> 00:04:29,940
The one he is here and then the next four bites he's deemed it's 10, which is on f's.

51
00:04:33,670 --> 00:04:38,740
The next member will be forward a chain which is here again on this.

52
00:04:41,620 --> 00:04:49,480
And then the next member of the Anene, which is here in the wonderful new wonderful, you must really

53
00:04:49,480 --> 00:04:50,260
reverse order.

54
00:04:52,430 --> 00:04:57,290
So this deal, and therefore, if you go now reckoning for follow, you should be able to see the name

55
00:04:57,290 --> 00:04:58,370
and not be here.

56
00:04:59,450 --> 00:05:06,350
Hello, PDA is a street name for the PDA, is a friendly name for this deal.

57
00:05:08,060 --> 00:05:12,260
Messing with me and then the next member will be your first time.

58
00:05:12,990 --> 00:05:16,310
So your first tongue will be this one.

59
00:05:18,980 --> 00:05:20,360
So this last member.

60
00:05:21,660 --> 00:05:23,490
Hear, hear.

61
00:05:24,480 --> 00:05:28,600
So the first time is a pointer to the important address table.

62
00:05:29,220 --> 00:05:31,230
So you progress table, he's telling here.

63
00:05:33,660 --> 00:05:41,370
So at the moment, you can see the progress table contains 10 injuries and there are 10 functions in

64
00:05:41,370 --> 00:05:43,560
Araby 32 there.

65
00:05:44,370 --> 00:05:49,410
If you click country to even look 182 is important.

66
00:05:49,410 --> 00:05:56,190
It is stable, containing all the functions there that can protect for currently get jittery to.

67
00:05:57,560 --> 00:05:59,570
Usually two into so.

68
00:06:01,160 --> 00:06:02,660
OK, let's go back to our people.

69
00:06:03,540 --> 00:06:10,640
So about be here and you come down to the boat, then you will see our what has got all these entries?

70
00:06:11,960 --> 00:06:15,620
You have higher than 10 important functions.

71
00:06:16,250 --> 00:06:20,930
And over here is your first one.

72
00:06:23,540 --> 00:06:24,530
And this is a hint.

73
00:06:26,110 --> 00:06:29,590
So everyone on this commission has got corresponding numbers.

74
00:06:29,710 --> 00:06:31,390
This is just like an old eagle number.

75
00:06:32,620 --> 00:06:34,930
And then here if you click on this and follow.

76
00:06:36,270 --> 00:06:43,800
You can see the name here, the hidden plastic, and you see they do so in east, he is the saying,

77
00:06:43,800 --> 00:06:52,220
I'll do the no and then the rest is a string name which that you read security is.

78
00:06:53,780 --> 00:07:02,150
If you went to the second one Fallujah area, you will see the hill to CC to Mississippi, followed

79
00:07:02,150 --> 00:07:05,390
by a string name rank query value.

80
00:07:05,390 --> 00:07:08,360
Hicks rank very, very nice.

81
00:07:09,430 --> 00:07:19,360
If you can afford it, that one, by clicking this, you will come to the hill, to Tracy, to Tracy,

82
00:07:20,050 --> 00:07:29,050
followed by your friendly name for this function, which is recreate key W, create key NBA.

83
00:07:30,650 --> 00:07:36,590
So this is how the thing works, and this is how we can analyze all these important address stable.

84
00:07:37,640 --> 00:07:48,260
So one thing important to remember is the first term is a pointer to the start of your off your deal.

85
00:07:48,620 --> 00:07:51,560
So for example, if we go next year.

86
00:07:57,390 --> 00:07:58,890
So you are in your first term.

87
00:07:59,370 --> 00:08:00,510
Is this one?

88
00:08:01,860 --> 00:08:09,840
Here and then when you first see he doesn't have a address for each one on this function, but he will

89
00:08:09,840 --> 00:08:19,170
look up using the heat and eventually the builder will populate your boat address table, which is this

90
00:08:19,170 --> 00:08:21,900
one for them if all the addresses for this.

91
00:08:22,620 --> 00:08:28,950
So this is how you will see how the resolve, how the invoice table is being designed.

92
00:08:30,180 --> 00:08:35,460
OK, so now we can try to take a look at using a debugger.

93
00:08:35,970 --> 00:08:37,880
Take a look here, here and look that.

94
00:08:38,940 --> 00:08:42,990
So the following options Click on Options Preferences and here.

95
00:08:43,140 --> 00:08:51,830
Click on the outlook and system here because you want to see how the item is outstanding for the functions,

96
00:08:51,870 --> 00:08:53,250
the addresses of all the functions.

97
00:08:54,210 --> 00:08:56,070
And it's only we check for breakpoint.

98
00:08:56,070 --> 00:08:59,100
So now we open your.

99
00:09:00,270 --> 00:09:05,340
Calculator or the system to select Calculator AC to Cuban.

100
00:09:07,200 --> 00:09:09,480
And then over here, we go to memory.

101
00:09:10,500 --> 00:09:17,670
And noticed that we needed to least know that all the R&amp;D ers have not been hit because if you put a

102
00:09:17,670 --> 00:09:24,360
brake fine on the air, you can see at the bottom left it is passed and is a break point in the air.

103
00:09:25,140 --> 00:09:32,040
So here we go to the next session and you scroll down and see the costs noticed.

104
00:09:32,400 --> 00:09:39,370
This these countries function is unknown because this has not been resolved here into the import address

105
00:09:39,390 --> 00:09:39,780
table.

106
00:09:40,260 --> 00:09:41,400
So we can follow this.

107
00:09:41,730 --> 00:09:43,950
Click on this first come down here.

108
00:09:46,830 --> 00:09:52,560
And in following down this address in stable has not been resolved here.

109
00:09:54,540 --> 00:10:01,290
So now you have only the functional look up, so now you really see what happens.

110
00:10:03,660 --> 00:10:04,380
So elusive.

111
00:10:04,380 --> 00:10:05,880
First year 2032.

112
00:10:07,650 --> 00:10:10,410
And you still have to resolve the high table yet.

113
00:10:12,000 --> 00:10:19,390
Look, the second, yeah, cannabis, yeah, he's now got it right now, you'll lose the next year,

114
00:10:19,440 --> 00:10:22,680
he shouted into the air each time you click run.

115
00:10:23,190 --> 00:10:30,630
He said, Yeah, so you may need to click it a few times and to all of the else, download it

116
00:10:36,540 --> 00:10:42,240
discreetly when clicking and you can see already my ideas being loaded given clicking.

117
00:10:43,430 --> 00:10:49,970
OK, now when you see all this surrender, Mr changes being made to this region of memory, that means

118
00:10:50,360 --> 00:10:54,620
now the IED table has been fully resolved.

119
00:10:54,830 --> 00:10:55,820
That's why it turns out.

120
00:10:56,630 --> 00:10:59,540
And if you go back to this location?

121
00:10:59,840 --> 00:11:00,260
Thanks.

122
00:11:00,680 --> 00:11:01,130
Sorry.

123
00:11:01,160 --> 00:11:02,150
He should be here.

124
00:11:02,570 --> 00:11:09,770
Go to the text here and now you can see your function name has been resolved because the high table

125
00:11:09,770 --> 00:11:10,430
has been resolved.

126
00:11:11,030 --> 00:11:19,990
So if you click on this now and come down here and follow it in the same address, you will find this.

127
00:11:21,140 --> 00:11:28,640
These are in part of this table with all the reality which you address for the functions function,

128
00:11:28,650 --> 00:11:35,870
so you can follow this correctly and follow Cuba in this assembler wiki.

129
00:11:36,110 --> 00:11:42,170
Because the 16 64 bit programs each address is a baseline.

130
00:11:43,250 --> 00:11:43,530
Yes.

131
00:11:43,530 --> 00:11:44,450
Why Cuba?

132
00:11:45,440 --> 00:11:50,850
So we follow this Cuba in this assembler and you can see getting more handle.

133
00:11:51,770 --> 00:11:59,350
And you can see this is not a direct reference to an address is actually a jump table and we have GMP

134
00:11:59,350 --> 00:11:59,510
here.

135
00:12:00,950 --> 00:12:08,180
That means whenever you are resolving this function, you actually go to a jump table to jump to the

136
00:12:08,180 --> 00:12:11,390
actual location for the get more, you know, W.

137
00:12:12,680 --> 00:12:12,900
Yeah.

138
00:12:13,040 --> 00:12:19,490
Some functions which are direct to the idea to the function we tie table this Friday's one.

139
00:12:20,640 --> 00:12:26,040
OK, this is also a young team that would be somewhere that you see the knowing Norwegians, but that

140
00:12:26,040 --> 00:12:28,490
actually references the function itself.

141
00:12:28,950 --> 00:12:34,260
So this is to work true on the function lookup table, an input address table.

142
00:12:34,920 --> 00:12:36,540
Thank you for watching.