1

00:00:00,770 --> 00:00:01,580

Hello, welcome.



2

00:00:01,910 --> 00:00:07,770

In this video, we are going to scrutinize correct one to make it run wide open.



3

00:00:07,790 --> 00:00:08,810

Microsoft binte.



4

00:00:09,380 --> 00:00:16,100

So Microsoft pinnies program in your C Windows system, three to four year, you will find use Microsoft



5

00:00:16,100 --> 00:00:16,850

being programmed.



6

00:00:17,750 --> 00:00:21,500

So Kimie, one is the father here.



7

00:00:22,070 --> 00:00:24,920

If you run it, he just opens a normal cookie.



8

00:00:26,030 --> 00:00:29,420

You can give anything you check and give to the wrong zero key.



9

00:00:30,710 --> 00:00:31,640

So let's get started.



10

00:00:32,480 --> 00:00:36,470

We first opened a ST2 dbg.



11

00:00:38,930 --> 00:00:45,860

And then of Shane's preference, certainly entry point is set and then open your.



12

00:00:47,250 --> 00:00:48,000

Creamy one.



13

00:00:51,370 --> 00:00:54,160

Now, your entry point put a breakpoint here.



14

00:00:55,340 --> 00:01:01,310

You point out the Danny Netskope, a few lines here to see how many lines are going to overwrite.



15

00:01:01,700 --> 00:01:12,770

Then he put a jump, so rightly copy selection, then open you look back and basically into your back



16

00:01:15,590 --> 00:01:23,690

and is now rehung for our cookie is until you see all zeros in this column.



17

00:01:35,800 --> 00:01:38,110

There you go here.



18

00:01:41,680 --> 00:01:44,700

So this is a stunner you could case here.



19

00:01:45,250 --> 00:01:50,400

This is all the attempt by the debugger to make sense of zero zero zero.



20

00:01:50,440 --> 00:01:54,340

So this is not real, not real assembly code.



21

00:01:55,980 --> 00:02:04,920

So he put a breakpoint, you have to recognize, address, copy and put it in our Noot.



22

00:02:08,990 --> 00:02:13,970

OK, now we go back up to our entry point,



23

00:02:16,850 --> 00:02:27,980

assemble and jump to our quickly to assemble the jump press space anikeeva and that JMB type zero X



24

00:02:28,610 --> 00:02:30,770

and then paste your address.



25

00:02:31,450 --> 00:02:32,090

You copy.



26

00:02:36,340 --> 00:02:40,900

This is your quote, Keith Recreant Pace, so this Contrave.



27

00:02:42,310 --> 00:02:46,840

Make sure you check for, you know, because you want to see what he overwrites.



28

00:02:47,500 --> 00:02:54,040

So oppositely if you assemble the gym, it's going to overwrite this call, which we have to replace



29

00:02:54,040 --> 00:02:54,220

it.



30

00:02:54,220 --> 00:02:56,230

Time being OK.



31

00:02:57,160 --> 00:02:57,480

All right.



32

00:02:57,490 --> 00:03:00,430

So you just overwrites one instruction.



33

00:03:00,440 --> 00:03:05,680

So the only instruction you have to replace is this instruction.



34

00:03:06,970 --> 00:03:08,470

So the rest are still safe.



35

00:03:09,070 --> 00:03:09,360

OK.



36

00:03:10,150 --> 00:03:12,040

And then this all we can delete.



37

00:03:16,550 --> 00:03:24,050

So at an insider good care, we have to insert this instruction and then you jump to this address.



38

00:03:25,880 --> 00:03:31,400

So we just put it there first to remind ourselves that these are two things you need to insert in a



39

00:03:31,400 --> 00:03:39,260

court case later on in order to be able to continue with the original court execution.



40

00:03:41,090 --> 00:03:50,840

So inside a court, the first thing to do is to push Haiti and then push Avdi and then put your shellcode.



41

00:03:52,580 --> 00:04:01,670

Can you need to put the ball aidi and then put this thrashing?



42

00:04:03,700 --> 00:04:08,050

After they put this instruction, they say that's all we need to do.



43

00:04:08,410 --> 00:04:09,310

So let's do that now.



44

00:04:12,350 --> 00:04:14,000

So you are here.



45

00:04:14,240 --> 00:04:15,980

You click on this, you see the red line.



46

00:04:17,240 --> 00:04:23,240

It means he's going to jump to Sherko so you can follow it by double clicking this or pressing enter.



47

00:04:25,070 --> 00:04:27,370

OK, so now you're here and beaning of your circle.



48

00:04:28,730 --> 00:04:35,060

So a press piece and then they push it, push it.



49

00:04:35,180 --> 00:04:39,410

We save the content of higher registers by pushing it to the stake.



50

00:04:39,950 --> 00:04:45,170

We need to do that because later on we want to resume the original program.



51

00:04:45,410 --> 00:04:48,620

So we need to put back all this step.



52

00:04:49,250 --> 00:04:52,040

The registers were in before we jumped to our shortcut.



53

00:04:54,530 --> 00:05:02,740

OK, OK, next one is Bush Afy Bush, I did receive the register a flex.



54

00:05:03,830 --> 00:05:05,570

Which is just one, two, four, four.



55

00:05:07,460 --> 00:05:07,850

OK.



56

00:05:10,750 --> 00:05:14,830

So the next one is you can put out what you say here.



57

00:05:15,370 --> 00:05:22,660

So to get your shako, we open our Chalco here with her hexameter.



58

00:05:28,020 --> 00:05:28,550

Like this.



59

00:05:29,130 --> 00:05:36,320

And then we do the right column, so we click on view and visible columns, select hexagon.



60

00:05:37,920 --> 00:05:39,360

Then we need to copy this.



61

00:05:41,140 --> 00:05:42,790

Including the zero zero.



62

00:05:43,090 --> 00:05:43,790

And important.



63

00:05:44,340 --> 00:05:47,560

This is important because it is at the end of the string.



64

00:05:48,560 --> 00:05:54,810

How a chocolate and give her the name of the program once F-Secure, which is a string actually, and



65

00:05:54,820 --> 00:05:57,490

has been followed by another minute.



66

00:05:58,000 --> 00:05:59,950

So another matter, the string.



67

00:05:59,960 --> 00:06:02,470

This why you must make sure you include it.



68

00:06:03,520 --> 00:06:04,780

So this is a one by one.



69

00:06:05,170 --> 00:06:06,910

So we copy Rackley.



70

00:06:08,810 --> 00:06:10,250

Copy this.



71

00:06:10,970 --> 00:06:17,010

And then we come back to how here we are going to insert our Chalco here.



72

00:06:17,080 --> 00:06:19,340

So you select this line.



73

00:06:20,430 --> 00:06:22,290

And then scroll down.



74

00:06:26,880 --> 00:06:33,610

No need to go all the way to the bottom somewhere here, we do make sure you select enough by morning



75

00:06:33,610 --> 00:06:36,630

196 because our schedule is only six.



76

00:06:36,810 --> 00:06:42,510

Vice President, hold down the shift key and click here to select all this.



77

00:06:43,670 --> 00:06:46,040

Now, Rackley binary.



78

00:06:47,030 --> 00:06:48,410

And then edit.



79

00:06:49,930 --> 00:06:55,960

And then here he sure is like the first by Contrave to pace your shellcode.



80

00:06:57,760 --> 00:06:58,750

So now you see.



81

00:07:00,580 --> 00:07:12,070

Compared with your Hex editor at first base FC, FC, FC, there are some eighty six five zero zero



82

00:07:12,070 --> 00:07:15,930

your last two base, six five zero zero, OK.



83

00:07:19,030 --> 00:07:19,900

I can go back up.



84

00:07:25,360 --> 00:07:26,200

OK, there you go.



85

00:07:28,240 --> 00:07:32,110

So this I wish I could start from F.S. here.



86

00:07:33,970 --> 00:07:38,950

And three six five zero zero zero zero here is part of the show.



87

00:07:40,330 --> 00:07:45,880

So next instruction, you start here, not here, because if you stay here, you all right in Dallas



88

00:07:45,880 --> 00:07:46,120

and by.



89

00:07:47,550 --> 00:07:55,840

So we start here and this is where we can assemble from F.D. Press, the spacebar top heavy.



90

00:07:58,830 --> 00:08:04,620

And then next one will be pop Haiti in reverse order.



91

00:08:06,230 --> 00:08:10,300

OK, is in reverse order from the Bush because he's stuck here.



92

00:08:10,400 --> 00:08:12,020

Push, push and push ahead.



93

00:08:13,130 --> 00:08:17,300

And then here you reverse it from the fallout from Haiti.



94

00:08:18,380 --> 00:08:26,450

OK, so now next one, we are going to insert the quote, the overeaten and is done.



95

00:08:27,710 --> 00:08:32,300

So just to remind you, we all written this.



96

00:08:32,870 --> 00:08:38,180

This line is caught in the entry point, so we have to put it back now.



97

00:08:38,810 --> 00:08:46,640

So what we do is we hear a symbol call zero X.



98

00:08:48,500 --> 00:08:50,690

And then copy this address.



99

00:08:53,930 --> 00:09:01,580

Right click, copy and put it back here like right click, OK?



100

00:09:02,360 --> 00:09:02,670

Right.



101

00:09:02,690 --> 00:09:08,420

So this is to call obviously overwritten at the start of the entry point when we assemble a jump, just



102

00:09:08,420 --> 00:09:09,260

to remind you.



103

00:09:12,040 --> 00:09:18,610

Originally that was a call here, but we changed it to a jam because he they jumped to our shock, to



104

00:09:18,610 --> 00:09:19,160

our cookie.



105

00:09:19,180 --> 00:09:23,200

So now you had to pull back the instruction overwritten.



106

00:09:26,790 --> 00:09:29,420

OK, that's the purpose of this.



107

00:09:30,320 --> 00:09:37,630

Now, the next thing you want to do is to jump back to this right so called place.



108

00:09:38,650 --> 00:09:40,880

This is address at the entry point.



109

00:09:41,990 --> 00:09:44,540

So copy puti here.



110

00:09:45,890 --> 00:09:48,550

Press spacebar and pace.



111

00:09:49,100 --> 00:09:52,580

And remember, to put your accent in front, because this is hex.



112

00:09:54,160 --> 00:09:56,500

And you no need to feel guilty.



113

00:09:57,640 --> 00:09:58,030

All right.



114

00:09:58,420 --> 00:10:05,950

So the purpose of this term is to if I click on it, I can fully, easily jump back to the beginning



115

00:10:05,950 --> 00:10:08,950

of the entry point just after you jumped the shark.



116

00:10:08,950 --> 00:10:13,510

We see here, we jump to the cookie and here we're coming back from the cookie.



117

00:10:14,260 --> 00:10:14,590

All right.



118

00:10:15,040 --> 00:10:17,890

So that is the meaning of this.



119

00:10:20,050 --> 00:10:21,400

All right, so.



120

00:10:23,710 --> 00:10:27,940

For who uncrazy for his to check, make sure he got it right.



121

00:10:31,210 --> 00:10:31,850

All right, great.



122

00:10:32,350 --> 00:10:34,930

So now we are ready to veggie.



123

00:10:36,640 --> 00:10:37,870

So let's patch it.



124

00:10:39,470 --> 00:10:40,040

Big match.



125

00:10:41,380 --> 00:10:43,430

Evening goalie cracked me to



126

00:10:48,080 --> 00:10:48,310

say.



127

00:10:49,700 --> 00:10:53,990

Now make sure that all the pages are black, sometimes you get less.



128

00:10:54,320 --> 00:10:59,480

No touchscreen like probably like one night out of two or five or something like that.



129

00:10:59,720 --> 00:11:04,660

EVC then that means your cookie is not big enough for you to fetch.



130

00:11:05,510 --> 00:11:05,780

Right.



131

00:11:06,460 --> 00:11:06,890

OK.



132

00:11:09,010 --> 00:11:18,770

He goes, no, you can stop this and then open your independent fire so you open a new new file and



133

00:11:18,770 --> 00:11:21,890

fix the exit doors.



134

00:11:21,890 --> 00:11:26,900

SHACKLEY Now if you run, you see, I can assure you, I mean, keep open.



135

00:11:29,760 --> 00:11:30,890

Rohini Rano.



136

00:11:32,100 --> 00:11:34,470

How shall Covid launch Microsoft Paint?



137

00:11:35,580 --> 00:11:39,720

And then you see Microsoft being run by the correct me when they cease.



138

00:11:39,930 --> 00:11:41,970

So there is something wrong we have to fix.



139

00:11:42,390 --> 00:11:44,550

And who do that in the next lesson?



140

00:11:44,970 --> 00:11:45,900

Thank you for watching.