1
00:00:01,980 --> 00:00:16,830
And lo and behold, come back in this video, I'm going to show you how to reverse C two and also how

2
00:00:16,830 --> 00:00:25,860
to configure Ghidorah to highlight all similar selected labels.

3
00:00:28,560 --> 00:00:38,190
I have my guitar open, so I'm going to try Seeta into the second one.

4
00:00:40,120 --> 00:00:49,410
It has detected the format to be AV file and also a 64 bit program.

5
00:00:50,680 --> 00:00:51,780
That's OK.

6
00:00:55,640 --> 00:00:58,460
And this is the result summary.

7
00:01:00,650 --> 00:01:04,880
Compiler, geeky little engine.

8
00:01:06,250 --> 00:01:10,380
And I say 64 bit less click, OK?

9
00:01:14,120 --> 00:01:16,940
I'm now going to analyze it.

10
00:01:18,520 --> 00:01:23,650
Jason Seeta into the browser Angliss.

11
00:01:30,470 --> 00:01:37,240
Deja vu ask Seeta has not been analyzed, would you like to analyze it?

12
00:01:37,320 --> 00:01:38,780
Now click on.

13
00:01:38,780 --> 00:01:39,290
Yes.

14
00:01:43,210 --> 00:01:46,600
Drug abuse, all the listed scripts.

15
00:01:48,420 --> 00:01:51,570
To analyze, click, analyze.

16
00:01:52,310 --> 00:01:53,940
No need to change anything.

17
00:01:56,410 --> 00:02:03,070
And the bottom right corner shows you the status of the analysis and it has completed.

18
00:02:06,760 --> 00:02:10,240
Now go over to the small tree panel.

19
00:02:11,460 --> 00:02:17,490
And look for the functions, Holder expand on the functions for the.

20
00:02:19,200 --> 00:02:22,800
And scroll down to look for the main function.

21
00:02:25,460 --> 00:02:33,560
Click on the main function and Ghidorah, we showed you this, a similar view in the center panel.

22
00:02:35,810 --> 00:02:41,060
And in the right panel, he said decompiled view in C language.

23
00:02:45,040 --> 00:02:49,510
The barometer for the main function is from.

24
00:02:51,100 --> 00:02:53,360
The signature is wrong.

25
00:02:53,410 --> 00:03:03,610
We are now going to correct it correctly on the main function and select edit function signature.

26
00:03:08,440 --> 00:03:14,440
Change the Barum one signature to Occy.

27
00:03:17,540 --> 00:03:22,610
For argument count and for Paramatta.

28
00:03:25,920 --> 00:03:27,510
Let's change it to.

29
00:03:30,070 --> 00:03:37,930
And free of strings, cha star, star, ARGT, the.

30
00:03:41,290 --> 00:03:41,850
OK.

31
00:03:46,450 --> 00:03:53,380
Now, notice the changes propagate to the parameters, yes.

32
00:03:56,180 --> 00:03:56,930
Over here.

33
00:03:58,640 --> 00:04:02,720
In this line, we see that it is comparing.

34
00:04:03,960 --> 00:04:07,380
The program come on line.

35
00:04:08,500 --> 00:04:16,420
To see whether or not there are two parameters, so let us try to run it first and see what he does.

36
00:04:18,180 --> 00:04:20,640
Click on the terminal to open one.

37
00:04:22,960 --> 00:04:23,770
Close to.

38
00:04:25,470 --> 00:04:27,630
We will use the.

39
00:04:31,850 --> 00:04:42,260
Fund manager over here, right, click on this, you can reach this folder by clicking on the home button

40
00:04:42,950 --> 00:04:49,370
on the home icon and then selecting your section one for the.

41
00:04:50,640 --> 00:05:00,660
The book going to open a terminal in this location, right, click and select open terminal here.

42
00:05:05,460 --> 00:05:07,080
We can now runcie to.

43
00:05:15,010 --> 00:05:17,040
We don't any parameter.

44
00:05:18,010 --> 00:05:23,290
He will display a message saying, please apply the password.

45
00:05:26,590 --> 00:05:28,390
We are now going to play.

46
00:05:30,200 --> 00:05:40,790
A barometer three days and you get a different message, see, we never used a password that shot,

47
00:05:42,860 --> 00:05:52,070
so let's give it a longer password hit enter and he now sees wrong answer.

48
00:05:52,340 --> 00:05:53,180
Try again.

49
00:05:55,560 --> 00:05:58,200
So let's head back to Brazil.

50
00:05:59,890 --> 00:06:11,200
You can select the browser from here and scroll down and select a browser, as you can see.

51
00:06:12,510 --> 00:06:16,830
Oxy is testing right now to Parramatta's.

52
00:06:33,710 --> 00:06:44,540
In this example here, there is only one perimeter, so oxes one, so in this case, because acces not

53
00:06:44,540 --> 00:06:53,960
do it will not execute this, but instead he will go to the spot and put a string.

54
00:06:55,220 --> 00:06:59,090
Beauty is a function to print a string.

55
00:07:01,860 --> 00:07:08,460
It is also known as boot string and boots for boot string.

56
00:07:10,100 --> 00:07:21,170
You put a string principly, please apply the password, which you see here in the second run re-supply

57
00:07:21,590 --> 00:07:24,220
password, eh?

58
00:07:24,980 --> 00:07:30,800
So this time Oxys two, because there are two arguments.

59
00:07:32,990 --> 00:07:43,700
So you enter the if block here instead of the L spot here, if we don't use the string length to function

60
00:07:44,540 --> 00:07:46,730
to calculate the length of the input.

61
00:07:48,210 --> 00:07:54,630
The energy input is starting up the one.

62
00:07:56,080 --> 00:08:07,750
I'm the one is referring to a movie zero, he's referring to the name of the program itself, which

63
00:08:07,750 --> 00:08:08,770
is Setu.

64
00:08:10,390 --> 00:08:21,850
So if you wanted to extract the one they use a in, you must specify ACRI one which is here.

65
00:08:21,920 --> 00:08:22,690
Arkley one.

66
00:08:23,870 --> 00:08:28,220
So that is the meaning of the second parameter to the main function.

67
00:08:30,240 --> 00:08:44,010
So you calculate the length of the perimeter and started in this variable is one two, so we know that

68
00:08:44,010 --> 00:08:48,360
as far to is a variable that starts the length.

69
00:08:49,340 --> 00:08:52,280
Therefore, we can rename it.

70
00:08:53,300 --> 00:08:59,480
Yes, right, click on this variable and select rename variable.

71
00:09:00,630 --> 00:09:06,080
Alternatively, you can also press the handle key on your keyboard.

72
00:09:07,280 --> 00:09:11,740
The key is a shortcut for renaming variables.

73
00:09:12,920 --> 00:09:20,820
Just click on this and now you can rename it to something meaningful length.

74
00:09:25,220 --> 00:09:30,140
Now, when reading this line, it is easier to understand.

75
00:09:30,900 --> 00:09:31,120
Could.

76
00:09:33,220 --> 00:09:35,350
Now, when you click on Link.

77
00:09:37,170 --> 00:09:38,730
This part is not highlighted.

78
00:09:39,880 --> 00:09:43,600
It will be nice if all the lines were highlighted.

79
00:09:44,590 --> 00:09:47,680
So that is easier for us to do analysis.

80
00:09:49,420 --> 00:10:01,810
You can normally highlight all the similar variables by the middle mouse button, but sometimes it doesn't

81
00:10:01,810 --> 00:10:02,160
work.

82
00:10:03,970 --> 00:10:10,900
So in order to fix that, we want it to highlight all the variables that we selected.

83
00:10:11,890 --> 00:10:21,850
By using the left click instead of the middle mouse click to do that, hit over to the edit menu and

84
00:10:21,850 --> 00:10:27,310
click on it and then select two options.

85
00:10:30,870 --> 00:10:33,690
Over here, scroll down to.

86
00:10:34,680 --> 00:10:36,000
Listing feels.

87
00:10:37,510 --> 00:10:39,220
Foda and expen.

88
00:10:43,130 --> 00:10:52,850
Down here, scroll down and look for the property, call those tax highlight and click on it on the

89
00:10:52,850 --> 00:10:55,340
right, you will see that.

90
00:10:56,600 --> 00:10:57,700
There is a.

91
00:10:58,750 --> 00:11:01,150
A few settings that you can set.

92
00:11:02,130 --> 00:11:08,340
The first one is to Aniba because the attacks highlight and the color that you want to use.

93
00:11:10,810 --> 00:11:21,490
And it took nine shochu, which most important to use currently it is set to middle to on the listbox

94
00:11:21,490 --> 00:11:23,770
here and select left.

95
00:11:25,420 --> 00:11:36,130
And then click apply, you can also restore the default settings if you saw the site now click OK.

96
00:11:38,140 --> 00:11:38,770
This time.

97
00:11:39,850 --> 00:11:49,780
When you click on a variable or label, you will highlight all the similar variables inside a listing.

98
00:11:50,650 --> 00:12:01,000
So this is how you can set the Ghidorah to highlight Unsimilar selected LeBeau's.

99
00:12:03,570 --> 00:12:13,400
So that is how we do this and I will stop here for this video and continue with the analysis of this

100
00:12:13,410 --> 00:12:15,420
call in the next video.

101
00:12:16,440 --> 00:12:17,640
Thank you for watching.