1
00:00:00,840 --> 00:00:02,970
Welcome to a new lesson.

2
00:00:02,970 --> 00:00:11,710
Today we are going to analyze the correct me to be the IEEE so before it has to do some housekeeping

3
00:00:12,720 --> 00:00:25,770
did it easy far and you don't need anymore and rename this folder to zero 3 followed by the rest of

4
00:00:25,770 --> 00:00:26,250
the name.

5
00:00:26,330 --> 00:00:32,430
Me too and inside it we have how can we do so to analyze this file.

6
00:00:32,430 --> 00:00:34,770
The FDIC just opened it.

7
00:00:34,770 --> 00:00:35,520
FDIC

8
00:00:40,570 --> 00:00:44,080
and as you can see it's a compile the Microsoft.

9
00:00:44,080 --> 00:00:55,570
We shall see 2 0 1 7 and link the Microsoft link and the entry point offset is at address 0 1 3 d 8

10
00:00:56,080 --> 00:01:01,420
an image bases 4 0 followed by 4 zeros in a day.

11
00:01:01,600 --> 00:01:04,350
So these are the things we need to know.

12
00:01:04,450 --> 00:01:09,860
The entry point so the entry point should be 4 0.

13
00:01:11,070 --> 00:01:20,520
1 3 the 8 and we can confirm that by opening correct me Do you know a 64 BBG

14
00:01:24,310 --> 00:01:30,700
so we can click and run or have 9 to go to the entry point.

15
00:01:30,720 --> 00:01:39,880
But before I make sure that your options preference yes go back and check and make sure your assumptions

16
00:01:39,910 --> 00:01:42,150
are also not.

17
00:01:42,700 --> 00:01:48,430
So if you forgot how to do this is uh simple.

18
00:01:48,760 --> 00:01:49,790
Let me show you again.

19
00:01:49,970 --> 00:01:52,980
Click can range typing eight zeros

20
00:01:57,170 --> 00:01:58,660
and with it s

21
00:02:01,990 --> 00:02:03,180
click OK.

22
00:02:03,480 --> 00:02:06,170
That's how he idea exceptions.

23
00:02:06,280 --> 00:02:07,280
I'll give you DNA.

24
00:02:07,300 --> 00:02:13,960
We cannot press F 9 or click on the run button to run to the entry point.

25
00:02:15,700 --> 00:02:23,680
So we know the entry point to confirming the entry point addresses 4 0 1 3 8

26
00:02:26,680 --> 00:02:29,110
which we got from the analysis.

27
00:02:29,220 --> 00:02:34,960
Did take the easy 4 0 1 3 the 8.

28
00:02:35,260 --> 00:02:35,750
That's it.

29
00:02:36,580 --> 00:02:38,320
So if he ran the program now

30
00:02:43,800 --> 00:02:57,500
you see that this is where we get we'll get a window showing up and leave a message inside the window.

31
00:02:57,510 --> 00:03:05,850
So you reach reach unregistered software please correct me and any of you to click OK.

32
00:03:05,850 --> 00:03:10,690
You were just close so let's run it again.

33
00:03:12,660 --> 00:03:23,050
You click but you say register in the title bar and in the content he will say unregistered software.

34
00:03:23,170 --> 00:03:25,160
Please correct me.

35
00:03:25,300 --> 00:03:26,200
OK.

36
00:03:26,590 --> 00:03:30,400
So this is the behavior of the program.

37
00:03:30,400 --> 00:03:35,350
So in an experiment I'll show you how to start cracking this software.

38
00:03:35,380 --> 00:03:39,290
But in the meantime we do think about how you're gonna push it.

39
00:03:39,310 --> 00:03:46,650
Obviously this always manage to check his status before he starts.

40
00:03:46,660 --> 00:03:51,350
There is at a time he starts he's already checking his status who it is registered on.

41
00:03:51,490 --> 00:03:53,080
So do think about it.

42
00:03:53,080 --> 00:03:55,900
How does it check his status.

43
00:03:55,960 --> 00:03:57,690
See you in the next lesson.

44
00:03:57,700 --> 00:03:58,170
Thank you.

45
00:03:58,170 --> 00:03:58,630
40.