1 00:00:00,860 --> 00:00:02,300 Hello and welcome back. 2 00:00:02,870 --> 00:00:08,300 I hope you have given a try on your own to try to solve crimes. 3 00:00:08,410 --> 00:00:09,760 Thirteen. 4 00:00:09,870 --> 00:00:21,640 So anyway here is the lecture for the first week which is this on and this is the easiest to do because 5 00:00:21,670 --> 00:00:23,250 you do need to unpack the file. 6 00:00:24,340 --> 00:00:25,710 So now let's get started. 7 00:00:26,930 --> 00:00:30,550 So the first thing we want to do is confirm that it is packed. 8 00:00:30,950 --> 00:00:34,050 So to do that we can use the techie easy. 9 00:00:34,370 --> 00:00:36,360 So just open the file here. 10 00:00:36,400 --> 00:00:37,370 Hey take it easy 11 00:00:41,740 --> 00:00:43,050 and get it easy. 12 00:00:43,050 --> 00:00:49,260 We'll show you the name of the Packer and it is a duplex. 13 00:00:49,450 --> 00:00:52,120 So this confirms the device back. 14 00:00:52,660 --> 00:00:59,930 Sometimes however the certain authors may use their own customized pecker which may not shop here. 15 00:01:00,150 --> 00:01:03,310 In this case how he shows here it is. 16 00:01:03,760 --> 00:01:15,310 So let's close this now and then before I open the file on me for SCC for I'm going to disable the scalar 17 00:01:15,310 --> 00:01:19,210 height first so just send I started to 18 00:01:22,100 --> 00:01:32,090 and then over here I will go to plug ins scary high options and under the profiles here this and I disable 19 00:01:32,660 --> 00:01:40,120 so you would turn off home the options there's a reason why I'm doing this is so that you can even see 20 00:01:40,120 --> 00:01:44,800 what happens when the debugger is not hidden. 21 00:01:44,890 --> 00:01:49,160 So now you can open the correct me at 18. 22 00:01:49,500 --> 00:01:55,660 So go to um go to granny for the 23 00:01:58,720 --> 00:01:58,990 Hey. 24 00:01:59,010 --> 00:01:59,510 Open it. 25 00:02:00,790 --> 00:02:05,590 Crime 818 and then no that's funny 26 00:02:08,470 --> 00:02:08,870 again. 27 00:02:12,620 --> 00:02:22,580 Okay I have to disable my very points so let me remove my points which I said earlier get Australian 28 00:02:24,230 --> 00:02:35,690 restart run and immediately the software TV bug feature has detected a debugger and shows up a message 29 00:02:35,690 --> 00:02:41,690 box telling you that the debugger is detected and the program will now quit. 30 00:02:42,410 --> 00:02:47,460 So if you click OK The program is terminated debugging stop. 31 00:02:48,560 --> 00:02:58,550 So in order to defeat the entity bug protection and you can use this restart for us and we can use the 32 00:02:58,580 --> 00:02:59,660 plugin. 33 00:02:59,660 --> 00:03:06,580 So now you turn on as I plug in options and here. 34 00:03:06,650 --> 00:03:13,020 So like basic so basically any will all these options apply. 35 00:03:14,340 --> 00:03:15,110 OK. 36 00:03:16,260 --> 00:03:17,400 So just click OK here 37 00:03:20,470 --> 00:03:22,000 and cozy. 38 00:03:22,000 --> 00:03:32,640 So now if you were to run in immediately you see the window showing up it just debugger status a debugger 39 00:03:32,670 --> 00:03:34,770 is not detected. 40 00:03:34,770 --> 00:03:42,850 So now we can go ahead and find the place where the 0 keys in check. 41 00:03:43,620 --> 00:03:46,660 So here we can go ahead and just keen. 42 00:03:46,980 --> 00:03:49,260 And you're wrong zero key. 43 00:03:49,360 --> 00:03:50,360 You click the button. 44 00:03:50,370 --> 00:03:50,760 Check. 45 00:03:52,380 --> 00:03:59,850 So now you get a pop up position showing us that the wrong zero key as we enter. 46 00:04:00,240 --> 00:04:03,240 So we can now go and pass. 47 00:04:03,250 --> 00:04:05,710 We are going to use the Caustic Method. 48 00:04:06,370 --> 00:04:09,200 So we are going to pass it now. 49 00:04:09,720 --> 00:04:10,740 And once is 50 00:04:16,170 --> 00:04:17,310 all right let's try again. 51 00:04:22,720 --> 00:04:23,030 All right. 52 00:04:23,030 --> 00:04:25,120 Sometimes you get this kind of error. 53 00:04:25,160 --> 00:04:38,270 No worries if you see this kind of error just go hang your key here is restart and then run again just 54 00:04:38,270 --> 00:04:42,150 enter clicking click check. 55 00:04:42,160 --> 00:04:47,690 And now the going hit the pass button and this time he has passed. 56 00:04:47,690 --> 00:04:58,620 So in our response you go and is I mean the costing and look for the user more you here in this address 57 00:04:59,250 --> 00:05:11,120 writing on this and click follow from you know here we screwed up you'll see that he. 58 00:05:11,740 --> 00:05:18,890 This subroutine has been called to show this error message. 59 00:05:19,250 --> 00:05:24,640 And the noise coming from the state. 60 00:05:24,990 --> 00:05:26,430 Oh here. 61 00:05:26,440 --> 00:05:30,630 So if you look out for no use here Jamie cohere A. 62 00:05:30,700 --> 00:05:33,750 This is where it is decided to jump. 63 00:05:34,040 --> 00:05:37,720 Ready to jump or not jump. 64 00:05:37,750 --> 00:05:42,250 So basically we wanted to become heavy doing jump. 65 00:05:42,290 --> 00:05:46,980 You show the wrong zero key message. 66 00:05:47,160 --> 00:05:48,120 This is a bad message. 67 00:05:48,120 --> 00:05:49,650 So we wanted to jump. 68 00:05:49,680 --> 00:05:55,120 So this is the way we should patch to make a jump so. 69 00:05:55,520 --> 00:05:59,180 Before we take a note is the address. 70 00:05:59,390 --> 00:06:03,530 Hey this is a place to patch. 71 00:06:03,930 --> 00:06:08,300 So we actually can push her back file. 72 00:06:08,520 --> 00:06:10,560 So we have to unpack it first. 73 00:06:11,070 --> 00:06:14,190 So in this case we are we don't want to unpack it. 74 00:06:14,520 --> 00:06:21,750 So what we do is we need to use a loader to begin the process not a file. 75 00:06:22,560 --> 00:06:30,480 So in order to take the process first we must find out the one byte that you want to patch. 76 00:06:30,480 --> 00:06:40,980 So to do that you double click to assemble although you really can assembly and you file yourself by 77 00:06:40,980 --> 00:06:41,320 UK. 78 00:06:41,330 --> 00:06:44,740 Now assembly just to check whether you want. 79 00:06:44,910 --> 00:06:47,770 So we are going to jump to this address. 80 00:06:47,820 --> 00:06:56,640 So yes I mean I'm sure the address is the same size or smaller and then OK and close it. 81 00:06:58,080 --> 00:07:00,360 So now he comes here he region. 82 00:07:00,960 --> 00:07:09,140 So we can put a break point here and no do not restart if you restart you will lose all this because 83 00:07:09,620 --> 00:07:17,030 the file is packed in whatever is back and you put a brake line you will lose them entry point so do 84 00:07:17,030 --> 00:07:20,720 not restart just go to the program. 85 00:07:20,720 --> 00:07:25,850 So here a little K can run for us. 86 00:07:26,090 --> 00:07:28,810 His only run has an angle here. 87 00:07:29,020 --> 00:07:30,750 Okay. 88 00:07:30,820 --> 00:07:33,590 And then click checking again one more time. 89 00:07:34,660 --> 00:07:40,960 And now you see it has hit our brake point and you can tell that he is going to jump because we just 90 00:07:40,960 --> 00:07:42,080 said a jump here. 91 00:07:43,100 --> 00:07:43,420 All right. 92 00:07:43,930 --> 00:07:54,310 So now we are not going to bash use but we want to get the offset address so we click file although 93 00:07:54,330 --> 00:07:55,440 we are clicking bashful. 94 00:07:55,450 --> 00:07:57,760 We are not actually going to Padgett. 95 00:07:57,990 --> 00:08:00,510 We are just going to a spot. 96 00:08:00,640 --> 00:08:05,980 This uh offset the rest so who here. 97 00:08:06,030 --> 00:08:10,080 I spotted a colleague patch offset. 98 00:08:11,850 --> 00:08:19,520 If you forget how to do this you can go ahead and revise the lessons on this earlier. 99 00:08:20,010 --> 00:08:24,630 So now we saved the page offset and then 1 five spot. 100 00:08:26,160 --> 00:08:31,590 So now we just keep patching because you won't be able to bash a backfire anyway. 101 00:08:31,620 --> 00:08:33,400 So just keep this. 102 00:08:33,510 --> 00:08:37,910 So now just close and we can now going do our load. 103 00:08:38,970 --> 00:08:46,280 So now we go to open our Duke to 0 here. 104 00:08:46,310 --> 00:08:53,020 I mean if you do know how you can do to just refer back and revise her lesson on this. 105 00:08:53,220 --> 00:09:02,450 So definitely do to create a new project click on project view and give a name here. 106 00:09:02,510 --> 00:09:04,210 Great meeting. 107 00:09:04,710 --> 00:09:07,040 And here select the file 108 00:09:09,370 --> 00:09:11,480 to correct me 109 00:09:14,390 --> 00:09:23,380 select the file itself and then oh yeah I just we leave everything as it is click save and then right 110 00:09:23,720 --> 00:09:32,090 select this directly at offset patch so click outside patch. 111 00:09:32,640 --> 00:09:38,790 Now how you frankly edit you can either select edit oh you can just double. 112 00:09:39,910 --> 00:09:42,320 So now your target file is selected. 113 00:09:42,320 --> 00:09:44,770 Again it is this file. 114 00:09:46,660 --> 00:10:00,340 Um who here you select reality which will address and then over here go and open your export partially 115 00:10:00,340 --> 00:10:06,270 offset file using notepad and then the address. 116 00:10:06,380 --> 00:10:14,350 This is the offset address so select the offset address basically in your set issue are you using our 117 00:10:14,350 --> 00:10:21,580 V.A. and any of them by Sony for and you want to patch it to become maybe 118 00:10:24,350 --> 00:10:24,830 all right. 119 00:10:24,830 --> 00:10:32,180 So now you've done that yet if you had any more the vice to pass you just keep adding them here in the 120 00:10:32,180 --> 00:10:36,340 list so that's all for the sponsor we just save. 121 00:10:36,480 --> 00:10:40,720 No no we can save our project 122 00:10:44,060 --> 00:10:50,600 can leave a default name you've done look to extension Harry. 123 00:10:50,630 --> 00:11:02,950 Now we can create a load loader so select project create loader select simple loader OK can the default 124 00:11:02,950 --> 00:11:11,680 name is fine his CV so you can write in now Oh you can write it manually I will only manually cyclic 125 00:11:11,710 --> 00:11:18,870 no go here and run the loader so this the new file and you load that's been created so I just I'm looking 126 00:11:18,880 --> 00:11:30,650 at and now you can enter any key check and your loader has successfully Pash the running process in 127 00:11:30,650 --> 00:11:31,550 the memory. 128 00:11:31,740 --> 00:11:37,800 Note that we are not patching a file here patching a process which is running in memory you can actually 129 00:11:37,800 --> 00:11:47,280 see the process by using task manager click here Tasmania and then when the Tasmanians open select more 130 00:11:47,280 --> 00:11:56,890 details and you can see here trainees 13 years running in memory so you're patching the memory so not 131 00:11:57,040 --> 00:12:01,230 the file Why do I have to here. 132 00:12:01,240 --> 00:12:10,800 Because my my exit for the bikies open sites closes and you see that you'll be one. 133 00:12:11,130 --> 00:12:16,240 So this is the one which is where patching your process in memory set not the file. 134 00:12:17,110 --> 00:12:21,060 OK so that's how this thing works. 135 00:12:21,060 --> 00:12:24,870 Using Lotus and see you in a next one. 136 00:12:25,050 --> 00:12:25,950 Thank you for watching.