1
00:00:00,860 --> 00:00:02,300
Hello and welcome back.

2
00:00:02,870 --> 00:00:08,300
I hope you have given a try on your own to try to solve crimes.

3
00:00:08,410 --> 00:00:09,760
Thirteen.

4
00:00:09,870 --> 00:00:21,640
So anyway here is the lecture for the first week which is this on and this is the easiest to do because

5
00:00:21,670 --> 00:00:23,250
you do need to unpack the file.

6
00:00:24,340 --> 00:00:25,710
So now let's get started.

7
00:00:26,930 --> 00:00:30,550
So the first thing we want to do is confirm that it is packed.

8
00:00:30,950 --> 00:00:34,050
So to do that we can use the techie easy.

9
00:00:34,370 --> 00:00:36,360
So just open the file here.

10
00:00:36,400 --> 00:00:37,370
Hey take it easy

11
00:00:41,740 --> 00:00:43,050
and get it easy.

12
00:00:43,050 --> 00:00:49,260
We'll show you the name of the Packer and it is a duplex.

13
00:00:49,450 --> 00:00:52,120
So this confirms the device back.

14
00:00:52,660 --> 00:00:59,930
Sometimes however the certain authors may use their own customized pecker which may not shop here.

15
00:01:00,150 --> 00:01:03,310
In this case how he shows here it is.

16
00:01:03,760 --> 00:01:15,310
So let's close this now and then before I open the file on me for SCC for I'm going to disable the scalar

17
00:01:15,310 --> 00:01:19,210
height first so just send I started to

18
00:01:22,100 --> 00:01:32,090
and then over here I will go to plug ins scary high options and under the profiles here this and I disable

19
00:01:32,660 --> 00:01:40,120
so you would turn off home the options there's a reason why I'm doing this is so that you can even see

20
00:01:40,120 --> 00:01:44,800
what happens when the debugger is not hidden.

21
00:01:44,890 --> 00:01:49,160
So now you can open the correct me at 18.

22
00:01:49,500 --> 00:01:55,660
So go to um go to granny for the

23
00:01:58,720 --> 00:01:58,990
Hey.

24
00:01:59,010 --> 00:01:59,510
Open it.

25
00:02:00,790 --> 00:02:05,590
Crime 818 and then no that's funny

26
00:02:08,470 --> 00:02:08,870
again.

27
00:02:12,620 --> 00:02:22,580
Okay I have to disable my very points so let me remove my points which I said earlier get Australian

28
00:02:24,230 --> 00:02:35,690
restart run and immediately the software TV bug feature has detected a debugger and shows up a message

29
00:02:35,690 --> 00:02:41,690
box telling you that the debugger is detected and the program will now quit.

30
00:02:42,410 --> 00:02:47,460
So if you click OK The program is terminated debugging stop.

31
00:02:48,560 --> 00:02:58,550
So in order to defeat the entity bug protection and you can use this restart for us and we can use the

32
00:02:58,580 --> 00:02:59,660
plugin.

33
00:02:59,660 --> 00:03:06,580
So now you turn on as I plug in options and here.

34
00:03:06,650 --> 00:03:13,020
So like basic so basically any will all these options apply.

35
00:03:14,340 --> 00:03:15,110
OK.

36
00:03:16,260 --> 00:03:17,400
So just click OK here

37
00:03:20,470 --> 00:03:22,000
and cozy.

38
00:03:22,000 --> 00:03:32,640
So now if you were to run in immediately you see the window showing up it just debugger status a debugger

39
00:03:32,670 --> 00:03:34,770
is not detected.

40
00:03:34,770 --> 00:03:42,850
So now we can go ahead and find the place where the 0 keys in check.

41
00:03:43,620 --> 00:03:46,660
So here we can go ahead and just keen.

42
00:03:46,980 --> 00:03:49,260
And you're wrong zero key.

43
00:03:49,360 --> 00:03:50,360
You click the button.

44
00:03:50,370 --> 00:03:50,760
Check.

45
00:03:52,380 --> 00:03:59,850
So now you get a pop up position showing us that the wrong zero key as we enter.

46
00:04:00,240 --> 00:04:03,240
So we can now go and pass.

47
00:04:03,250 --> 00:04:05,710
We are going to use the Caustic Method.

48
00:04:06,370 --> 00:04:09,200
So we are going to pass it now.

49
00:04:09,720 --> 00:04:10,740
And once is

50
00:04:16,170 --> 00:04:17,310
all right let's try again.

51
00:04:22,720 --> 00:04:23,030
All right.

52
00:04:23,030 --> 00:04:25,120
Sometimes you get this kind of error.

53
00:04:25,160 --> 00:04:38,270
No worries if you see this kind of error just go hang your key here is restart and then run again just

54
00:04:38,270 --> 00:04:42,150
enter clicking click check.

55
00:04:42,160 --> 00:04:47,690
And now the going hit the pass button and this time he has passed.

56
00:04:47,690 --> 00:04:58,620
So in our response you go and is I mean the costing and look for the user more you here in this address

57
00:04:59,250 --> 00:05:11,120
writing on this and click follow from you know here we screwed up you'll see that he.

58
00:05:11,740 --> 00:05:18,890
This subroutine has been called to show this error message.

59
00:05:19,250 --> 00:05:24,640
And the noise coming from the state.

60
00:05:24,990 --> 00:05:26,430
Oh here.

61
00:05:26,440 --> 00:05:30,630
So if you look out for no use here Jamie cohere A.

62
00:05:30,700 --> 00:05:33,750
This is where it is decided to jump.

63
00:05:34,040 --> 00:05:37,720
Ready to jump or not jump.

64
00:05:37,750 --> 00:05:42,250
So basically we wanted to become heavy doing jump.

65
00:05:42,290 --> 00:05:46,980
You show the wrong zero key message.

66
00:05:47,160 --> 00:05:48,120
This is a bad message.

67
00:05:48,120 --> 00:05:49,650
So we wanted to jump.

68
00:05:49,680 --> 00:05:55,120
So this is the way we should patch to make a jump so.

69
00:05:55,520 --> 00:05:59,180
Before we take a note is the address.

70
00:05:59,390 --> 00:06:03,530
Hey this is a place to patch.

71
00:06:03,930 --> 00:06:08,300
So we actually can push her back file.

72
00:06:08,520 --> 00:06:10,560
So we have to unpack it first.

73
00:06:11,070 --> 00:06:14,190
So in this case we are we don't want to unpack it.

74
00:06:14,520 --> 00:06:21,750
So what we do is we need to use a loader to begin the process not a file.

75
00:06:22,560 --> 00:06:30,480
So in order to take the process first we must find out the one byte that you want to patch.

76
00:06:30,480 --> 00:06:40,980
So to do that you double click to assemble although you really can assembly and you file yourself by

77
00:06:40,980 --> 00:06:41,320
UK.

78
00:06:41,330 --> 00:06:44,740
Now assembly just to check whether you want.

79
00:06:44,910 --> 00:06:47,770
So we are going to jump to this address.

80
00:06:47,820 --> 00:06:56,640
So yes I mean I'm sure the address is the same size or smaller and then OK and close it.

81
00:06:58,080 --> 00:07:00,360
So now he comes here he region.

82
00:07:00,960 --> 00:07:09,140
So we can put a break point here and no do not restart if you restart you will lose all this because

83
00:07:09,620 --> 00:07:17,030
the file is packed in whatever is back and you put a brake line you will lose them entry point so do

84
00:07:17,030 --> 00:07:20,720
not restart just go to the program.

85
00:07:20,720 --> 00:07:25,850
So here a little K can run for us.

86
00:07:26,090 --> 00:07:28,810
His only run has an angle here.

87
00:07:29,020 --> 00:07:30,750
Okay.

88
00:07:30,820 --> 00:07:33,590
And then click checking again one more time.

89
00:07:34,660 --> 00:07:40,960
And now you see it has hit our brake point and you can tell that he is going to jump because we just

90
00:07:40,960 --> 00:07:42,080
said a jump here.

91
00:07:43,100 --> 00:07:43,420
All right.

92
00:07:43,930 --> 00:07:54,310
So now we are not going to bash use but we want to get the offset address so we click file although

93
00:07:54,330 --> 00:07:55,440
we are clicking bashful.

94
00:07:55,450 --> 00:07:57,760
We are not actually going to Padgett.

95
00:07:57,990 --> 00:08:00,510
We are just going to a spot.

96
00:08:00,640 --> 00:08:05,980
This uh offset the rest so who here.

97
00:08:06,030 --> 00:08:10,080
I spotted a colleague patch offset.

98
00:08:11,850 --> 00:08:19,520
If you forget how to do this you can go ahead and revise the lessons on this earlier.

99
00:08:20,010 --> 00:08:24,630
So now we saved the page offset and then 1 five spot.

100
00:08:26,160 --> 00:08:31,590
So now we just keep patching because you won't be able to bash a backfire anyway.

101
00:08:31,620 --> 00:08:33,400
So just keep this.

102
00:08:33,510 --> 00:08:37,910
So now just close and we can now going do our load.

103
00:08:38,970 --> 00:08:46,280
So now we go to open our Duke to 0 here.

104
00:08:46,310 --> 00:08:53,020
I mean if you do know how you can do to just refer back and revise her lesson on this.

105
00:08:53,220 --> 00:09:02,450
So definitely do to create a new project click on project view and give a name here.

106
00:09:02,510 --> 00:09:04,210
Great meeting.

107
00:09:04,710 --> 00:09:07,040
And here select the file

108
00:09:09,370 --> 00:09:11,480
to correct me

109
00:09:14,390 --> 00:09:23,380
select the file itself and then oh yeah I just we leave everything as it is click save and then right

110
00:09:23,720 --> 00:09:32,090
select this directly at offset patch so click outside patch.

111
00:09:32,640 --> 00:09:38,790
Now how you frankly edit you can either select edit oh you can just double.

112
00:09:39,910 --> 00:09:42,320
So now your target file is selected.

113
00:09:42,320 --> 00:09:44,770
Again it is this file.

114
00:09:46,660 --> 00:10:00,340
Um who here you select reality which will address and then over here go and open your export partially

115
00:10:00,340 --> 00:10:06,270
offset file using notepad and then the address.

116
00:10:06,380 --> 00:10:14,350
This is the offset address so select the offset address basically in your set issue are you using our

117
00:10:14,350 --> 00:10:21,580
V.A. and any of them by Sony for and you want to patch it to become maybe

118
00:10:24,350 --> 00:10:24,830
all right.

119
00:10:24,830 --> 00:10:32,180
So now you've done that yet if you had any more the vice to pass you just keep adding them here in the

120
00:10:32,180 --> 00:10:36,340
list so that's all for the sponsor we just save.

121
00:10:36,480 --> 00:10:40,720
No no we can save our project

122
00:10:44,060 --> 00:10:50,600
can leave a default name you've done look to extension Harry.

123
00:10:50,630 --> 00:11:02,950
Now we can create a load loader so select project create loader select simple loader OK can the default

124
00:11:02,950 --> 00:11:11,680
name is fine his CV so you can write in now Oh you can write it manually I will only manually cyclic

125
00:11:11,710 --> 00:11:18,870
no go here and run the loader so this the new file and you load that's been created so I just I'm looking

126
00:11:18,880 --> 00:11:30,650
at and now you can enter any key check and your loader has successfully Pash the running process in

127
00:11:30,650 --> 00:11:31,550
the memory.

128
00:11:31,740 --> 00:11:37,800
Note that we are not patching a file here patching a process which is running in memory you can actually

129
00:11:37,800 --> 00:11:47,280
see the process by using task manager click here Tasmania and then when the Tasmanians open select more

130
00:11:47,280 --> 00:11:56,890
details and you can see here trainees 13 years running in memory so you're patching the memory so not

131
00:11:57,040 --> 00:12:01,230
the file Why do I have to here.

132
00:12:01,240 --> 00:12:10,800
Because my my exit for the bikies open sites closes and you see that you'll be one.

133
00:12:11,130 --> 00:12:16,240
So this is the one which is where patching your process in memory set not the file.

134
00:12:17,110 --> 00:12:21,060
OK so that's how this thing works.

135
00:12:21,060 --> 00:12:24,870
Using Lotus and see you in a next one.

136
00:12:25,050 --> 00:12:25,950
Thank you for watching.