1
00:00:00,700 --> 00:00:05,310
So in this we will be passing the headers in the P file.

2
00:00:05,320 --> 00:00:14,950
So in order to load the P file from memory, you need to have that in the binary format so we can work

3
00:00:15,010 --> 00:00:15,700
properly.

4
00:00:16,510 --> 00:00:18,070
So it's easy.

5
00:00:18,070 --> 00:00:24,280
So we can just download the file content using the web calendar download string.

6
00:00:24,280 --> 00:00:31,210
So after downloading you can be passing the file and loading loading into the memory and execute it.

7
00:00:32,990 --> 00:00:38,150
So if you need to do this, you need to go to this pin work and search for all of these headers.

8
00:00:38,510 --> 00:00:49,220
Image Task header and you need to copy this structure because we will be parsing these many bytes,

9
00:00:49,220 --> 00:00:59,390
a number of bytes into this structure to access these members easily because every time we cannot remember

10
00:00:59,390 --> 00:01:12,930
the offsets of this particular file and these offsets offsets changes at this value because of the doorstop.

11
00:01:14,170 --> 00:01:22,090
So that's why we'll be parsing entire content and to get the easy access of values if you.

12
00:01:22,360 --> 00:01:29,500
It takes some time to copy out of this you can just go to this my GitHub repository of insecurity and

13
00:01:29,500 --> 00:01:30,490
go to this offensive.

14
00:01:30,490 --> 00:01:39,190
C-sharp and P 64 is working fine and this 32 it's it's not working I don't know I should be back that

15
00:01:39,190 --> 00:01:47,740
and fix the problems so this is working fine we can go to this, uh, program that sees and copy all

16
00:01:47,740 --> 00:01:51,970
of this starting up to main function.

17
00:01:51,970 --> 00:01:57,760
So copy out of these headers you can see all of the structures, image, file, header, and if we expand

18
00:01:57,760 --> 00:02:03,310
this, we will have all of these the file header members.

19
00:02:03,310 --> 00:02:08,730
So we have already seen in the P file format the same structures.

20
00:02:08,980 --> 00:02:18,970
So I have already copied this before that we will be writing two functions to get the total image size.

21
00:02:18,970 --> 00:02:21,220
So you're going to get total image size.

22
00:02:21,220 --> 00:02:25,510
Using this optional header, you will have size of image.

23
00:02:25,510 --> 00:02:31,690
So this content should be retrieved before loading before we are doing anything.

24
00:02:33,410 --> 00:02:35,150
So let's do that public.

25
00:02:40,510 --> 00:02:42,200
Brick static int.

26
00:02:44,800 --> 00:02:51,700
Get image size of area, so we'll be passing the battery.

27
00:02:52,240 --> 00:02:55,630
So how are you going to get the battery is.

28
00:02:58,770 --> 00:03:03,210
So for demonstration purposes, we can just use.

29
00:03:05,790 --> 00:03:06,810
Fire out.

30
00:03:07,350 --> 00:03:08,700
Read our bytes.

31
00:03:14,940 --> 00:03:15,490
Let's see.

32
00:03:15,620 --> 00:03:17,220
See part is this one.

33
00:03:33,100 --> 00:03:36,460
So we have successfully that the content of this.

34
00:03:37,900 --> 00:03:45,250
Now we can go and pass this into size or size is equal to zero.

35
00:03:46,450 --> 00:03:49,120
And this way you will be returned.

36
00:03:55,320 --> 00:04:00,870
So first, what we're going to do is we need to find this.

37
00:04:04,150 --> 00:04:12,400
E new value because this points to the straight to the DSP header.

38
00:04:13,080 --> 00:04:19,030
So from the P from the starting of the P header, the offsets are always constant.

39
00:04:19,060 --> 00:04:21,220
Only this junk differs.

40
00:04:22,610 --> 00:04:28,190
So this is the 64 bits and this is 60, 61, 62, 63.

41
00:04:28,580 --> 00:04:30,680
So from starting.

42
00:04:36,550 --> 00:04:50,680
So let's declare a bitter by venue of sides for to store these four bites into this area.

43
00:04:50,950 --> 00:04:54,970
So four is zero, i.e. less than four.

44
00:04:55,150 --> 00:04:57,520
Or we can say left a new dot size.

45
00:04:58,530 --> 00:05:00,900
Not when I press press.

46
00:05:00,900 --> 00:05:07,410
So this is a good way of writing the code instead of using a number for.

47
00:05:09,400 --> 00:05:10,540
Of course both are the same.

48
00:05:10,540 --> 00:05:14,890
But whenever you want to change the size, you can change here at one place.

49
00:05:14,950 --> 00:05:16,630
These are changing at both prices.

50
00:05:16,810 --> 00:05:24,820
So we are going to read this offset of 60 because this is a 60, 61, 62, 63.

51
00:05:26,260 --> 00:05:28,480
So Rafael off.

52
00:05:31,470 --> 00:05:32,610
AI is zero.

53
00:05:32,610 --> 00:05:34,800
So we need to add 60.

54
00:05:36,080 --> 00:05:44,090
And then in the next iteration it would be close to one will read the byte 61 to byte so we can assign.

55
00:05:46,060 --> 00:05:49,870
I love a new of I is equals to Rafael.

56
00:05:55,310 --> 00:05:57,110
Now, what we need to do is.

57
00:05:59,400 --> 00:06:00,710
So there is this answer.

58
00:06:00,740 --> 00:06:04,460
So we can click on properties, go to build.

59
00:06:04,460 --> 00:06:06,050
And the answer, of course.

60
00:06:07,340 --> 00:06:07,730
Let's.

61
00:06:14,690 --> 00:06:20,330
I have also imported these functions from previous files.

62
00:06:21,170 --> 00:06:28,880
These are simply the definition you can find in the MSDN to save some time, so you can just copy from

63
00:06:29,210 --> 00:06:30,080
work as well.

64
00:06:32,270 --> 00:06:33,260
There should be.

65
00:06:33,740 --> 00:06:37,950
There should be some changes to be made in the venue apart from being work.

66
00:06:37,970 --> 00:06:40,130
So some parameters are.

67
00:06:42,480 --> 00:06:45,050
Treated as a U.S. point of view.

68
00:06:45,210 --> 00:06:53,690
So whenever you think that should be U.S. that you do so you need to change that to you, that you do.

69
00:06:54,540 --> 00:07:05,190
So anyway, let's we have read the left and you so we can use a bit converter dot to enter that too

70
00:07:05,850 --> 00:07:10,320
because of four bytes and revenue comma zero.

71
00:07:14,930 --> 00:07:16,790
So we need to offset.

72
00:07:26,190 --> 00:07:28,890
We can go and print this new.

73
00:07:31,090 --> 00:07:34,330
And now what we can do is we can say.

74
00:07:38,630 --> 00:07:45,510
Match size is equal to get image size of graphite.

75
00:07:51,480 --> 00:07:53,850
So let's just put into this where you.

76
00:07:55,880 --> 00:07:58,070
And the value is 200.

77
00:08:08,340 --> 00:08:17,730
So it's in a decimal format, so you can go and set two string off character x that represents hexadecimal

78
00:08:17,910 --> 00:08:19,800
and we get the value c it.

79
00:08:22,760 --> 00:08:34,220
So we have this revenue and we need to now calculate the offset to size of image from the P header.

80
00:08:34,580 --> 00:08:42,110
So the signature is four bytes, that is these four bytes and the next 20 bytes are file header.

81
00:08:42,110 --> 00:08:45,830
So these four bytes and next 16 bytes.

82
00:08:45,830 --> 00:08:46,730
So this.

83
00:08:47,790 --> 00:08:48,350
Full

84
00:08:50,920 --> 00:08:51,360
disclosure.

85
00:08:52,260 --> 00:08:58,290
24 bytes are the signature and the file header.

86
00:08:58,290 --> 00:08:59,700
So what we can do is.

87
00:09:03,730 --> 00:09:08,200
We can say your revenue is plus is equal to 24.

88
00:09:08,350 --> 00:09:12,910
So we have advance to this starting of optional header.

89
00:09:12,910 --> 00:09:17,050
So from optional header, we can check.

90
00:09:22,060 --> 00:09:23,830
We can take here the offset.

91
00:09:24,220 --> 00:09:28,020
You can see there are two versions, option 32 and 64.

92
00:09:28,030 --> 00:09:34,750
I'm using the option at 64 and also right click on properties and change this to X 64.

93
00:09:36,870 --> 00:09:39,720
And offset for the image.

94
00:09:39,900 --> 00:09:40,290
Sorry.

95
00:09:42,130 --> 00:09:43,360
Series of images.

96
00:09:45,140 --> 00:09:53,440
Zero 56 Uh, I think it's 60, 60 is the offset, I think.

97
00:09:53,920 --> 00:09:55,900
So let's go and try that.

98
00:09:58,990 --> 00:10:02,010
I think 56 or 56 first.

99
00:10:04,430 --> 00:10:06,740
Press 56.

100
00:10:07,640 --> 00:10:17,990
Now we can go and see a series of images equals to new data for and the same way we are going to read

101
00:10:17,990 --> 00:10:23,420
this four bytes because it's four bytes.

102
00:10:28,380 --> 00:10:30,390
So he's off match.

103
00:10:36,540 --> 00:10:36,830
Ralph.

104
00:10:36,960 --> 00:10:40,230
I love E.L.F.

105
00:10:40,560 --> 00:10:41,250
New.

106
00:10:44,760 --> 00:10:45,570
Plus I.

107
00:10:56,230 --> 00:11:00,550
Let's go and print this size of image.

108
00:11:09,650 --> 00:11:12,350
So let's go and run this one.

109
00:11:13,440 --> 00:11:16,440
And we got the exact value for 190.

110
00:11:29,580 --> 00:11:32,480
And this should be assigned to image size.

111
00:11:32,490 --> 00:11:34,980
That is the returning variable.

112
00:11:37,060 --> 00:11:38,410
Or sequels to.

113
00:11:40,410 --> 00:11:42,180
Now the image size would be here.

114
00:11:42,220 --> 00:11:45,660
Now we can go and print this image size.

115
00:11:47,760 --> 00:11:49,170
16784.

116
00:11:52,060 --> 00:11:54,000
Underwriting is 4190.

117
00:11:54,010 --> 00:11:55,570
So the same value.

118
00:11:56,710 --> 00:11:58,370
Now we are good to go.

119
00:11:58,390 --> 00:12:01,030
We got the image size.

120
00:12:01,990 --> 00:12:05,190
The next thing we want to get this size of.

121
00:12:05,420 --> 00:12:09,520
So you can see the offset is almost same.

122
00:12:09,790 --> 00:12:13,010
Only the differences they see.

123
00:12:13,030 --> 00:12:14,050
So four points.

124
00:12:14,260 --> 00:12:19,510
So what we can do is we can copy and record.

125
00:12:26,660 --> 00:12:36,230
And in the function name to get headers size and you need to add press four to this.

126
00:12:37,550 --> 00:12:42,230
So very simple so you can change the variable names, but it does not matter.

127
00:12:42,470 --> 00:12:43,850
Those are local variables.

128
00:12:44,150 --> 00:12:50,860
Now we can say headers sizes equals to get header size off profile.

129
00:12:53,920 --> 00:12:57,460
Now if you go and print the header size or two string.

130
00:13:01,670 --> 00:13:04,760
And we get the value to 48 and it's too far.

131
00:13:04,940 --> 00:13:10,790
So we got the header size and image size.

132
00:13:13,530 --> 00:13:15,270
So I think we are good to go.

133
00:13:16,350 --> 00:13:25,960
Now, what we're going to do is we are going to we can directly pass our ruff, ruff, ruff, ruff.

134
00:13:26,010 --> 00:13:32,040
But what we're going to do is we are going to allocate some this much amount of memory.

135
00:13:33,370 --> 00:13:35,200
Into the own process.

136
00:13:36,060 --> 00:13:38,150
So that we can marshal easily.

137
00:13:38,160 --> 00:13:39,990
So don't worry.

138
00:13:40,020 --> 00:13:42,650
So let's just to what your Iraq.

139
00:13:45,200 --> 00:13:45,500
Oh.

140
00:13:57,230 --> 00:13:58,940
First one is.

141
00:14:00,870 --> 00:14:01,770
We can pass now.

142
00:14:01,800 --> 00:14:03,900
So the operating system will decide.

143
00:14:15,900 --> 00:14:16,980
Allocation type.

144
00:14:18,620 --> 00:14:26,780
So this is what we're going to do is first we are going to allocate the size of hands because first

145
00:14:26,780 --> 00:14:33,770
we want to parse the headers header size and the next one is allocation type, that is.

146
00:14:36,310 --> 00:14:36,780
Commit.

147
00:14:39,240 --> 00:14:42,600
And the production types are ready to execute.

148
00:14:48,900 --> 00:14:56,060
So what we can do is we can say read, write, and then we can change that to read only buy whatever

149
00:14:56,100 --> 00:15:06,510
product later on when you are writing the headers or you can later at the end of it before executing

150
00:15:06,510 --> 00:15:12,840
the code, you can change that to you can change that section to the executable and then can execute.

151
00:15:13,110 --> 00:15:21,840
But just for the purpose, I'm going to use, read, write, execute for the entire memory.

152
00:15:23,940 --> 00:15:30,310
This gives us the starting address where the block has been allocated.

153
00:15:30,380 --> 00:15:32,460
Let's call this as base address.

154
00:15:32,970 --> 00:15:37,280
So we have allocated some memory and we need to free this memory.

155
00:15:37,290 --> 00:15:40,110
So we need to use whatever for free.

156
00:15:46,780 --> 00:15:48,070
So what's for free?

157
00:15:48,880 --> 00:15:51,310
I already imported.

158
00:15:51,310 --> 00:15:52,300
What are free.

159
00:15:52,330 --> 00:15:58,960
The first is the base address and how much size you want to free and the free time.

160
00:15:59,410 --> 00:16:09,610
So what we're going to do is if we build the if we give the memory list, the entire whole block will

161
00:16:09,610 --> 00:16:10,360
be released.

162
00:16:12,100 --> 00:16:19,090
So the base address and if you give the memories, this size parameter should be zero.

163
00:16:20,090 --> 00:16:20,830
So zero.

164
00:16:20,840 --> 00:16:25,190
And memory is where you use this one.

165
00:16:29,070 --> 00:16:32,940
So let's go and put a break point at this.

166
00:16:33,120 --> 00:16:39,570
So at this module three and let's go and start debugging.

167
00:16:40,080 --> 00:16:45,270
And here we can see the application has been froze.

168
00:16:45,300 --> 00:16:47,850
Now let's go and open a memory window.

169
00:16:49,170 --> 00:16:49,740
Okay.

170
00:16:50,400 --> 00:16:53,040
We don't know the best address because we're not printing.

171
00:16:53,700 --> 00:16:57,060
So let's go and print this.

172
00:17:01,020 --> 00:17:03,390
Memory located at.

173
00:17:08,210 --> 00:17:09,980
We start to string.

174
00:17:15,340 --> 00:17:15,640
Okay.

175
00:17:15,640 --> 00:17:17,410
Now we know the visitors.

176
00:17:20,590 --> 00:17:26,470
Gonna turn this now copy this address and paste here to Xerox.

177
00:17:27,130 --> 00:17:31,420
And here we can see the zeros.

178
00:17:33,870 --> 00:17:34,770
Of our block.

179
00:17:35,070 --> 00:17:39,750
Now, if I go and step into this, we can see what your free has indicated.

180
00:17:39,750 --> 00:17:42,630
And we have this data has been freed.

181
00:17:44,710 --> 00:17:46,660
So let's go and continue this.

182
00:17:48,070 --> 00:17:49,510
Now, what we're going to do is.

183
00:17:49,510 --> 00:17:50,830
We are going to.

184
00:17:57,330 --> 00:18:01,520
Copy the contents from the wrapper so we can do that using Marshall.

185
00:18:01,800 --> 00:18:02,580
Copy.

186
00:18:04,010 --> 00:18:04,340
So.

187
00:18:04,520 --> 00:18:08,720
So the better resource that is, Rafael.

188
00:18:10,390 --> 00:18:15,610
Rafael and the starting index is zero and the destination is where you want to write.

189
00:18:15,610 --> 00:18:20,710
That is at my best address and how much the length you want to write.

190
00:18:20,710 --> 00:18:26,230
So here I'm specifying header size because in this video we are passing on a header size.

191
00:18:29,090 --> 00:18:29,280
Okay.

192
00:18:29,420 --> 00:18:30,920
We have successfully copied.

193
00:18:30,950 --> 00:18:35,600
Now let's go and put a breakpoint at this martial art copy.

194
00:18:35,600 --> 00:18:40,580
And now copy this address.

195
00:18:44,130 --> 00:18:49,680
So you can see we have our zeros before this master copy instruction.

196
00:18:49,680 --> 00:18:52,110
So let's go and execute, step into this.

197
00:18:52,620 --> 00:18:56,580
And here we can see 45 the exact.

198
00:18:57,180 --> 00:19:01,140
So the red color data is the modified bytes.

199
00:19:01,170 --> 00:19:06,480
You can see the exact data has been successfully.

200
00:19:09,490 --> 00:19:11,290
Stored in this memory.

201
00:19:12,160 --> 00:19:15,730
So you can compare here the exact data.

202
00:19:18,170 --> 00:19:22,550
So I continue this and these data will be freed.

203
00:19:31,010 --> 00:19:31,170
Okay.

204
00:19:31,250 --> 00:19:35,720
Since we are putting breakpoints, let me comment on this consolidated key.

205
00:19:35,870 --> 00:19:39,770
Now, we have successfully copied the file into the memory.

206
00:19:39,800 --> 00:19:44,360
Now we can master this structure easily.

207
00:19:44,510 --> 00:19:50,350
Otherwise, you want to find every offset like we have done here.

208
00:19:50,360 --> 00:19:53,360
So it's going to be it's going to take so much time.

209
00:19:55,030 --> 00:19:59,710
So we can see a more shared pointer to structure.

210
00:20:00,460 --> 00:20:06,220
So the pointer is bass address and I want to marshal the tape as.

211
00:20:07,820 --> 00:20:08,600
That's Heather.

212
00:20:15,740 --> 00:20:18,510
So the types image does header.

213
00:20:24,400 --> 00:20:32,530
Now the first 64 bytes have been marshalled into the structure image header.

214
00:20:33,370 --> 00:20:41,050
So that means that first, uh, uh, it will be a red the size constraint too.

215
00:20:41,140 --> 00:20:47,860
So the first bites will be read and will be stored into the structure members.

216
00:20:49,870 --> 00:20:57,700
Now what we can do is we can simply print that does header dot magic magic.

217
00:20:58,980 --> 00:21:00,060
Not to stream.

218
00:21:03,440 --> 00:21:06,170
So you no need to copy.

219
00:21:06,860 --> 00:21:12,170
You can to use for group to copy first to search for bytes and then pass.

220
00:21:14,090 --> 00:21:15,890
Then each and every member.

221
00:21:15,890 --> 00:21:20,240
So you can just directory master this one.

222
00:21:33,330 --> 00:21:40,110
So again, just run this and we can see output EMG.

223
00:21:40,470 --> 00:21:44,700
So I can see ramjet means the magic bytes of p file.

224
00:21:47,560 --> 00:21:57,310
You can also print out those header dot e and venue dot to string.

225
00:22:02,670 --> 00:22:02,970
Okay.

226
00:22:03,090 --> 00:22:04,680
So I didn't have to break point.

227
00:22:06,270 --> 00:22:09,100
Now we can see the value.

228
00:22:09,150 --> 00:22:12,150
So it's very, very easy.

229
00:22:15,140 --> 00:22:19,160
Now we need to pass the next header that is anti header.

230
00:22:19,490 --> 00:22:25,550
So you can say anti header 64 and the header is equal to new anti header.

231
00:22:28,830 --> 00:22:29,530
Then just.

232
00:22:31,440 --> 00:22:39,520
First we need to marshal from this point on what's up to this section headers.

233
00:22:39,810 --> 00:22:40,830
This is the interior.

234
00:22:40,830 --> 00:22:45,630
So interior contains three members that is signature file header and optional header.

235
00:22:46,590 --> 00:22:52,800
So we are marshalling or passing three headers at the same time in a single shot.

236
00:22:53,400 --> 00:23:01,200
So much pointer to structure and the base addresses, base address press.

237
00:23:01,830 --> 00:23:05,550
How much you want to add to this to get to this?

238
00:23:07,370 --> 00:23:09,600
And that means this revenue.

239
00:23:09,920 --> 00:23:16,850
If we add the bass and drums to this venue, you will get to this starting off anti-hero.

240
00:23:17,030 --> 00:23:24,680
So we have already passed this door setter into this structure, so I can just sit down, set dot the

241
00:23:24,950 --> 00:23:25,350
venue.

242
00:23:25,400 --> 00:23:26,860
So it's very simple.

243
00:23:26,870 --> 00:23:30,790
You don't need to again store it in any other variable.

244
00:23:30,800 --> 00:23:33,350
We are directly storing it in the structure itself.

245
00:23:35,180 --> 00:23:40,880
And the type of so into which structure you want to master the.

246
00:23:42,010 --> 00:23:46,660
I want to match it as optional image and Digital 64.

247
00:23:51,640 --> 00:23:58,930
And we can say anti anti header and the type should be cash into this anti headers.

248
00:23:59,650 --> 00:24:00,910
Now it's very easy.

249
00:24:00,910 --> 00:24:09,670
We can just go ahead and print whatever we want and the file header option header signature so we can

250
00:24:09,670 --> 00:24:12,580
print the signature or to string.

251
00:24:16,630 --> 00:24:18,790
So what is the signature?

252
00:24:20,500 --> 00:24:21,980
Of course, this is the P.

253
00:24:28,290 --> 00:24:30,340
So we got, uh, four or 550.

254
00:24:30,390 --> 00:24:31,110
So you can.

255
00:24:34,050 --> 00:24:36,960
We can convert this into normal string as well.

256
00:24:37,470 --> 00:24:40,530
So you can just go ahead and print everything.

257
00:24:40,530 --> 00:24:42,810
So whatever we are interested in.

258
00:24:43,200 --> 00:24:46,410
So you can basically write a parser as well.

259
00:24:52,620 --> 00:24:54,660
So let's go on print.

260
00:24:54,660 --> 00:25:00,600
And he had a dart or fire had a dart number of sections.

261
00:25:00,600 --> 00:25:05,190
So this number of sections will be needed later to map the sections.

262
00:25:05,580 --> 00:25:12,150
But you don't need to store it any in any other variable because we are already having this structure.

263
00:25:12,630 --> 00:25:15,450
So you can go ahead and now print whatever you can.

264
00:25:18,520 --> 00:25:21,010
Now we need to pass the section headers.

265
00:25:22,390 --> 00:25:22,910
All right.

266
00:25:22,910 --> 00:25:30,740
So for that, what we need to do is we need to create an array of section headers because there may

267
00:25:30,740 --> 00:25:32,420
be more than one sections.

268
00:25:34,400 --> 00:25:37,520
I can say a surge is equal to new.

269
00:25:38,240 --> 00:25:39,670
He made section had rough.

270
00:25:39,680 --> 00:25:47,090
So how many of these areas are there that are defined way and RT header dot or file header dot number

271
00:25:47,090 --> 00:25:47,930
of sections.

272
00:25:47,930 --> 00:25:50,690
So if you go to this file header, we have a number of.

273
00:25:51,680 --> 00:25:54,040
Four sections, that is three.

274
00:25:54,050 --> 00:26:00,440
So those many amount of section number of sections we have so we can say anti header dot file header

275
00:26:00,440 --> 00:26:02,000
dot number of sections.

276
00:26:02,660 --> 00:26:07,700
So we have an array of section headers waiting to be filled.

277
00:26:11,380 --> 00:26:16,960
Know what we're going to be for ain't easy cause to grow.

278
00:26:17,230 --> 00:26:24,430
So how many times you want to pass the next upcoming section headers you can see here dot text.

279
00:26:24,730 --> 00:26:27,220
So our dot our data and dot.

280
00:26:28,010 --> 00:26:30,310
If so, there are three sections.

281
00:26:30,580 --> 00:26:32,640
So we're going to loop three.

282
00:26:32,650 --> 00:26:41,650
So these value points to three so we can use this one and the anti header dot.

283
00:26:43,070 --> 00:26:54,530
If I had a number of sections, I press, press and we want to marshal the size of the section header.

284
00:26:54,540 --> 00:27:04,150
So obviously we can just use a set of five is equal to marshal dot pointer to structure.

285
00:27:04,190 --> 00:27:06,740
So how to get the pointer is.

286
00:27:09,800 --> 00:27:15,760
So we how base address press.

287
00:27:17,000 --> 00:27:19,190
When you press.

288
00:27:24,960 --> 00:27:25,930
Press 11.

289
00:27:25,950 --> 00:27:36,630
You go to this one and then what we can do is we can add the sizes of this and the header that file

290
00:27:36,630 --> 00:27:37,710
header, press option header.

291
00:27:37,830 --> 00:27:40,350
So that should give you the.

292
00:27:42,040 --> 00:27:43,530
Offset to this dot x.

293
00:27:43,540 --> 00:27:44,580
So let's go and try the.

294
00:27:48,670 --> 00:27:53,590
Base address press box header dot e left venue.

295
00:27:56,460 --> 00:27:57,570
Protests.

296
00:28:05,440 --> 00:28:08,980
Marcia Dart says off.

297
00:28:17,930 --> 00:28:19,850
And he had a fiery header.

298
00:28:25,650 --> 00:28:26,970
But as.

299
00:28:29,050 --> 00:28:31,210
My shirt says off.

300
00:28:33,690 --> 00:28:35,630
And the signature.

301
00:28:37,730 --> 00:28:42,290
We all know it's 24 by trade, so we can just build it out of this.

302
00:28:47,210 --> 00:28:51,620
So the fire header and the signature are 24 bytes.

303
00:28:53,850 --> 00:28:56,280
And the next one is size of option.

304
00:28:56,640 --> 00:28:58,850
So how do you define the size of option?

305
00:28:59,370 --> 00:29:04,140
Is a .5. size of option.

306
00:29:04,380 --> 00:29:09,450
So this should give you the offset to this first section.

307
00:29:14,990 --> 00:29:16,550
And if you want to

308
00:29:19,940 --> 00:29:29,180
get the offset to the next section, you need to multiply or you need to add the section header structure.

309
00:29:30,410 --> 00:29:36,560
So what we can do is we can say marker dot size off type of.

310
00:29:37,980 --> 00:29:38,460
Section.

311
00:29:40,470 --> 00:29:42,820
And we need to multiply it.

312
00:29:43,170 --> 00:29:46,550
So for the first generation we are multiplying with zero.

313
00:29:46,560 --> 00:29:53,370
So this gives zero and this one is the starting offset of this first section.

314
00:29:53,370 --> 00:29:58,670
In the second iteration, I value takes one and one in the size of section header.

315
00:29:58,710 --> 00:30:01,230
So size of action is 40 bytes?

316
00:30:01,230 --> 00:30:05,310
I think so one in into 40 gives 40.

317
00:30:05,310 --> 00:30:13,200
So from this point onwards we are moving 40 and after that value takes two, two into 40, 80.

318
00:30:13,800 --> 00:30:20,610
This is already the base that is this one base of the first section and press 80, use the third section.

319
00:30:21,370 --> 00:30:23,380
So I hope this is clear.

320
00:30:28,100 --> 00:30:30,590
Now I have to worry about these brackets.

321
00:30:35,430 --> 00:30:36,270
They both.

322
00:30:37,690 --> 00:30:38,150
Section.

323
00:31:15,890 --> 00:31:16,250
So.

324
00:31:16,250 --> 00:31:16,560
Okay.

325
00:31:16,580 --> 00:31:19,520
This is looking ugly.

326
00:31:20,540 --> 00:31:21,200
Uglier.

327
00:32:00,380 --> 00:32:02,630
So let's convert this into two in 64.

328
00:32:46,480 --> 00:32:46,900
Okay.

329
00:32:46,900 --> 00:32:48,940
So that bracket is missing.

330
00:32:50,710 --> 00:32:52,390
So I think we are good to go.

331
00:32:57,230 --> 00:33:02,900
So we up to this point are the sections should be marshaled to this one section.

332
00:33:03,320 --> 00:33:08,270
Now I can verify this as each of a dot.

333
00:33:09,490 --> 00:33:10,060
Nim.

334
00:33:10,060 --> 00:33:13,660
So they should do the name of all the sections.

335
00:33:14,760 --> 00:33:17,040
So let's put the breakpoint and run this.

336
00:33:18,980 --> 00:33:21,020
And we can see the sections.

337
00:33:21,020 --> 00:33:25,070
All of the three sections has been successfully marshalled.

338
00:33:36,650 --> 00:33:39,350
We can also print those sections.

339
00:33:46,920 --> 00:33:48,030
Members.

340
00:33:48,030 --> 00:33:48,740
So.

341
00:33:55,710 --> 00:33:58,980
And you can see 460, 218 hundred.

342
00:34:00,610 --> 00:34:05,110
So we have successfully passed the.

343
00:34:06,460 --> 00:34:07,570
B headers.