1
00:00:01,120 --> 00:00:03,190
Hello and welcome back.

2
00:00:03,190 --> 00:00:12,090
Remember the objective of this correct me is to patch e x value if the correct value.

3
00:00:12,340 --> 00:00:13,300
So let's get started.

4
00:00:15,630 --> 00:00:16,660
That is open.

5
00:00:16,670 --> 00:00:20,640
The correct me the x 60 for the Beattie

6
00:00:24,690 --> 00:00:28,950
and make sure your options are set as follows.

7
00:00:28,950 --> 00:00:34,890
Option references and check system break point and check deal s convex.

8
00:00:35,880 --> 00:00:46,780
And make sure these exceptions he not so we are now and the entry point in that is no trace.

9
00:00:46,820 --> 00:00:52,350
Hillary you over instead of pressing heavy recall that we can do this

10
00:00:55,710 --> 00:01:03,360
so we will all to f it for you all the way until the program is running and you can see the status it

11
00:01:03,360 --> 00:01:10,810
is running and now the last call there was me he is this call.

12
00:01:11,660 --> 00:01:14,440
This is a call because it will run.

13
00:01:14,530 --> 00:01:20,870
So now we should put a brake by here so that we can step into it in the next restart.

14
00:01:20,870 --> 00:01:26,340
The ability to set a break point and necessary start.

15
00:01:26,480 --> 00:01:35,030
Now let's run to our break by clicking run and now we add the break point that is step into it by pressing

16
00:01:35,060 --> 00:01:35,720
F seven

17
00:01:38,960 --> 00:01:48,470
and we want to know what causes the program to be unregistered so we price effort to step through and

18
00:01:48,500 --> 00:01:57,170
of the call and when we come here we see this series of moves to X.

19
00:01:58,260 --> 00:02:02,510
And here is the comparison in the test.

20
00:02:02,940 --> 00:02:12,870
Here you see there is this tree registered and it is also an unregistered string and the jam here in

21
00:02:12,870 --> 00:02:22,690
Germany is over to avoid the good string and goes to the bat string so this is what causes it to be

22
00:02:22,690 --> 00:02:23,460
hungry this.

23
00:02:23,710 --> 00:02:35,280
So that is f a step audits and confirming f now you can press F 9 are playing on this and you can see

24
00:02:35,370 --> 00:02:40,830
it issuing unregistered so it is registered obviously came from here.

25
00:02:42,170 --> 00:02:43,420
Because of this test.

26
00:02:44,310 --> 00:02:53,470
And this test dependent on the value of an E X soonest put a new breakpoint here and restart the program.

27
00:02:55,920 --> 00:03:04,810
Run to our first break point which is this run to our second Bitcoin which is this test so it is this

28
00:03:04,810 --> 00:03:12,710
test here which test whether the he s value is 0 in the past we have seen the test.

29
00:03:12,750 --> 00:03:18,090
Yes comma E X means is x value 0.

30
00:03:18,240 --> 00:03:26,260
So it is asking whether x is 0 so if EMC 0 every say zero reflect the true.

31
00:03:26,270 --> 00:03:28,660
In this case he x is zero.

32
00:03:28,670 --> 00:03:32,230
Therefore the Zero flag is set to 1.

33
00:03:32,270 --> 00:03:39,070
So if you press F it now jam equal just equal to 1.

34
00:03:39,160 --> 00:03:41,480
That means this jam will take place.

35
00:03:41,500 --> 00:03:42,970
It is you will fly is one.

36
00:03:43,000 --> 00:03:46,270
So in this case you reflect this one so easily done.

37
00:03:46,870 --> 00:03:53,790
So over here we can write a comment and this is how you write comments.

38
00:03:53,800 --> 00:03:55,050
You can double click here.

39
00:03:55,060 --> 00:03:58,150
In this column and put a comment

40
00:04:01,010 --> 00:04:12,000
should not John so this is glad you know that you should not jump over here because if you jump you

41
00:04:12,000 --> 00:04:15,660
will land in the back message.

42
00:04:15,660 --> 00:04:22,440
If you were doing John you will go on to show that good message which is called is registered.

43
00:04:22,440 --> 00:04:25,490
So over here we shoot on June 10.

44
00:04:25,650 --> 00:04:28,110
So now the question remains.

45
00:04:28,380 --> 00:04:30,140
We can go up one step further.

46
00:04:30,690 --> 00:04:37,450
What sets it yes value so we can see the expertise to be set over here.

47
00:04:39,350 --> 00:04:48,290
This is a one we says yes value so we can go up here and put a breakpoint but we are not sure whether

48
00:04:48,290 --> 00:04:53,690
or not this instruction will be reached because there is a jam here.

49
00:04:53,710 --> 00:05:01,130
We seem to jump over this instruction so the current rate should be set over here to see whether or

50
00:05:01,130 --> 00:05:05,070
not or why he jumps over this instruction.

51
00:05:05,090 --> 00:05:14,300
This is a good instruction because it says that yes to to give the 80s zero then he will cost these

52
00:05:14,300 --> 00:05:17,920
two jam videos is.

53
00:05:18,150 --> 00:05:21,180
This will not jam because it is not equal to zero.

54
00:05:21,230 --> 00:05:22,700
Therefore this is a good instruction.

55
00:05:22,700 --> 00:05:27,420
We won this but we have to analyse why this is jumping over it.

56
00:05:28,010 --> 00:05:38,700
So we should put a brake point here and we can remove this refine and restarting the program.

57
00:05:38,810 --> 00:05:44,010
Now we run to the first very point I think we can remove the flash point.

58
00:05:45,040 --> 00:05:47,220
Now we run to our second big line.

59
00:05:47,260 --> 00:05:52,990
She's here so you can see it is jumping over these good instruction.

60
00:05:53,000 --> 00:05:59,060
And this only is her should not jump so we can put another comment here.

61
00:05:59,140 --> 00:06:01,310
Yes like how we did earlier.

62
00:06:01,370 --> 00:06:01,570
Yeah.

63
00:06:01,570 --> 00:06:02,460
We put a comma here.

64
00:06:02,470 --> 00:06:07,230
Should not jump this one also should not jump.

65
00:06:08,260 --> 00:06:10,420
So you can write a comment booklet

66
00:06:13,350 --> 00:06:16,650
should not jump click.

67
00:06:16,650 --> 00:06:22,940
OK so here we should not jump just like here.

68
00:06:22,940 --> 00:06:24,180
We should not jump.

69
00:06:24,250 --> 00:06:27,420
So what determines whether this will jump or not.

70
00:06:27,430 --> 00:06:29,850
Again the test is in jump equal.

71
00:06:30,070 --> 00:06:38,500
That means it would jump if the zero flag is equal to one which is in this case the Zero flag is equal

72
00:06:38,500 --> 00:06:41,780
to one because of this tax here.

73
00:06:41,790 --> 00:06:44,650
The test he would check whether he is he to one.

74
00:06:44,660 --> 00:06:46,350
Just like here.

75
00:06:46,350 --> 00:06:48,750
So what sets a year yes.

76
00:06:48,860 --> 00:06:54,650
To be one or not depends on the preceding quote.

77
00:06:56,340 --> 00:07:06,090
So you can see here a most 5 to the X most 5 to his X and the ducks or minus is X from X and store the

78
00:07:06,090 --> 00:07:08,400
result in here x.

79
00:07:08,400 --> 00:07:09,420
These instructions suck.

80
00:07:09,550 --> 00:07:18,570
Yes come is the X means take the value in here X minus from the value of an E X and start resulting

81
00:07:18,690 --> 00:07:19,820
x.

82
00:07:19,860 --> 00:07:28,330
So if easy access on the value five you would take five minus five from here which is zero and install

83
00:07:28,350 --> 00:07:30,120
zero back in x.

84
00:07:30,120 --> 00:07:34,650
So this is what is causing you X to become zero.

85
00:07:34,650 --> 00:07:39,900
And that is that you got to eat X is zero then this region.

86
00:07:39,900 --> 00:07:45,350
So where do you think we should patch here.

87
00:07:45,430 --> 00:07:46,780
So you can batch here.

88
00:07:46,870 --> 00:07:59,220
We must ensure that this instruction either does not happen or we must set the value of yes to anything

89
00:07:59,400 --> 00:08:08,830
other than zero so let me show you one base is set to not be operation which is one option.

90
00:08:08,830 --> 00:08:13,810
And the second option is to move a value one into e x.

91
00:08:13,840 --> 00:08:20,830
So let's try the second option double click and make sure you check on sites give size.

92
00:08:20,860 --> 00:08:22,580
And this is also checked.

93
00:08:22,720 --> 00:08:26,770
Let's move E A X

94
00:08:31,940 --> 00:08:36,690
one and you can see the instruction is bigger by 23 bytes.

95
00:08:36,770 --> 00:08:41,200
That means we can assemble this here because we assembled this evil user.

96
00:08:41,390 --> 00:08:47,860
The two bytes here and then use another bite from here and then we destroy this instruction which we

97
00:08:47,860 --> 00:08:49,800
can do we need this test.

98
00:08:49,810 --> 00:08:52,300
So we don't want to decide this instruction.

99
00:08:52,300 --> 00:08:53,910
So what do we do.

100
00:08:54,100 --> 00:09:04,050
We can move one to a out instead of X a movie to here and we have seen in the earlier lesson that he

101
00:09:04,210 --> 00:09:09,500
is referring to the two bytes down here so this is air.

102
00:09:10,920 --> 00:09:19,490
So if we move one where he actually becomes zero zero zero zero zero zero zero one which is 2 1.

103
00:09:19,500 --> 00:09:20,220
So that is high.

104
00:09:20,250 --> 00:09:22,830
We can do this and you can see the instruction is the same size.

105
00:09:22,860 --> 00:09:24,090
So this is OK.

106
00:09:24,210 --> 00:09:25,290
So we can click or kina

107
00:09:29,110 --> 00:09:30,050
close this.

108
00:09:30,050 --> 00:09:38,500
Now we have assembled more one two here so that is OK so let's go ahead and fetch it file.

109
00:09:38,570 --> 00:09:39,800
That's fine.

110
00:09:40,220 --> 00:09:56,690
Quick batch it a new name correct me seven ish batch C K closes and let's load the file load the batch

111
00:09:56,690 --> 00:10:06,130
FA open and run it and you can see successful test it does not reach registered.

112
00:10:06,360 --> 00:10:15,340
So this is a good lesson on the how to trace you X and how to badging the correct value.

113
00:10:15,510 --> 00:10:24,420
Many programs out day depend on the result of X in order to determine whether or not the surveys are

114
00:10:24,430 --> 00:10:34,440
registered and X is usually set and by a function call which returns and also set and by other comparison

115
00:10:34,790 --> 00:10:41,300
operations which usually starts the result of the operation comparison inside here x.

116
00:10:41,340 --> 00:10:47,820
So by patching x you can actually cause software to become registered.

117
00:10:48,570 --> 00:10:50,030
So thank you for watching.

118
00:10:50,040 --> 00:10:51,420
I'll see you in the next lesson.