1
00:00:00,400 --> 00:00:06,880
Days now, we are going to find that jump instructions using this morning.

2
00:00:07,680 --> 00:00:11,220
So let me explain in the script.

3
00:00:12,690 --> 00:00:19,590
So first we have this, uh, E.S.P exactly what we want with these characters.

4
00:00:20,430 --> 00:00:21,410
And let's see.

5
00:00:21,870 --> 00:00:32,220
So instead of C, I can put an address that will in IP, I will put the address that will jump to E.S.P,

6
00:00:32,670 --> 00:00:38,820
because E.S.P contains more than 900 words like 980 bytes of space.

7
00:00:38,820 --> 00:00:40,470
We can fill up in this E.S.P.

8
00:00:40,500 --> 00:00:43,400
So this is a very good place to host our circle.

9
00:00:43,740 --> 00:00:50,370
So I will put the address in that introduction point such that whenever, uh, it has been, uh.

10
00:00:52,220 --> 00:00:59,970
Yeah, a do gooder like I read it, read from the program is going to read this address and it will

11
00:00:59,970 --> 00:01:02,130
jump to E.S.P know E.S.P.

12
00:01:02,130 --> 00:01:05,040
Contents are controversial and we will get the.

13
00:01:05,820 --> 00:01:09,890
So to find this dump instructions, we will use moaner in this video.

14
00:01:10,920 --> 00:01:12,420
So what do you want to do?

15
00:01:12,420 --> 00:01:14,790
Is you want to say Monami?

16
00:01:19,970 --> 00:01:26,630
So this year that you are the models that are being used by the application, you can see in detail

17
00:01:27,110 --> 00:01:35,210
and all the can that you do with your day, etc., and it also specifies the space address, address

18
00:01:35,420 --> 00:01:36,200
and the signs.

19
00:01:36,800 --> 00:01:42,330
And these are the security mechanisms that has been, uh, implemented.

20
00:01:42,770 --> 00:01:44,030
So this is the reverse.

21
00:01:44,360 --> 00:01:51,500
The starting base will be changed on the computer restart and also services, which is used to avoid

22
00:01:51,500 --> 00:01:56,270
this as it exploits and is leader and then next combat and always be alert.

23
00:01:56,360 --> 00:02:03,650
So you need to select the module from which these are first.

24
00:02:04,010 --> 00:02:13,410
So because these are good mitigations, will invite over Chalco so you can see Iesus contents every

25
00:02:13,430 --> 00:02:15,000
security mechanism of.

26
00:02:15,470 --> 00:02:25,130
So now we can find in this module about the jump ESPN Judson's because E.S.P contains so much code,

27
00:02:25,160 --> 00:02:27,380
we can be we can host Ultracal.

28
00:02:27,560 --> 00:02:32,520
If Eastlakes contains so much space, we can directly jump to you.

29
00:02:33,140 --> 00:02:39,020
So to find jump instructions you can say jump minus are so why not jump minus.

30
00:02:39,020 --> 00:02:47,390
Are you two are with the space register and minus some uh in the space with uh module name.

31
00:02:51,990 --> 00:02:59,110
So now what we're going to do is we are going to asking why to jump, to find the jump to reach years

32
00:02:59,280 --> 00:03:01,170
in the Middle East as one great deal.

33
00:03:01,560 --> 00:03:09,140
If you see you log and you can see these are the addresses I can use in our expert to jump to E.S.P.

34
00:03:10,020 --> 00:03:11,760
So we got a bunch of others.

35
00:03:11,760 --> 00:03:14,070
We can use any of these nine pointers.

36
00:03:14,460 --> 00:03:20,850
And you can see these are the backcourts free and you can also mentioned the backorders here.

37
00:03:22,020 --> 00:03:26,010
But we can just see that there is no null pointer in here.

38
00:03:26,130 --> 00:03:28,800
Let me copy this copy address.

39
00:03:30,520 --> 00:03:32,260
And let's put it in here.

40
00:03:38,310 --> 00:03:39,600
So this is the jump.

41
00:03:41,520 --> 00:03:45,090
So this is how you find the jump instructions using this.

42
00:03:45,540 --> 00:03:50,640
You can also if you jump to your speed to such an armadas.

43
00:04:03,500 --> 00:04:12,560
Oh, so you log to see the likes of this one can see we have got the 40 points, only 20 pandas are

44
00:04:12,560 --> 00:04:13,030
shown here.

45
00:04:13,040 --> 00:04:16,250
So we need to open this door to get to our point.

46
00:04:16,610 --> 00:04:20,180
So these are the addresses from our other dealers.

47
00:04:20,180 --> 00:04:24,440
But we do not need that because the security mechanisms for other dealers are true.

48
00:04:24,440 --> 00:04:27,740
And for users, they are us.

49
00:04:28,100 --> 00:04:28,890
They are not there.

50
00:04:29,330 --> 00:04:32,950
So that's why we have found only the users.

51
00:04:33,980 --> 00:04:39,740
So that's how you found you find the dump instructions or any other instructions.

52
00:04:41,160 --> 00:04:45,200
We'll also see how to find it using the don't worry about that.

53
00:04:45,620 --> 00:04:51,830
So to find the jumpseat, you need to use the one that is the one where to find the dump instructions.