1
00:00:00,560 --> 00:00:07,850
Hello and welcome to a new lesson in this lesson, I'm going to show you when to use the spy and how

2
00:00:07,850 --> 00:00:16,840
to use spy before you use the spy you need to use in order to to identify whether he said on that application.

3
00:00:17,630 --> 00:00:21,000
So the tool is following the activities folder.

4
00:00:21,530 --> 00:00:24,170
It is called Detect It Easy.

5
00:00:26,070 --> 00:00:27,290
The eyeshot.

6
00:00:31,570 --> 00:00:42,770
Uses to used to scan whether using the net framework for Native or whether Mary Bollon file or whatever

7
00:00:42,840 --> 00:00:48,970
file it is, and also it can detect whether or not a file has been protected or backed.

8
00:00:49,310 --> 00:00:53,690
So the first thing we do is to scan the father.

9
00:00:53,700 --> 00:00:55,820
We want to analyze using the detective.

10
00:00:57,650 --> 00:01:04,880
So we are going to use this in PHARMACEUTICALLY, which is Sidonia, which is this file over here.

11
00:01:06,530 --> 00:01:12,020
So if you have misplace or don't remember where you put it, you can download it from the resource section

12
00:01:12,020 --> 00:01:12,920
for this lesson.

13
00:01:13,910 --> 00:01:22,910
After unzipping it, you find your one phone here and these are all the other files who produce your

14
00:01:22,910 --> 00:01:23,400
licence.

15
00:01:23,990 --> 00:01:26,510
So this is the father you're going to analyze.

16
00:01:27,560 --> 00:01:34,340
So in order to know whether this is a free file and an application, so we need to open this file.

17
00:01:34,670 --> 00:01:41,780
We detected easy click on entry right here and then go and open a file, which is on your desktop.

18
00:01:45,880 --> 00:01:47,220
King Undefiled.

19
00:01:48,710 --> 00:01:57,810
And he shows you that it is a Donnette applications, so now you know, you can use the spy and I semhar

20
00:01:58,100 --> 00:02:01,580
I have the same tools or any Internet tools.

21
00:02:02,120 --> 00:02:08,630
If it is not a done application for, then you cannot use the spy or any of the Internet tools.

22
00:02:09,260 --> 00:02:14,570
Since we know that this is an application, we can use the spy.

23
00:02:15,470 --> 00:02:20,570
So for this particular one, we are not sure whether it's easy for me or that it will be.

24
00:02:21,410 --> 00:02:26,030
This one is not reliable or do certainly to hear you can sometimes be 64.

25
00:02:26,840 --> 00:02:29,500
So to be sure, you're going to use the spy.

26
00:02:29,540 --> 00:02:31,550
We used to be the spy.

27
00:02:34,710 --> 00:02:36,840
So I open my teddy to be densify.

28
00:02:38,920 --> 00:02:44,210
And just clean up all this magnetic sunny move and just remove.

29
00:02:46,120 --> 00:02:47,440
OK, now open.

30
00:02:50,780 --> 00:02:58,240
I found that I want to analyze, just drag it and put it in here.

31
00:03:04,640 --> 00:03:16,750
Click on this and on the left panel here shows you all the Donnette applications on libraries and EMS

32
00:03:16,760 --> 00:03:24,800
call, it is a library for use by the application that can be more sometimes as you run program more

33
00:03:24,800 --> 00:03:25,790
and more of you here.

34
00:03:26,450 --> 00:03:27,560
And that is common.

35
00:03:28,340 --> 00:03:31,760
The domain one should also be in this case.

36
00:03:31,780 --> 00:03:35,490
And we found that you are looking for is here Demo.

37
00:03:35,510 --> 00:03:45,680
And you can see now in the center, apparently some minimal space is disassemble the SFR and shows you

38
00:03:45,680 --> 00:03:48,380
the C shop for that file.

39
00:03:49,310 --> 00:03:57,400
So this is called a decompiled of you know, he doesn't only assemble it also decompensate the seizure

40
00:03:58,190 --> 00:04:00,220
you can convert this into.

41
00:04:00,230 --> 00:04:04,940
We should be Silviu by selecting this and you should do the same thing we should be saying.

42
00:04:05,780 --> 00:04:06,710
So hang on.

43
00:04:06,730 --> 00:04:10,090
We said before a default, a seizure.

44
00:04:10,640 --> 00:04:13,730
There is also, if you can use in Iowa, if you want.

45
00:04:14,720 --> 00:04:21,830
And normally the first thing we do is we will try to look at the program.

46
00:04:23,670 --> 00:04:29,130
The end two point, which is normally in the program class, you can just drill down by clicking on

47
00:04:29,130 --> 00:04:31,110
this and click on the program.

48
00:04:31,620 --> 00:04:35,290
And this is your main function, your method, the entry point.

49
00:04:36,090 --> 00:04:39,030
Another way to find the entry point is to.

50
00:04:39,270 --> 00:04:39,430
Right.

51
00:04:39,540 --> 00:04:48,210
Click on this thing and then go down and say go to entry point and then also to use it to the entry

52
00:04:48,210 --> 00:04:48,530
point.

53
00:04:49,650 --> 00:04:50,800
Which is here on.

54
00:04:52,730 --> 00:04:58,910
So it is an entry point to point is a program here, and as you can see, we have one main function

55
00:04:58,910 --> 00:04:59,930
and a console, right.

56
00:05:01,670 --> 00:05:06,990
So this is the decompiled of you can actually click this to run as a debugger.

57
00:05:08,090 --> 00:05:12,520
So this is a Dibango window debugger button to start.

58
00:05:12,890 --> 00:05:15,520
OK, and then you should be running it.

59
00:05:15,800 --> 00:05:24,740
He's running and he runs for while and close it because this is a console application so he can close

60
00:05:24,740 --> 00:05:24,950
it.

61
00:05:25,010 --> 00:05:27,670
Momeni Phoenicia displaying the Halo demo.

62
00:05:29,360 --> 00:05:34,330
So now if you wanted to pass this line, you need to put a break point.

63
00:05:35,090 --> 00:05:38,870
So to put a break point here, you can click on this.

64
00:05:39,730 --> 00:05:45,220
This ribbon here is trippier and there'll be a great line, he said in red.

65
00:05:45,800 --> 00:05:48,680
So now you're running click OK.

66
00:05:48,710 --> 00:05:50,290
He said, It's a great point.

67
00:05:51,710 --> 00:05:56,390
I think he's showing up now because he's waiting for you now to step over.

68
00:05:57,370 --> 00:06:06,340
So once you break point how these buttons become available, the first one is a step into meaning that

69
00:06:06,370 --> 00:06:13,060
you can step into the function and then the second one, it is Estamira, meaning you can let the function

70
00:06:13,060 --> 00:06:15,020
run without stepping into it.

71
00:06:15,940 --> 00:06:20,070
The third one is how to function if your earlier step into.

72
00:06:20,920 --> 00:06:25,300
So if you didn't step into this function, you're going to have to keep the stigma out of it.

73
00:06:26,050 --> 00:06:33,880
So now we're going to step over and step over and you see this three a.m. move on Sprint because this

74
00:06:33,880 --> 00:06:35,330
line has just been executed.

75
00:06:36,190 --> 00:06:39,550
So it is how you use the debugger in the by.

76
00:06:41,080 --> 00:06:48,970
So now let's stop this program by clicking on the red button here now and also removalist.

77
00:06:50,440 --> 00:06:59,750
Now, what if I want to change these changes into different strings, I will be using ILADS.

78
00:07:00,580 --> 00:07:02,690
So to do that you can do it too.

79
00:07:02,700 --> 00:07:07,970
With the first way we did before was to edit the IO instruction.

80
00:07:08,800 --> 00:07:10,330
Now, I'm going to show you another way.

81
00:07:10,450 --> 00:07:17,290
You can edit the special instruction directly by clicking here and then select.

82
00:07:21,450 --> 00:07:28,800
So he would compile it and here you can just literally just click on this on you and he set you on your

83
00:07:28,800 --> 00:07:35,770
street and so and you think at what he did today and click on.

84
00:07:38,800 --> 00:07:44,230
After that, you have to dump the whole thing out into a separate fire so far.

85
00:07:45,260 --> 00:07:55,680
Click, save more, you can hear the tracks and go to the location where you went and done so I'm going

86
00:07:55,700 --> 00:08:02,420
and as this fire here, but let me remove his on first so it doesn't confuse you dumb here.

87
00:08:02,720 --> 00:08:07,910
And I'm going to call it dumb, maybe washing one.

88
00:08:09,310 --> 00:08:10,490
And then I click save.

89
00:08:14,120 --> 00:08:14,840
Click.

90
00:08:16,190 --> 00:08:22,970
All right, so now you see I have a new file going dumb v one so I can now go to this location and run

91
00:08:24,800 --> 00:08:25,850
copy of.

92
00:08:28,840 --> 00:08:30,150
Opening the from.

93
00:08:36,520 --> 00:08:44,710
I will go to the new bar, frankly, based upon a hinter and you now I desire to see what's in there

94
00:08:45,160 --> 00:08:46,950
and there's is my new version one.

95
00:08:47,530 --> 00:08:51,610
So let me run it down and actually run.

96
00:08:54,400 --> 00:08:57,540
And you see there's a new string ahead of them on Ed.

97
00:08:58,270 --> 00:09:00,020
So this is how you added it.

98
00:09:00,460 --> 00:09:02,770
Now, what if I want to use I outrated.

99
00:09:04,180 --> 00:09:09,070
If I want to edit using it, I admit it, then I will likely use one.

100
00:09:10,090 --> 00:09:12,580
And then here he said, didn't matter.

101
00:09:12,860 --> 00:09:15,780
Zetia, I go down and I am.

102
00:09:17,680 --> 00:09:25,140
So now you open a disassembly of you and show me the high end instructions which was seen before in

103
00:09:25,180 --> 00:09:26,260
the previous lessons.

104
00:09:26,740 --> 00:09:30,120
You have a long string to string here.

105
00:09:30,130 --> 00:09:31,910
The call to call a function.

106
00:09:31,910 --> 00:09:33,040
Do you write a string?

107
00:09:33,850 --> 00:09:35,410
So now you have what it is.

108
00:09:36,070 --> 00:09:39,400
I can just really add here at it again.

109
00:09:39,700 --> 00:09:40,230
I see.

110
00:09:40,600 --> 00:09:44,560
So I've changed in the string and now I can click OK.

111
00:09:45,400 --> 00:09:51,700
And now I have to be done in five saying I do it now I'm going to give you a different name.

112
00:09:52,090 --> 00:09:54,520
I'm going to call to Suvi to.

113
00:09:58,120 --> 00:10:08,920
And we say, OK, so now if you go back to the that I have another the washing machine, Dan wishing

114
00:10:08,920 --> 00:10:12,970
to so let me see what happens when I try to run and do.

115
00:10:16,390 --> 00:10:22,180
And you see, I got a different string hello, this one, a ed again, so this is how you can be use

116
00:10:22,180 --> 00:10:23,130
of the spy.

117
00:10:23,770 --> 00:10:24,700
So it's not a thing.

118
00:10:24,700 --> 00:10:29,470
I want to show you how to step into a step, how to functions.

119
00:10:29,950 --> 00:10:33,790
So let's say and I'm not going to run.

120
00:10:33,790 --> 00:10:35,980
This one has a debugger.

121
00:10:36,640 --> 00:10:50,010
So I go to programs here and I put a breakpoint here and I click click.

122
00:10:50,020 --> 00:10:53,170
OK, so now he stops here.

123
00:10:54,070 --> 00:10:58,360
I we step over to let you run the function.

124
00:10:59,080 --> 00:11:04,350
Let's say I do want to run a function, but I want to enter the information to inspect why the site

125
00:11:04,360 --> 00:11:12,610
is function so I can click this one Semin to so many Stevin to enter the red line function.

126
00:11:13,390 --> 00:11:14,800
See red line function.

127
00:11:15,810 --> 00:11:21,020
And then I can keep on stepping over, stepping over and step out.

128
00:11:23,070 --> 00:11:26,680
So I come back here to this meeting of several.

129
00:11:27,930 --> 00:11:31,520
OK, now we are using a debugger.

130
00:11:31,680 --> 00:11:40,050
You can also enter the function by double clicking function Dyle three one time and you enter the function.

131
00:11:40,740 --> 00:11:48,090
If I want to step out of function, I hit the backspace on the keyboard, backspace and a command function.

132
00:11:49,020 --> 00:11:53,610
So this is how you statically step in, step up to debugging.

133
00:11:54,480 --> 00:11:56,910
So I hope this was useful to you.

134
00:11:58,050 --> 00:12:00,900
So this is how we can use to inspire.

135
00:12:01,650 --> 00:12:02,670
Thank you for watching.

136
00:12:02,940 --> 00:12:04,520
I'll see you in the next one.