1 00:00:09,930 --> 00:00:10,250 No. 2 00:00:10,440 --> 00:00:11,440 One, welcome back. 3 00:00:11,490 --> 00:00:20,910 This is the part to so, uh, I assume you started debating the application and you also ended up doing 4 00:00:20,910 --> 00:00:22,930 something similar to what I have here. 5 00:00:23,370 --> 00:00:25,950 Let's start restart the application again. 6 00:00:27,090 --> 00:00:27,520 So. 7 00:00:29,220 --> 00:00:36,160 And, uh, this time, uh, let's just go through that a little bit quickly just to make sure and we 8 00:00:36,820 --> 00:00:40,060 look at the values on the stack and all of this kind of stuff. 9 00:00:41,390 --> 00:00:44,270 Uh, just let's do something very quick. 10 00:00:48,900 --> 00:00:50,640 OK, so let's start. 11 00:00:52,190 --> 00:01:00,410 Why we got to this location, AVP, I'm going again, I'm going to do, uh, Star a little bit quicker. 12 00:01:00,870 --> 00:01:02,870 Uh, OK, so. 13 00:01:04,590 --> 00:01:11,920 I'm going to jump I'm going to also jump this one, and now you can see that on the stand. 14 00:01:11,940 --> 00:01:16,290 We have, uh, our A scores written on the stack. 15 00:01:16,980 --> 00:01:18,170 Uh, let's continue. 16 00:01:20,840 --> 00:01:28,250 And then it's going to print that I entered this valley over here, and then if we continue over here, 17 00:01:28,570 --> 00:01:37,130 I believe, and I return and you can see the application actually just continued and it worked successfully 18 00:01:37,130 --> 00:01:39,230 with no problems in there, OK? 19 00:01:39,230 --> 00:01:40,950 And it terminated successful. 20 00:01:41,840 --> 00:01:46,100 So and you can see the zip code is zero means application here. 21 00:01:46,400 --> 00:01:49,910 Return call, which was zero, also means it was successful. 22 00:01:50,180 --> 00:01:54,200 Let's see what's going to happen now with the load application. 23 00:01:54,530 --> 00:02:07,450 But instead of facing only 16, uh, bytes, uh, let's pass this time, um, let's say 20 maybe, uh, 24 00:02:07,460 --> 00:02:08,340 let's say 20. 25 00:02:09,020 --> 00:02:13,550 Uh, so now let's see what's going to happen this time. 26 00:02:13,550 --> 00:02:16,410 Um, to look at, uh, look at everything again. 27 00:02:17,030 --> 00:02:18,020 So let's start. 28 00:02:21,280 --> 00:02:28,210 Next, next, next, I'm going to jump over this, I don't want that next, next, next, we can also 29 00:02:28,210 --> 00:02:29,530 debunk this, by the way. 30 00:02:29,560 --> 00:02:33,930 Let's do it because I think this is for the copy. 31 00:02:34,240 --> 00:02:40,540 Let's do that so we can see everything is God created here. 32 00:02:40,990 --> 00:02:46,210 And then let's look at this one so we can see that this is our destination. 33 00:02:47,470 --> 00:02:48,820 This is our destination. 34 00:02:49,090 --> 00:02:50,350 And we can follow. 35 00:02:50,540 --> 00:02:57,640 And so this is probably where we will be riding the these, uh, I'm going to do if a because I don't 36 00:02:57,640 --> 00:03:02,350 want to jump into the copy so we can see the AIDS God written. 37 00:03:02,830 --> 00:03:10,780 Uh, these are the AIDS, but this time we have or more because we send them or we send 20 instead of 38 00:03:10,780 --> 00:03:11,350 16. 39 00:03:11,920 --> 00:03:16,840 And let's look and continue to see what we have over here. 40 00:03:17,140 --> 00:03:17,730 Over here. 41 00:03:17,740 --> 00:03:21,700 I'm going to jump over this one because it's only going to print. 42 00:03:21,700 --> 00:03:22,960 So I don't want that. 43 00:03:23,260 --> 00:03:24,610 I'm going to jump over it. 44 00:03:24,640 --> 00:03:28,740 We got back to our main and, uh, if we continue. 45 00:03:30,070 --> 00:03:38,870 Here is oh, this is actually OK, this is actually where I am, I am I didn't jump over in my misstep. 46 00:03:39,270 --> 00:03:40,500 So cooperative. 47 00:03:40,500 --> 00:03:44,680 I'm going to jump over the car and just continue to turn. 48 00:03:45,390 --> 00:03:51,870 OK, now I'm going to go back to my, uh, main function, so. 49 00:03:53,060 --> 00:04:02,710 Is and then return, and until we have the jump shot, we got to do that because we finished our hair. 50 00:04:03,260 --> 00:04:10,490 More weeks leave and return, as you can see, nothing and everything was fine. 51 00:04:10,490 --> 00:04:15,020 And if I do, if nine and you will see that same thing happen. 52 00:04:15,920 --> 00:04:23,530 So it seems 20 is still fine, we didn't manage to corrupt the stag and of the application. 53 00:04:23,850 --> 00:04:29,500 Now this is a trial and error, by the way, especially if you don't know how to quote. 54 00:04:29,510 --> 00:04:34,970 Here we have the courts so we know how much we tried to cover up the stack. 55 00:04:35,000 --> 00:04:37,030 But in general, it's trial and error. 56 00:04:37,280 --> 00:04:43,580 So this time we're going to do is I'm going to add four more. 57 00:04:45,290 --> 00:04:47,700 This time we are going to send actually in. 58 00:04:48,790 --> 00:04:52,780 Twenty four, OK, so this time we're going to send 24. 59 00:04:52,810 --> 00:04:54,030 Let's start again. 60 00:04:54,790 --> 00:04:59,110 So we have started the application and go hear this one. 61 00:04:59,110 --> 00:05:02,450 I want to jump over it, preparing this or this one. 62 00:05:02,470 --> 00:05:05,930 OK, the computer is going to happen. 63 00:05:06,010 --> 00:05:06,460 The jump. 64 00:05:06,460 --> 00:05:11,520 I mean, I jump in because it's not going to happen to be solved because we have true values. 65 00:05:11,860 --> 00:05:17,660 And then more than, uh, this one is to the, uh, function. 66 00:05:18,070 --> 00:05:19,830 So let's go to the function one. 67 00:05:20,260 --> 00:05:21,310 We want to do that. 68 00:05:21,930 --> 00:05:29,650 And then we lost all of these iterative Forestier company so we can see there's a real destination. 69 00:05:29,650 --> 00:05:33,840 As you can see, it's not changing, but this time we have a bigger value. 70 00:05:33,850 --> 00:05:36,110 So let's see what's going to happen now. 71 00:05:36,340 --> 00:05:43,510 So if I do have to jump over the if we can see this time we overbroad this is a 16 and these are the 72 00:05:43,510 --> 00:05:44,830 eight modules again. 73 00:05:45,100 --> 00:05:47,350 So overall, uh, twenty four bytes. 74 00:05:47,800 --> 00:05:51,510 OK, let's see, let's continue and see what's going to happen. 75 00:05:51,520 --> 00:05:58,210 So if seven and seven and then I'm going to jump or I don't want to go or the print. 76 00:06:04,180 --> 00:06:06,860 So we are now back into Maine. 77 00:06:08,050 --> 00:06:09,610 Let's continue here. 78 00:06:10,740 --> 00:06:11,490 Wanted to. 79 00:06:13,390 --> 00:06:15,550 I pressed seven by instinct. 80 00:06:15,580 --> 00:06:20,570 OK, so you enter and I'm going to print this, I'm going to jump out of the print. 81 00:06:21,670 --> 00:06:22,960 Uh, let's do that. 82 00:06:45,780 --> 00:06:52,120 So vigilant and trying to find a spine and to look at what's going to happen now. 83 00:06:52,140 --> 00:06:53,600 Look at look at this one. 84 00:06:53,730 --> 00:06:55,180 What does that rotunda. 85 00:06:55,410 --> 00:07:02,760 There's no I'll take the top on the stand, put in the EPA under the sun and what we have on the top 86 00:07:02,760 --> 00:07:06,870 of the state, we have some of our parts than we do here. 87 00:07:06,900 --> 00:07:09,510 What have the application powers? 88 00:07:09,810 --> 00:07:13,580 And if I say if it says I can't continue, why? 89 00:07:13,860 --> 00:07:18,600 Because the system doesn't know where this address is. 90 00:07:18,870 --> 00:07:23,340 41 41, 41 41, which is the ease that you sent. 91 00:07:23,340 --> 00:07:25,820 It doesn't know where this is. 92 00:07:25,860 --> 00:07:31,890 OK, so this is either some location that application does not have access to or it doesn't exist. 93 00:07:32,850 --> 00:07:34,660 So the application pressure. 94 00:07:34,690 --> 00:07:42,480 So what we managed to do is if we go back here, by the way, to our explanation of image to the is 95 00:07:42,480 --> 00:07:49,630 we managed to get The Baffler four by four, by four by four by looking at this very systemize. 96 00:07:49,660 --> 00:07:52,370 And then we overrode EHP. 97 00:07:52,380 --> 00:07:55,080 So that's why AVP also corrected, by the way. 98 00:07:55,300 --> 00:08:04,310 But we also and that means topsides, but we also Ormerod on E IP and that's when we did return it to 99 00:08:04,360 --> 00:08:05,310 those four bytes. 100 00:08:05,820 --> 00:08:10,470 OK, so that's one that return it to the format this time. 101 00:08:10,480 --> 00:08:11,130 That's to. 102 00:08:12,920 --> 00:08:21,740 Let's see, um, um, we will add so we we did twenty, uh, twenty, uh, twenty or that for now let's 103 00:08:21,740 --> 00:08:22,520 see twenty eight. 104 00:08:23,030 --> 00:08:32,660 Let's just to twenty eight and say well we have won the state um my two cents of offers just to double 105 00:08:32,660 --> 00:08:33,200 check. 106 00:08:33,200 --> 00:08:34,280 OK again. 107 00:08:36,760 --> 00:08:39,340 Stand on right once I start. 108 00:08:40,470 --> 00:08:42,900 And again, this distance. 109 00:08:46,040 --> 00:08:53,840 Is, uh, continue, continue, continue through the campaign, because it's my function, one that's 110 00:08:53,840 --> 00:08:54,890 going to my function. 111 00:08:54,970 --> 00:08:58,490 And, uh, so, OK, let's do the estimate. 112 00:08:58,550 --> 00:08:59,200 Copy. 113 00:09:03,790 --> 00:09:06,830 So I don't want to your company. 114 00:09:06,870 --> 00:09:13,450 I mean, so now we can see that this other is is if we're following, um. 115 00:09:14,640 --> 00:09:24,240 And so this time, the road and all of these, OK, so overbroad, more than let's continue and let's 116 00:09:24,240 --> 00:09:25,050 continue. 117 00:09:25,050 --> 00:09:27,840 This is this is shortly before. 118 00:09:28,900 --> 00:09:36,900 Yeah, I want to jump over it, but it's because I have the break point, I keep forgetting that little 119 00:09:36,940 --> 00:09:37,900 did you see this. 120 00:09:38,830 --> 00:09:41,100 There is an event where I'm jumping over it. 121 00:09:41,260 --> 00:09:44,040 We are jumping into it because of the one. 122 00:09:44,140 --> 00:09:44,880 I don't see that. 123 00:09:44,890 --> 00:09:47,470 I'm sorry I forgot about this remoted. 124 00:09:49,310 --> 00:09:52,160 Removed and no longer work on the Hill. 125 00:09:52,190 --> 00:09:53,250 OK, good. 126 00:09:53,320 --> 00:09:55,840 Um, I'm glad it's, uh. 127 00:09:55,850 --> 00:09:57,170 So let's do this again. 128 00:09:57,200 --> 00:10:02,680 You under the valley and then I don't want you to pronounce I'm going to jump over it the next next 129 00:10:02,680 --> 00:10:03,760 tax return. 130 00:10:03,950 --> 00:10:09,860 So now where are we going to return that to the previous function, which is my form one. 131 00:10:10,510 --> 00:10:17,100 Uh, we go back here, uh, do nothing and then will the OK, no. 132 00:10:17,120 --> 00:10:19,500 Return where they want to go back there. 133 00:10:19,520 --> 00:10:23,510 Um, I mean, so now we are at the main function. 134 00:10:23,900 --> 00:10:24,450 Right. 135 00:10:24,910 --> 00:10:33,020 Um, actually we don't uh we weren't able to go back by the way, because what we did is we corrupted 136 00:10:33,020 --> 00:10:33,950 the application. 137 00:10:35,210 --> 00:10:38,700 I'm sure if we did something wrong, we're. 138 00:10:40,740 --> 00:10:41,290 OK. 139 00:10:49,260 --> 00:10:51,000 Now, the certification in. 140 00:10:53,160 --> 00:10:55,320 In the past year, 28. 141 00:11:01,240 --> 00:11:01,610 Look. 142 00:11:03,050 --> 00:11:03,900 Let's say again. 143 00:11:05,480 --> 00:11:08,030 So we need to attach. 144 00:11:09,000 --> 00:11:11,440 And this Mike. 145 00:11:12,960 --> 00:11:14,060 Let's do if nine. 146 00:11:14,610 --> 00:11:15,610 Uh, start, OK. 147 00:11:15,630 --> 00:11:16,530 So if seven. 148 00:11:18,070 --> 00:11:24,200 I'm going to jump over Compre, OK, and that I'm going to jump over it this time. 149 00:11:24,610 --> 00:11:30,910 Now, this is were way to actually to that is this is the copy where the copy will happen. 150 00:11:32,150 --> 00:11:39,680 So here we are now, we have designed this new source and let's see what's in the soil so we can see 151 00:11:39,930 --> 00:11:48,190 in the source in this volume than the were going on copy hill so we can put it over here. 152 00:11:48,200 --> 00:11:55,700 So it is going to be, you know, if I don't if it to jump over it, it got overwritten, as you can 153 00:11:55,700 --> 00:11:56,420 see here. 154 00:11:56,690 --> 00:11:59,610 And now X is pointing to the swallowers. 155 00:11:59,870 --> 00:12:04,520 So now if I continue if I continue, I'm going to jump over. 156 00:12:04,520 --> 00:12:06,320 This time I don't want to. 157 00:12:07,400 --> 00:12:12,470 So we we're not going to integrate, create a play on, then return. 158 00:12:12,830 --> 00:12:17,600 OK, so now when I do the return, we will go back to the main function. 159 00:12:18,230 --> 00:12:19,160 But we didn't. 160 00:12:19,170 --> 00:12:19,520 Why? 161 00:12:19,520 --> 00:12:23,720 Because the app was all for it on eBay. 162 00:12:23,720 --> 00:12:25,570 Was what, overwritten. 163 00:12:25,940 --> 00:12:27,110 So what does it mean. 164 00:12:27,320 --> 00:12:33,560 It means we need uh if we repeat that, um, now we Ormerod APIs. 165 00:12:33,560 --> 00:12:39,830 So if we say we don't know how to return back to the main, uh, the previous function on the previous 166 00:12:39,830 --> 00:12:42,410 screen, so let's start again. 167 00:12:42,410 --> 00:12:45,620 But this time, uh, let's uh the only. 168 00:12:47,580 --> 00:12:50,260 And not 20, not twenty eight. 169 00:12:50,280 --> 00:12:51,990 I'm going to do 24. 170 00:12:56,180 --> 00:12:57,040 20. 171 00:12:59,950 --> 00:13:07,580 Yes, or rather than the difference between so two to four starts now. 172 00:13:07,720 --> 00:13:08,980 Yes. 173 00:13:10,850 --> 00:13:17,860 And that's the second and third execution with a stop at the Port NBP, where our breakpoint is listed 174 00:13:18,140 --> 00:13:21,370 and next next next year, I'm gonna jump over this one. 175 00:13:21,410 --> 00:13:22,010 Afraid so. 176 00:13:22,010 --> 00:13:27,690 Confrere, jumped the shark who will continue, continue, continue. 177 00:13:28,520 --> 00:13:30,430 And now I'm going to take this one. 178 00:13:30,440 --> 00:13:35,260 I want to go the carpet and a all of that. 179 00:13:35,570 --> 00:13:38,200 Now we have this very well. 180 00:13:38,460 --> 00:13:39,130 This nation. 181 00:13:39,140 --> 00:13:39,780 We will be. 182 00:13:40,310 --> 00:13:42,350 So this is where we will be right. 183 00:13:42,350 --> 00:13:51,060 Writing F7, OK, and now if I don't have it, I don't want to do the I'm going into it. 184 00:13:51,060 --> 00:13:57,370 So this nation is here and this is the source is where our code is. 185 00:13:57,370 --> 00:14:01,580 So if we follow this in dump into the Chauvin's. 186 00:14:01,580 --> 00:14:03,500 But I'm gonna uh. 187 00:14:03,500 --> 00:14:04,240 Let's skip that. 188 00:14:04,580 --> 00:14:11,710 OK, just wanted to say, OK, so this is what our source is and this is where this nation is. 189 00:14:12,260 --> 00:14:14,960 So by the way, this is on the site. 190 00:14:16,660 --> 00:14:21,610 So we will be this here, actually here. 191 00:14:21,840 --> 00:14:30,280 This is the one, so now if I do have AIDS there, you can see that what happened is we all were brought 192 00:14:30,310 --> 00:14:33,460 up at the end at the address, the AIDS. 193 00:14:33,580 --> 00:14:37,340 So we overbroad AIDS under that. 194 00:14:37,600 --> 00:14:44,110 And so we have one, two, three, four, which is six imbibes, then, uh, four, which is 20 and 195 00:14:44,110 --> 00:14:45,460 therefore which is 20, 28. 196 00:14:45,760 --> 00:14:47,390 So we ordered all of this. 197 00:14:47,680 --> 00:14:49,900 OK, so if you go back here. 198 00:14:51,720 --> 00:14:53,100 Four for four. 199 00:14:53,730 --> 00:14:59,020 That's 16, then the Ormerod, another for investment, the other form, twenty eight. 200 00:14:59,370 --> 00:15:04,750 So we all rode up here with these four. 201 00:15:05,670 --> 00:15:06,620 Let's check. 202 00:15:06,630 --> 00:15:08,490 That's all we can next. 203 00:15:10,820 --> 00:15:15,020 There's now this one that will take to my function to I don't want to do that. 204 00:15:15,320 --> 00:15:20,370 I'm going to not let nobody return the show they take me. 205 00:15:20,390 --> 00:15:22,790 It should take me back to my function. 206 00:15:24,080 --> 00:15:31,700 And so it took me back to my function and everything is fine here, working on the job, so we easily 207 00:15:31,700 --> 00:15:32,200 return. 208 00:15:32,210 --> 00:15:37,120 Now look at what's, uh, what do we have on the top of what we have is our B.. 209 00:15:37,430 --> 00:15:38,690 So what does that mean? 210 00:15:38,990 --> 00:15:40,190 It means me, Manjit. 211 00:15:40,190 --> 00:15:46,010 We needed, uh, we needed, uh, four four four four, which is sixty miles. 212 00:15:46,190 --> 00:15:47,480 We need to six timbers. 213 00:15:47,480 --> 00:15:50,960 And we needed, uh, that other four bytes. 214 00:15:50,960 --> 00:16:00,830 OK, we needed to order for abideth so we did 20 bytes and then 20, 20 fortified by the or the let's 215 00:16:00,830 --> 00:16:07,760 say we need another four votes to override on e IP, which is is going to be ip y because. 216 00:16:07,760 --> 00:16:14,840 No, if I do, if someone said it's going to be uh, when they return, what it will do is gonna pop 217 00:16:15,350 --> 00:16:21,680 into IP and then IP will say, hey, I don't wanna have to execute it, I don't know where it is. 218 00:16:21,740 --> 00:16:26,120 And so the program will be crushed so we can contain anywhere from here. 219 00:16:27,070 --> 00:16:30,910 No, no, what we have here on the steg. 220 00:16:32,480 --> 00:16:43,070 Is you see, this is where this is pointing to, it's pointing to this volume, so and where is this 221 00:16:43,310 --> 00:16:44,240 pointing? 222 00:16:44,240 --> 00:16:50,210 It's going to come is pointing to this location where our code exists. 223 00:16:51,130 --> 00:16:58,660 Again, let's just look at this again so we have control over IP with this volume, so we manage it 224 00:16:58,660 --> 00:17:00,400 and call to control the IP. 225 00:17:00,590 --> 00:17:05,130 We have control over it because I managed to inject our code into it. 226 00:17:05,500 --> 00:17:10,100 And if you look at the ISPs, it's pointing to the top of the stack, definitely. 227 00:17:10,120 --> 00:17:15,450 But it's also pointing to the other causes, some of the characters. 228 00:17:16,580 --> 00:17:24,700 OK, so what we can do it is we can do this now, this is where the assembly world comes into play and 229 00:17:24,710 --> 00:17:31,780 again, we will in every new lesson we will of new skills and new techniques. 230 00:17:31,780 --> 00:17:37,510 So you'll learn different ideas and different methods to the exploration and exploitation. 231 00:17:37,520 --> 00:17:44,860 But for now, you know, what I'm going to do is to pay BASIX, because this is our first example I. 232 00:17:45,740 --> 00:17:47,300 I'm going to search for. 233 00:17:47,870 --> 00:17:49,880 Um, let's go to. 234 00:17:51,450 --> 00:17:55,110 The libraries are the law that is in your memory. 235 00:17:55,150 --> 00:18:02,640 OK, I'm going to, for example, Colonel 32 and we want to search for something which points to the 236 00:18:02,640 --> 00:18:04,200 job E.S.P. 237 00:18:04,440 --> 00:18:04,710 Why? 238 00:18:05,410 --> 00:18:08,100 Because our record is at E.S.P. 239 00:18:08,280 --> 00:18:11,880 If we can jump to the occasion, we can execute our call. 240 00:18:12,360 --> 00:18:20,980 So let's go to Search Chromed and we want to jump ESPN and search. 241 00:18:22,150 --> 00:18:30,870 It seems there is no jumping speed, so let's go back looking somewhere else in the right click search 242 00:18:30,910 --> 00:18:31,300 zone. 243 00:18:31,980 --> 00:18:38,770 Now, I know some of you might say, hey, this is your this is a library will be loaded every time 244 00:18:38,770 --> 00:18:39,700 in a different place. 245 00:18:39,710 --> 00:18:41,130 Forget about that for now. 246 00:18:41,350 --> 00:18:42,700 We will get back to this. 247 00:18:42,700 --> 00:18:46,060 We will get it to sorry later on the course. 248 00:18:46,060 --> 00:18:46,490 For now. 249 00:18:46,510 --> 00:18:52,630 Do we just want to find any jump so we can see that we have these? 250 00:18:53,700 --> 00:18:56,080 Andrea is different. 251 00:18:56,120 --> 00:19:02,410 So let's take this one and the one, the first one and the letter, right, until either we are going 252 00:19:02,410 --> 00:19:06,450 to avoid that, but for now, let's avoid it and has some zeroes in it. 253 00:19:06,700 --> 00:19:10,600 But as you remember, they are not, which terminates strings. 254 00:19:10,870 --> 00:19:12,910 So they're going to avoid that for now. 255 00:19:13,060 --> 00:19:19,780 Now, and let's take this let's go to this one and let's copy this address. 256 00:19:20,230 --> 00:19:23,730 OK, so let's copy let's put a bullet point on it. 257 00:19:25,270 --> 00:19:25,950 Very just. 258 00:19:26,820 --> 00:19:32,570 So let's go back to here and write down this is one, OK? 259 00:19:34,470 --> 00:19:36,490 We need to do that now. 260 00:19:36,630 --> 00:19:39,220 We know what we need to do is an. 261 00:19:40,830 --> 00:19:42,330 Uh, some. 262 00:19:46,210 --> 00:19:50,570 What we need to do, we need to send this bill through the program. 263 00:19:51,010 --> 00:19:54,770 So what I'm going to do is I'm going to start with you here. 264 00:19:55,000 --> 00:20:01,900 What we need to do now is now do some corn, which we will be going in Python. 265 00:20:02,020 --> 00:20:03,520 But I'm going to start this one. 266 00:20:03,850 --> 00:20:05,500 So we will start in fresh water. 267 00:20:05,500 --> 00:20:13,810 We will use some code written in Python, and we will pass this volume with our other string in order 268 00:20:13,810 --> 00:20:15,400 to control the application. 269 00:20:15,570 --> 00:20:21,610 And one thing that's probably due before I start the video on Alastair's I want to do here. 270 00:20:22,180 --> 00:20:27,460 Uh, so probably the, uh, multiplied by, uh, let's say a hundred. 271 00:20:27,730 --> 00:20:30,100 Uh, let's not just what's going to happen. 272 00:20:30,920 --> 00:20:31,550 So. 273 00:20:34,710 --> 00:20:35,820 For assemblyman's. 274 00:20:40,670 --> 00:20:49,960 Uh, again, on the and start the problem that led us to execute, so we are here at seven seven seven, 275 00:20:50,410 --> 00:20:51,670 seven, eight. 276 00:20:52,300 --> 00:20:56,680 We want to jump over this and then continue, continue, continue. 277 00:20:57,140 --> 00:21:00,800 We want to go into it because we want to see the copy. 278 00:21:01,030 --> 00:21:02,230 So let's go there. 279 00:21:02,290 --> 00:21:04,420 So here we have everything. 280 00:21:05,120 --> 00:21:06,340 So we have the source. 281 00:21:06,340 --> 00:21:12,940 And destination is our destination if we follow and this is where the corn is going to be written. 282 00:21:12,940 --> 00:21:18,690 And now if I do jump over because I want to be executed, but I don't want to go into it. 283 00:21:19,030 --> 00:21:25,210 So now we see that we managed to write a lot of A's and onto our stink. 284 00:21:25,330 --> 00:21:28,730 See our got a lot of a spray tan on top of it. 285 00:21:29,590 --> 00:21:31,580 OK, so let's continue now. 286 00:21:31,600 --> 00:21:36,740 Lord, Lord, I want to avoid this because I don't need it anymore, which is fun. 287 00:21:37,180 --> 00:21:42,160 I'm going to just break and I believe will return now when I do to return. 288 00:21:42,170 --> 00:21:48,160 What's going to happen is one of these sort of this one actually and this one is P is pointing to CCB. 289 00:21:48,940 --> 00:21:50,590 It's pointing over the top of the stack. 290 00:21:50,950 --> 00:21:59,470 So now if I put this value into the return, what it will do is we will copy this money into IP and 291 00:21:59,470 --> 00:22:00,950 we will go to execute that. 292 00:22:01,240 --> 00:22:07,840 So if I put the address of Jump XP here, I will be executing. 293 00:22:07,840 --> 00:22:08,470 It is called. 294 00:22:09,330 --> 00:22:17,850 OK, so, again, if I put the address of a jump ESP instruction, OK, so then what will happen is 295 00:22:17,850 --> 00:22:24,330 when we do the return, the return, the carpet is into Eppy and people go to executed what is in their 296 00:22:24,570 --> 00:22:25,300 jumpier space. 297 00:22:25,420 --> 00:22:28,780 So we will come back and execute to court, which is in here. 298 00:22:29,010 --> 00:22:34,980 So now we have control over, uh, our program.