1
00:00:00,980 --> 00:00:03,380
Hello and welcome back.

2
00:00:03,440 --> 00:00:11,860
In the previous few lessons when we wanted to set breakpoints we will look for strings.

3
00:00:12,110 --> 00:00:15,770
And we will set the breakpoints on the strings.

4
00:00:15,800 --> 00:00:25,640
In this lesson I will show you an alternative which is to look for into modular cars and to set breakpoints

5
00:00:25,790 --> 00:00:26,840
on them.

6
00:00:26,840 --> 00:00:35,900
So let's begin let's open the crack me one file with the FCC for DG

7
00:00:41,500 --> 00:00:52,390
now will run to the entry point by clicking on run all pressing F nine.

8
00:00:52,390 --> 00:01:03,220
Be sure to be in the user module space which is the entry point before you proceed to the next step.

9
00:01:04,540 --> 00:01:09,360
In the previous methods for searching for strings.

10
00:01:09,370 --> 00:01:20,090
We also had to ensure that we are already in the user module space before we look for strings so in

11
00:01:20,090 --> 00:01:29,140
this a method where we look for into modular cores we must also ensure that we are in the user module

12
00:01:29,150 --> 00:01:30,800
space.

13
00:01:30,800 --> 00:01:42,880
Now to look for internal modular cores we will rightly and then scroll down and look for the search

14
00:01:42,880 --> 00:01:50,710
for item menu item and then look for current module.

15
00:01:51,040 --> 00:01:56,940
And then here previously we selected string references.

16
00:01:57,020 --> 00:02:01,900
For now we are going to select into modular course.

17
00:02:02,180 --> 00:02:02,960
Just click on it.

18
00:02:05,180 --> 00:02:08,930
And we get a list of results.

19
00:02:08,930 --> 00:02:16,220
So this is a list containing all the internal modular cores that are made from the user module.

20
00:02:17,370 --> 00:02:30,770
The user my view as you recall is ready address space begins if 0 0 4 so these are all the source of

21
00:02:30,790 --> 00:02:31,500
the course.

22
00:02:32,810 --> 00:02:41,330
So these costs are being made from these addresses which are in user space and you can see it is quite

23
00:02:41,460 --> 00:02:51,310
a long list and all these codes are window API functions also known as wintery to API.

24
00:02:52,490 --> 00:03:06,150
And from here we can look at and inspect any of the Windows API function calls that we like to examine.

25
00:03:06,200 --> 00:03:19,390
So for example there is getting message here and there is also the get dialog somewhere here.

26
00:03:19,390 --> 00:03:22,990
So over here K dollar item tax.

27
00:03:23,020 --> 00:03:24,610
So we have seen these two before.

28
00:03:25,750 --> 00:03:34,330
So if we wanted to quickly go there we can just double click this address or we can directly and follow

29
00:03:34,330 --> 00:03:43,470
in this assembler ideally so we can just double click and we go directly to the get message.

30
00:03:43,650 --> 00:03:46,930
Oh here.

31
00:03:47,050 --> 00:03:47,450
All right.

32
00:03:47,630 --> 00:03:52,060
Let's go back to the references again that the lease is up.

33
00:03:52,370 --> 00:04:00,080
If we wanted to find all the message into modulo cars then we can search for it down here.

34
00:04:00,080 --> 00:04:06,650
Just type and get message and you find this one here

35
00:04:09,510 --> 00:04:19,980
and then from here he can double click and go directly to that address Oh here getting message

36
00:04:26,360 --> 00:04:26,670
there.

37
00:04:26,670 --> 00:04:36,130
Let's go back to references and if you wanted to search for a message box you just type message box

38
00:04:39,230 --> 00:04:47,540
and we list up a tree message boxes which are being called by our user module.

39
00:04:47,820 --> 00:04:52,130
All three of these and you can click on this to go to the first result.

40
00:04:53,370 --> 00:05:01,760
And he shows us this is where the bomb message box is we show it and then we go back to reference click

41
00:05:01,770 --> 00:05:09,590
the second one DoubleClick and here is where the Congress message is being shown and you look back to

42
00:05:09,590 --> 00:05:21,290
references and click on the 10 1 Hayes where the sorry the wrong sero key message is being shown and

43
00:05:21,290 --> 00:05:30,410
we can just put a big fine anywhere we won another way to put breakpoint is from the result here to

44
00:05:30,410 --> 00:05:41,550
put a breakpoint day we can slightly press the key F to can press F2 here again and click here and press

45
00:05:41,550 --> 00:05:42,470
have to.

46
00:05:42,480 --> 00:05:48,330
So now we have three break points so you can go and take a look and a booklet on the first one and see

47
00:05:48,330 --> 00:05:55,670
the first breakpoint has been set for the first message box in the module that comes in the second breakpoint

48
00:05:55,760 --> 00:06:00,470
is here and the temporary pi is here.

49
00:06:00,980 --> 00:06:11,720
So this is how we can search for into modular cores and uh narrowed down the list and then put breakpoints

50
00:06:11,750 --> 00:06:13,410
on them.

51
00:06:13,560 --> 00:06:27,080
So that is remove our breakpoints now correctly and remove how we can get silly and remove it.

52
00:06:28,740 --> 00:06:31,640
So the list of breakpoints are listed here.

53
00:06:31,670 --> 00:06:41,260
We can select on three and click and press on delete key to delete all the break points.

54
00:06:41,270 --> 00:06:48,890
OK so this is how we can say for in the module class a separate point and that's all for this lesson.

55
00:06:48,900 --> 00:06:50,070
Thank you for watching.