1
00:00:01,430 --> 00:00:02,900
Welcome back.

2
00:00:02,900 --> 00:00:08,280
Today's topic is how does the program do registration check.

3
00:00:09,710 --> 00:00:13,370
Let's run the program again and see what happens.

4
00:00:19,030 --> 00:00:20,920
And your program starts up.

5
00:00:21,200 --> 00:00:26,880
It already knows that it is unregistered if you click about button.

6
00:00:27,050 --> 00:00:29,990
He also knows that it is unregistered.

7
00:00:31,190 --> 00:00:38,450
So the question now becomes how does the program know that it is unrealistic.

8
00:00:39,480 --> 00:00:50,340
So let us analyze this program in ecstasy for BBG.

9
00:00:50,440 --> 00:00:58,270
Now we run to the entry point by clicking on the run button or pressing have nine

10
00:01:00,940 --> 00:01:01,310
yeah.

11
00:01:01,340 --> 00:01:10,050
Now the entry of mine so we are going to step through line by line by pressing F it and watch when the

12
00:01:10,110 --> 00:01:11,540
window begins to appear.

13
00:01:13,250 --> 00:01:22,560
I'm just pressing F A to step through every line and keeping a lookout for the window

14
00:01:25,410 --> 00:01:27,660
and so far nothing has happened.

15
00:01:27,690 --> 00:01:42,230
Given pressing it to step through.

16
00:01:42,470 --> 00:01:49,100
And now the window has a bit so the window appears when this call is being made.

17
00:01:49,730 --> 00:01:51,960
So this is a good place to put a breakpoint.

18
00:01:52,010 --> 00:01:59,940
So let's put a brake fine here and you can see at this point in time he already knows that it is unregistered

19
00:02:01,940 --> 00:02:08,060
so we shall not restart and analyze this call to see what happens in it.

20
00:02:09,730 --> 00:02:10,570
So let's restart

21
00:02:13,300 --> 00:02:25,160
f press F nine hole click Run and this run to the point and Vienna stop and the brake point.

22
00:02:25,390 --> 00:02:37,910
So let's press F seven to enter the step into this call F seven and now we are at the start of the call.

23
00:02:38,110 --> 00:02:40,450
Keep on pressing FIA to step through it.

24
00:02:46,490 --> 00:02:50,780
And here there's a Windows function to create a dialogue.

25
00:02:54,730 --> 00:02:55,890
And here we are.

26
00:02:56,050 --> 00:03:07,230
You can sure we do and notice what I've been after this car window is shown but the contents are still

27
00:03:07,230 --> 00:03:08,460
empty.

28
00:03:09,360 --> 00:03:18,960
And now it seems there is going to push some parameters to this day getting ready to call in next the

29
00:03:18,970 --> 00:03:20,170
next function

30
00:03:23,030 --> 00:03:32,690
and now is calling the next function and notice this thing here one of the barometer seems to be a file

31
00:03:33,050 --> 00:03:42,510
called key father GST DFC and it is pushing all this barometer for this function coalesce analyse this

32
00:03:42,510 --> 00:03:52,330
function call first and look it up so let's open the browser and look it up.

33
00:03:52,940 --> 00:03:57,420
Time MSD and create file

34
00:04:01,060 --> 00:04:06,200
click the first result and here heavy create.

35
00:04:06,280 --> 00:04:06,960
Just a note.

36
00:04:06,980 --> 00:04:26,200
He so the great file functions access 1 2 3 4 5 6 7 parameters let's check it is 1 2 3 4 5 6 7 parameters.

37
00:04:26,540 --> 00:04:27,500
Correct.

38
00:04:27,500 --> 00:04:42,060
So let's look had the documentation so great file will accept some parameters found in the design access

39
00:04:42,960 --> 00:04:46,190
and the D.A. says they screwed up and see what he means.

40
00:04:47,020 --> 00:04:52,370
Design says can be either open to create a file for read or write

41
00:04:56,250 --> 00:04:57,510
read or write.

42
00:04:57,670 --> 00:05:06,270
So the second parameter Telstra is a barometer that tells you whether to open a file for reading or

43
00:05:06,270 --> 00:05:07,570
writing.

44
00:05:07,590 --> 00:05:09,070
Let's go back and take a look.

45
00:05:09,940 --> 00:05:17,950
So our second parameter is a followed by all the zeros at the back.

46
00:05:17,950 --> 00:05:24,170
So is this read or write so we can make a guess.

47
00:05:24,230 --> 00:05:37,030
If we were to look further down there is a re file refile function down here so if I had to guess this

48
00:05:37,270 --> 00:05:46,810
create file is actually opening this file for reading so after it opens a file you will find out here

49
00:05:47,740 --> 00:05:49,480
is a father's noises.

50
00:05:49,510 --> 00:05:51,780
Then you will skip all this.

51
00:05:52,400 --> 00:05:57,780
This in my Skip already OK let's go back to the create file again.

52
00:06:00,190 --> 00:06:02,950
Nuclear file will return a handle.

53
00:06:03,430 --> 00:06:06,250
So what is what is being written.

54
00:06:06,250 --> 00:06:08,500
Let's scroll down read the written

55
00:06:13,420 --> 00:06:20,650
return value is the function so see the return value isn't one handle to the specified file device named

56
00:06:20,650 --> 00:06:21,650
by a minister.

57
00:06:22,420 --> 00:06:31,050
If the function fields the return value is invalid handle value so let's run through the code again.

58
00:06:32,390 --> 00:06:39,840
So every function call returns something in the E X register.

59
00:06:39,860 --> 00:06:47,690
So now let's start to recall and see where all this step true f you are now here and yes the register

60
00:06:47,900 --> 00:06:56,970
has gone negative 1 so negative 1 means that something has gone wrong that means farther than this.

61
00:06:57,030 --> 00:07:04,730
So there is a hint for you that is looking for this key file that the SD and if it doesn't exist it

62
00:07:04,740 --> 00:07:07,470
means that the program is unregistered.

63
00:07:07,950 --> 00:07:18,270
So let's confirm that by stepping through a and true enough over here days a gem and this gem is based

64
00:07:18,270 --> 00:07:26,280
on the test here it is testing for this whether it is a equal or not equal.

65
00:07:26,280 --> 00:07:28,410
So if the heat what is it.

66
00:07:28,480 --> 00:07:37,470
Yes he is negative one because we move negative one to the essay and so now he is negative one.

67
00:07:37,550 --> 00:07:43,550
So now he wants to compare whether negative one is starting ESEA or not.

68
00:07:43,550 --> 00:07:54,220
So we study essay then he would jump because we have come the CMB instruction compares to different

69
00:07:54,250 --> 00:07:55,640
values either.

70
00:07:55,640 --> 00:08:03,510
If they are the same then it is set to zero flight to one and that and therefore January may.

71
00:08:03,550 --> 00:08:11,320
So that means that if the file is not found because it is a negative one therefore it will Javanese

72
00:08:12,640 --> 00:08:13,540
like this.

73
00:08:13,870 --> 00:08:20,580
And you can see it is jumping or some interesting string down here.

74
00:08:20,760 --> 00:08:28,330
OK so now we know enough that we can solve this for temporary by creating a key father.

75
00:08:28,340 --> 00:08:31,960
GST will do that in the next lesson.

76
00:08:32,210 --> 00:08:33,530
And thank you for watching.