1
00:00:00,810 --> 00:00:02,490
Hello and welcome back.

2
00:00:02,580 --> 00:00:06,500
In this lesson we are going to get started with three with me to buy Lina.

3
00:00:07,020 --> 00:00:11,350
So let's open it I see bugger

4
00:00:15,420 --> 00:00:21,770
and now we're the entry point in my setting is as follows often preferences objectives and breakpoint

5
00:00:21,870 --> 00:00:32,630
in DNS callbacks and in all these exceptions and my plugins analyzer as follows me show the first two

6
00:00:32,630 --> 00:00:41,300
is uncheck so now you can go ahead and select the positive one to analyze

7
00:00:45,840 --> 00:00:54,570
and end so like all of those and then right click X analyzer analyze selection

8
00:00:57,420 --> 00:01:05,680
and now we can take a look at a quote as you can see it has already feeling the function calls we know

9
00:01:05,680 --> 00:01:18,240
API has her eyes the parameters so let's stick around it and see what happens we have a pop up message

10
00:01:18,240 --> 00:01:30,060
box we cease evaluation beta hot on the purchased new license click on OK and the program 10 minutes

11
00:01:30,930 --> 00:01:31,380
then you click.

12
00:01:31,410 --> 00:01:33,600
OK so let's restart the program

13
00:01:36,550 --> 00:01:39,460
and let's see.

14
00:01:39,460 --> 00:01:41,530
So now if you go to

15
00:01:45,380 --> 00:01:46,890
all right let's see.

16
00:01:46,920 --> 00:01:57,070
So now you either step through by pressing it we can see that he is calling all these functions like

17
00:01:57,080 --> 00:02:04,170
on both closer and they create file and it seems he's looking for a file.

18
00:02:04,350 --> 00:02:14,310
Now look at this as you recall from the earlier lessons clarify is a Windows API function to open to

19
00:02:14,310 --> 00:02:28,980
look for a file or to create a file and you can read up from MSD in or here why the SDM create file.

20
00:02:30,480 --> 00:02:33,610
You can also refer to the earlier lessons on this.

21
00:02:33,930 --> 00:02:36,690
And these are the meaning of all these parameters

22
00:02:39,290 --> 00:02:49,060
so create file so the father is trying to queries code key file is looking for this Kieffer so far does

23
00:02:49,060 --> 00:02:56,010
not necessarily mean creating a file it will also mean looking for a file so that you want to read it.

24
00:02:56,200 --> 00:03:04,360
So as you can see here the parameters generally read and write that means it is opening looking for

25
00:03:04,360 --> 00:03:06,850
this file for reading and writing.

26
00:03:06,850 --> 00:03:08,120
The rest are pragmatists.

27
00:03:08,160 --> 00:03:12,070
Uh uh not so important it is this one which you are interested in.

28
00:03:12,070 --> 00:03:13,880
Key find on that.

29
00:03:13,900 --> 00:03:16,380
So it is looking for this key far on that.

30
00:03:16,520 --> 00:03:22,650
And here is a cause the function and the result of this call would be starting.

31
00:03:22,720 --> 00:03:23,390
Yes.

32
00:03:23,410 --> 00:03:31,180
As you recall in the previous lessons every window function will start the result of the call in X and

33
00:03:31,180 --> 00:03:32,050
you can read.

34
00:03:32,300 --> 00:03:36,480
Here's where the result the call is known as the return value.

35
00:03:36,550 --> 00:03:44,530
So if you look in the windows uh MSD n documentation you can always scroll down and look at the return

36
00:03:44,530 --> 00:03:44,880
value

37
00:03:50,300 --> 00:03:53,420
the return value.

38
00:03:53,420 --> 00:04:00,200
So the return either function succeeds the return value is an open handler to the specified file or

39
00:04:00,560 --> 00:04:09,370
if the function fails the return value is invalid and the value we have seen this before in the past.

40
00:04:09,420 --> 00:04:09,720
Okay.

41
00:04:09,730 --> 00:04:20,180
So now the return value knowing that we are over here so let's call this represent Effie now the easiest

42
00:04:20,390 --> 00:04:30,810
is a value and press have and see what happens to it and we get a negative one as you remember in your

43
00:04:30,840 --> 00:04:38,160
previous lessons we saw that when you get it upside is a means negative one and this is bad it means

44
00:04:38,160 --> 00:04:45,900
that the forest is not found in the file is found it will be a positive value with some no positive

45
00:04:45,900 --> 00:04:46,800
number.

46
00:04:46,800 --> 00:04:48,430
So the file is not found.

47
00:04:48,450 --> 00:04:51,080
So what we need to do is create a it.

48
00:04:51,990 --> 00:04:53,880
So it's going create a file.

49
00:04:53,880 --> 00:05:07,100
You can just do it here rightly you file and the name of the file is uh key found that

50
00:05:10,760 --> 00:05:15,390
key file on the net and remove the THC anyway.

51
00:05:18,830 --> 00:05:22,590
Now if you don't see the extension at a bank you have to make it invisible.

52
00:05:22,640 --> 00:05:31,730
I am going to review options change for the social options under review.

53
00:05:31,870 --> 00:05:33,380
Make sure you

54
00:05:37,010 --> 00:05:43,120
uncheck this high extension for known time should be uncheck so if yours is checked just uncheck it

55
00:05:43,720 --> 00:05:55,940
and apply then you can see the extension so if he put uh he restart and come back here restart and we

56
00:05:56,710 --> 00:05:58,060
step through again.

57
00:05:59,210 --> 00:06:07,400
And when we come into this here see what happens when you call this and now it is not a negative one

58
00:06:07,400 --> 00:06:07,880
anymore.

59
00:06:09,470 --> 00:06:11,800
Right so so now issue

60
00:06:15,970 --> 00:06:18,160
issue champ award is a bad message.

61
00:06:18,490 --> 00:06:20,430
Earlier on in the event he was negative.

62
00:06:20,440 --> 00:06:23,350
He will not come all this very message.

63
00:06:23,350 --> 00:06:24,910
Let me demonstrate that to you.

64
00:06:25,240 --> 00:06:30,050
If I needed it in this file came it closes first.

65
00:06:33,630 --> 00:06:35,040
Okay I did it this far.

66
00:06:43,640 --> 00:06:52,400
I stepped through again if I deleted the file when it comes to this and he compares it and whether it

67
00:06:52,400 --> 00:07:00,560
is negative and you find it is true so because it is true the Zero flag is one and therefore evil in

68
00:07:00,580 --> 00:07:02,650
John Jan evil angel.

69
00:07:03,290 --> 00:07:05,760
So you displayed a bad message.

70
00:07:05,780 --> 00:07:09,890
I said keep stepping to issues a bad message which is raging before our day.

71
00:07:10,520 --> 00:07:13,580
By now if I were to create no file

72
00:07:18,080 --> 00:07:20,250
key file the death

73
00:07:26,870 --> 00:07:41,920
and I restart this effort go too far and now the E S is not a negative one.

74
00:07:42,050 --> 00:07:51,490
So this comparison will fail and therefore you will set the 0 5 2 0 so the 0 5 0 0 therefore this junk

75
00:07:51,520 --> 00:07:52,760
would take place.

76
00:07:52,760 --> 00:08:00,040
So will you jump over these this very message so let's press F here and now it goes here.

77
00:08:01,540 --> 00:08:08,780
And now he's trying to read in your file so is opening the file is when you read so in an s lesson I

78
00:08:08,780 --> 00:08:11,360
will show you how to analyze this refund.

79
00:08:11,610 --> 00:08:12,500
So I'll see you then.