1
00:00:01,020 --> 00:00:03,490
Hello and welcome back.

2
00:00:03,630 --> 00:00:14,130
In this lesson we are going to bash the dum which we extracted from the pact EFC in a previous lesson.

3
00:00:14,130 --> 00:00:19,630
But before that I would just like to summarize what we did in the last lesson.

4
00:00:19,780 --> 00:00:25,240
So in the last lesson we extracted the ESEA far from the pact.

5
00:00:25,380 --> 00:00:26,230
Yes.

6
00:00:26,850 --> 00:00:31,290
So the standard process of packing AC is as follows.

7
00:00:31,320 --> 00:00:41,300
First you need back easy to find the real origin entry point Enda Kenny foreigner entry point Uganda

8
00:00:41,330 --> 00:00:51,870
fully and back program the disc then you fixed the table and if necessary fishy behaviour using excessive

9
00:00:51,880 --> 00:00:52,890
identity.

10
00:00:53,070 --> 00:00:55,390
A process is as follows.

11
00:00:55,390 --> 00:01:03,720
First you look back you see into the x's if only B then you start tracing the EFC until you find her.

12
00:01:03,780 --> 00:01:07,400
Push Eddie hour push EVP instruction.

13
00:01:08,010 --> 00:01:16,170
Thereupon you put a half of every pint on your EVP address in the stack and watch what happens when

14
00:01:16,170 --> 00:01:18,940
you're running.

15
00:01:19,000 --> 00:01:26,360
So now you press F nine to execute you will break on a session which is immediately after the top 80

16
00:01:27,000 --> 00:01:28,890
are the pop EVP.

17
00:01:29,130 --> 00:01:37,070
Then you start tracing we've hit and do you encounter jamming instruction which this jump to the OR

18
00:01:37,210 --> 00:01:43,520
B Are you a program at your AP You've done the whole program using excessive force.

19
00:01:43,550 --> 00:01:49,030
We scale up again and then you fix it 80.

20
00:01:49,170 --> 00:01:52,820
So this is a process of doing the dumping.

21
00:01:53,250 --> 00:01:57,640
So now we look at the how to practice.

22
00:01:57,810 --> 00:02:11,610
So before that if you go to open this with a VIP you'll see that yeah you know Pekka has done.

23
00:02:11,800 --> 00:02:14,650
And you open this AJ

24
00:02:19,890 --> 00:02:21,560
you see the eyes are better.

25
00:02:21,780 --> 00:02:25,480
So we have successfully unpacked it so let's try to patch it.

26
00:02:25,560 --> 00:02:32,000
So let's open this with the ICC for the G.

27
00:02:32,310 --> 00:02:33,740
And then you run it.

28
00:02:38,580 --> 00:02:39,460
Now key.

29
00:02:39,460 --> 00:02:44,820
Anything click on check get papam area.

30
00:02:46,040 --> 00:02:57,110
Get on the bus and the same thing you're costing you for the user more Google follow from right click.

31
00:02:57,190 --> 00:03:01,690
So from and here you get the gem.

32
00:03:02,630 --> 00:03:08,820
So we want the fastest and make sure it jumps to the correct key message.

33
00:03:10,060 --> 00:03:13,530
So this DoubleClick and assemble the term

34
00:03:17,130 --> 00:03:19,260
interactions is the same skill.

35
00:03:19,300 --> 00:03:22,090
Okay close.

36
00:03:22,230 --> 00:03:29,850
Now you have assembled a region run to test it kill okay.

37
00:03:29,890 --> 00:03:31,790
Check again.

38
00:03:31,960 --> 00:03:32,890
So it's working.

39
00:03:33,370 --> 00:03:43,660
So let's try to patching the file patch and this is why we're going to patch Petra.

40
00:03:43,880 --> 00:04:00,850
So give it a name head bashed behind and click save.

41
00:04:00,950 --> 00:04:11,370
Now you're running putting the patch first DoubleClick enter any key.

42
00:04:11,980 --> 00:04:16,080
I was so successful especially extracted.

43
00:04:16,330 --> 00:04:16,960
Yes.

44
00:04:17,610 --> 00:04:18,870
That's all for this lesson.

45
00:04:18,870 --> 00:04:19,890
Thank you for watching.