Reverse Engineering and Weaponizing XP Solitaire (Mini-Course)

  Рет қаралды 62,336

jeFF0Falltrades

jeFF0Falltrades

Күн бұрын

Пікірлер: 187
@jeFF0Falltrades
@jeFF0Falltrades 2 жыл бұрын
Thanks for being here! I hope you enjoy and get something out of this video. I will be posting any edits/updates/corrections to this pinned comment. The mistakes I've found already in post have already been marked in the video, aside from one: It was a mistake to leave making my intro for last + making it in the middle of the night such that it became the fever dream that you see today. If any other mistakes or updates are identified, I'll post them here - Thanks for watching! 1. H/T to Antoine Neuenschwander for explaining that the ‘&’ I talk about appearing in some strings at 58:36 in the video denotes which key to press when holding “Alt” to highlight or select an option. Thank you! 2. Not an error, but an update: A classmate of mine saw this video and was able to provide the name of the real Professor Brian! False Brian is reacting as you’d expect to the news…
@patrickborys3490
@patrickborys3490 Жыл бұрын
Hi , can you please make also the font bigger for the decompiler (this on the right side, with source code) next time :) ?
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Yes I will! Sorry about that. I probably need to bump it up in the debugger as well - I was noticing I didn’t do the same adjustment in x64dbg, and it’s needed there too. Thank you for the feedback!
@kxa5540
@kxa5540 Жыл бұрын
Mdvo8y
@o1-preview
@o1-preview 10 ай бұрын
@@jeFF0Falltrades hey, great work! two things: using dark mode would be nice! and second, xref doesn't appear on the score string, any ideas why? I tried looking it up but didnt find it
@jeFF0Falltrades
@jeFF0Falltrades 10 ай бұрын
@@o1-preview Thanks for watching and for the follow-ups! 1. I did start using dark mode in my later videos; Just took me a while to finally switch that on in my recordings. 2. You won’t see any Xrefs to strings loaded with “LoadStringW” because they are loaded by *ID*, not by address - so when a disassembler like Ghidra does the disassembling, it doesn’t recognize any cross-reference to the string address because there is no reference to the address itself; Instead the string is loaded by its resource ID.
@gianbattistavivolo7449
@gianbattistavivolo7449 Жыл бұрын
Really high quality content here... probably the best video on this platform for a beginner (me)... please continue making this kind of videos Jeff... Love from Italy
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Grazie mille, Gianbattista - You are too kind. I’m so glad to hear you enjoyed and I plan on making more content soon! Already have some ideas in mind for next time :-) Happy New Year!
@ashleybyrd2015
@ashleybyrd2015 Жыл бұрын
I think this is the video that makes me finally understand. I like that this video is slower and explains each step plus the reasoning behind it, a lot of videos I've watched seem to just expect me to understand _why_ without explanation. Thank you so much!
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
So good to hear! That’s why I started doing this series: I always had a hard time finding tutorials that took it slow and built upon concepts, so I’m at least trying to get something like that going in these. Thanks for watching!
@antoineneuenschwander8353
@antoineneuenschwander8353 Жыл бұрын
At 58:36 those ampersand characters are used to denote access keys shortcut. In the dialog, press the "Alt" key to reveal the access keys (underlined characters) and type "a" to switch to Standard mode.
@antoineneuenschwander8353
@antoineneuenschwander8353 Жыл бұрын
demo: kzbin.info/www/bejne/r6aQkoVppr-jg6s
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
AHHH! Thank you so much! That makes perfect sense. I’m going to add this to the pinned comment as a correction. Thank you!
@Autom_te
@Autom_te Жыл бұрын
This is a really good introduction to reverse engineering. After other tutorials I was always feeling lost and overwhelmed. Yours has really clear explanations and walk-through of the entire process. Thank you for your work. I am excited to learn more.
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
So happy to hear as this is what I strive for - so glad you are enjoying it and I hope you continue to learn!
@user-ni9ck8iv1b
@user-ni9ck8iv1b 6 ай бұрын
From your experience, I myself am a beginner, how would you recommend me to start learning reverse engineering by myself. Should I first learn C or assembly or any other topics?
@patrickslomian7423
@patrickslomian7423 Жыл бұрын
Hey ,just viewed your tutorial at work :). I think your teacher (Brian) would be proud of you. I ve been struggling to learn RE for years, always kept it for later. I cant tell you, how much I appreciate that you found time for beginners like me, and explained it perfectly. Thanks !:)
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
That is so nice of you to say! I truly hope it was helpful and so glad you enjoyed, Patrick!
@b213videoz
@b213videoz 4 ай бұрын
1:37:39 well that's easy: all you really had to do was so set up a WRITE breakpoint on the SCORE (its address you did figure out and that was a hard part), so the timer would decrease the SCORE and hit your breakpoint on doing so.
@cochaviz
@cochaviz Жыл бұрын
Absolutely the best intro to RE'ing I've ever seen! Directly thanks to you I've been able to crack some long-forgotten niche software my Dad uses on a regular basis. Cannot let abandoned software go to waste :) Thank you so much!
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Outstanding job!!! Thanks so much for the kind words, and if you enjoy learning more, I have new vid planned for release hopefully by the end of this month/beginning of next :-). Thanks for watching!
@hexpirator
@hexpirator 8 күн бұрын
Very good descrition. Now I understand much more about assembler. Thank you very much! Very long Video. I have seen the whole... 😀
@jeFF0Falltrades
@jeFF0Falltrades 8 күн бұрын
@@hexpirator So glad you not only enjoyed, but learned from it ❤️ Thank you for taking the time to watch!
@fallenangel4620
@fallenangel4620 Жыл бұрын
Listen to me.... After 5 months of publishing this treasure of infos. And after about 10months for me learning.... 8 can say that u are walking in same road of your teacher.... God bless u both ❤❤ This channel should be my source Now
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Aw thank you! That is so kind of you to say and I’m glad you’re enjoying these!
@MidtownMadness1
@MidtownMadness1 2 жыл бұрын
I loved the Rollercoaster Tycoon video! Will definitely watch this one too when I have some time :)
@jeFF0Falltrades
@jeFF0Falltrades 2 жыл бұрын
Thank you so much! Please take your time with it - As someone who had to watch through multiple times in post, it's best enjoyed in pieces ;-). I hope you enjoy!
@nickthomsen
@nickthomsen Жыл бұрын
We need you back dude. Great work! Thanks a lot for sharing your knowledge. I highly appreciate that.
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Hope to be back soon! Started researching the next vid a couple of months back but work/life (and some issues with YT that have since been resolved) have gotten in the way. I’ll be back soon enough though ;-) Thanks for watching!
@rednibcoding3412
@rednibcoding3412 Жыл бұрын
I am incredibly grateful for the good reverse engineering tutorials you create. Your detailed and slow-paced approach to teaching is really helpful. Please know that your work is highly appreciated, and I eagerly await each new tutorial. Keep up the fantastic work! Thank you!
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Thank you so much and I’m so glad you enjoy!! More to come soon! Thank you for the kind words.
@cashgarman
@cashgarman Жыл бұрын
Thank you so much for taking the time to put this excellent resource together. You have a fantastic teaching style and my brain feels larger :)
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Thanks for taking the time to watch it! So glad you got something out of it!
@dummydummy-o7g
@dummydummy-o7g Ай бұрын
thanks just beginning reverse engineering hope this would be helpful wish me luck guys
@jeFF0Falltrades
@jeFF0Falltrades Ай бұрын
@@dummydummy-o7g Wishing you all the luck in your learning journey! Keep at it!
@0100-f1v
@0100-f1v 2 жыл бұрын
3 hours... this is a gift... thank you
@jeFF0Falltrades
@jeFF0Falltrades 2 жыл бұрын
Haha I’m glad you think so! I’ve found that some people really like the long form, and some people don’t, so I try to mix it up - I like doing these longer vids because I know if I was starting over again, I would want someone to walk me through step-by-step. So I hope you enjoy, and don’t feel like you have to tackle it all at once ;-). Thanks for watching!
@moviezbuzz77
@moviezbuzz77 Жыл бұрын
@@jeFF0Falltrades Please upload more videos
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
@@moviezbuzz77 The ideas are there! I have a few things in the chute that I just need to find time to put together. More is coming though :-). Thanks for watching!
@kevinquintana3085
@kevinquintana3085 Жыл бұрын
Yup, it's a gift, and in video format
@iamtimsson
@iamtimsson 9 ай бұрын
that's what she said
@BryanChance
@BryanChance 10 ай бұрын
Thank you so much for your time in making this video. It's priceless!
@jeFF0Falltrades
@jeFF0Falltrades 10 ай бұрын
Thanks so much for watching and so glad you enjoyed!
@TomStorey96
@TomStorey96 Жыл бұрын
The score_base_minus_0x30 is probably a pointer to a struct if I had to take a guess. And the score field is stored 48 bytes into the struct, hence adding 0x30. I believe Ghidra has the ability to handle structs if you tell it that something is a struct.
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Yep, that makes sense - I don’t think I had seen the auto-variable rename like that in Ghidra before, but I like it! Thanks for that clarification and thanks for watching!
@davidmichaels307
@davidmichaels307 Жыл бұрын
Why does my Ghidra export sol.exe not have PE in the format selection box when I try to export sol.exe? I have "original file."
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
If I understand correctly, you’re trying to export a PE from the original sol.exe? If that’s the case, then “original file” is what you want, since sol.exe should also be a PE.
@CrusaderMen
@CrusaderMen Жыл бұрын
Thank you! I'm learning a lot. I wanted to ask, how the functions addresses in ghidra and in the x32dbg are the same? The addresses are predefined in build time?
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
This can depend on if your system has ASLR enabled and a few other factors - Most executables have a preferred base address, which is what Ghidra goes off of, and - if ASLR is not enabled - x32dbg will also load the PE at that preferred address. And that base address can indeed be set at compile time, but it may not be respected by the OS (that’s why it’s called “preferred”). Hope that helps!
@20b886
@20b886 Жыл бұрын
After building the DLL i keep getting 0x7b error. Couldn't find out why and was slowly losing it. Pulled it into ghidra and found out it was a 64bit. Builed again with MinGW x86 and succsefully got rick rolled . Finally, i was sane again. Thank you for this wonderful course.
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
"Successfully got rick rolled. Finally, I was sane again" - The universe in balance once again. Haha, thanks so much for watching and so glad you enjoyed! Great troubleshooting, too.
@mkausch1336
@mkausch1336 7 ай бұрын
Hey, I'm a fourth year comp sci student and just wanted to say that I loved the series and the videos were really helpful. We used ARMv8 so I wasn't a beginner by any means, but I thought that your explanations were great and fit in well with my current knowledge base. You also really broke down the use of the tool chain well which allowed me to experiment on my own with your crackme challenge. This actually was a great exercise because it allowed me to see where my knowledge gaps were when I was trying it on my own and in turn i could go back and reference the video. I must admit that ghidra has some quarks compared to watching others use IDA, but 5k for the pro version that comes with a decompiler is too much for educational exploration. Thank you so much for this.
@jeFF0Falltrades
@jeFF0Falltrades 7 ай бұрын
Thanks so much for this incredible feedback! So glad to hear you enjoyed this one (I also really enjoyed making this one - it was a ton of fun), and I wish you all the best as a fellow CS grad. Hope some of the other videos here and future videos we do will also help along, and never hesitate to ask questions if you have them. Lastly: Very agreed on the IDA pricing and why I pretty much switched to being all in for Ghidra and (occasionally) IDA free :-)
@DeineRöhre-s6j
@DeineRöhre-s6j 27 күн бұрын
Very good video. I love it. But unfortunately the internet archive doesn´t work right now and I don´t think it will ever get online again. Do you know another source such as the internet archive?
@jeFF0Falltrades
@jeFF0Falltrades 27 күн бұрын
@@DeineRöhre-s6j Thank you so much! And if it’s any consolation, Internet Archive will be back up soon - They actually suffered a cyber breach recently and are recovering from it still, so they had to take down a lot of the links for now. There are several sites on Google that claim to have the original XP solitaire, but I cannot vouch for them as legitimate - If you don’t want to wait for the archive to come back up, I’d look around Reddit or some forums where you can get real human feedback on links, and if you do find a file you’re unsure of, upload it to VirusTotal and check out the scores. I unfortunately don’t have access to my versions anymore either :-( Thanks so much for watching, though, and if you do find a good link, please feel free to share and I’ll pin it!
@xore_1798
@xore_1798 Жыл бұрын
Wow, I've just stumbled accross your channel. Def needs more views, it's insanely good! Thx for the great content:)
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Thanks so much for the kind words! I’m so happy to have you here. Hoping to push out another one here in the next month or two (if things go to plan) :-). Thanks for watching and I hope it helped you.
@iorusoul
@iorusoul 4 күн бұрын
Thanks for the mini course I learned a lot :D
@jeFF0Falltrades
@jeFF0Falltrades 4 күн бұрын
@@iorusoul It makes me so happy to hear that! I can’t wait to make some more and so glad you enjoyed!
@JohnSmith-he5xg
@JohnSmith-he5xg Жыл бұрын
A useful tool for you to add to your arsenal might be Cheat Engine (A memory scanner). Can really aid in finding how various values are stored, what code they're accessed by, etc. Great video
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Thanks so much, John! Very familiar with Cheat Engine, and I would also recommend it to anyone wanting a smooth intro to patching/RE. I’ve thought about including it in some future videos, but I’ve had issues with YT flagging videos for any mention of it previously. I’ll say here though: A great tool for beginners (when used for good)!
@yolamontalvan9502
@yolamontalvan9502 8 ай бұрын
University offers Reverse Engineering courses? Where is that? Which one? I’m interested.
@jeFF0Falltrades
@jeFF0Falltrades 8 ай бұрын
In the case I’m talking about in the video, it was a course taught by an adjunct professor at the university I went to, but these days, I know of several university computer science departments who now offer reverse engineering courses (at least in the US) - a friend of mine has his own course lectures on the topic online for free at class.malware.re if you’re interested !
@moe42937
@moe42937 2 жыл бұрын
Before I start watching that video I would like to thank you for Rollercoaster Tycoon video I learned a lot Keep going bro :)
@jeFF0Falltrades
@jeFF0Falltrades 2 жыл бұрын
Thank you so much for sharing! I love hearing this because this is the reason I enjoy making these videos - So glad to hear the video helped and hope you enjoy this one too! Thanks for the kind words and motivation.
@moe42937
@moe42937 2 жыл бұрын
@@jeFF0Falltrades I appreciate that, one day youtube will choice your videos and showing them to people who interested in reverse eng and Binary analysis and I'm sure they will be happy as me :)
@jeFF0Falltrades
@jeFF0Falltrades 2 жыл бұрын
Thank you, my friend - That means a lot :-)
@iamtimsson
@iamtimsson 9 ай бұрын
i didn't know that this was what i wanted. entertaining. goodish pace (i don't know what i would want different). thanks. very much NOW MOAR DO IT NAO
@jeFF0Falltrades
@jeFF0Falltrades 9 ай бұрын
Hahaha so glad you enjoyed! More to come, but probably not right now, right now - got 2 videos in the works soon though… 👀 Thanks for watching!
@Proferk
@Proferk Жыл бұрын
great video. I've decided to watch other videos (like this one) of yours after finishing the x86 assembly class you recently uploaded. I have one question though, why do you use PascalCase for variables and function names?
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Thank you! And to your question - Where do you mean? Because I usually use snake case for functions and variables when writing my own stuff?
@Proferk
@Proferk Жыл бұрын
@@jeFF0Falltrades I'm talking about the labels you assign to local variables and parameters of functions in ghidra. For example, you set the variable of the score mode, to "ScoreMode" (PascalCase), instead of "scoreMode" (camelCase) or "score_mode" (snake_case)
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
@@Proferk Ahhh I see. TBH, I have no idea hahaha. I didn’t even realize I was using a different style in Ghidra vs VS Code until you pointed it out. I probably started doing it to differentiate my named variables vs Ghidra’s or something and it just stuck. Usually I prefer snake case for vars and functions and PascalCase for class names. Good spot haha
@mariusz7238
@mariusz7238 9 ай бұрын
Hey, how do you do that the x32dbg when dragged sol.exe on it opens the actual game window, on my side nothing happens. The process itself (the solitaire game) exists within x32dbg's process but there is no window for it.
@jeFF0Falltrades
@jeFF0Falltrades 9 ай бұрын
Hey! Make sure that your debugger is not stopping on a breakpoint (check the bottom-left corner of the debugger which will say “Paused”). If it is Paused, hit the “Run” button or press F9 to get the program to proceed; That should pop up the game window and let the program proceed, assuming there are no other breakpoints or exceptions taking place (the debugger will let you know in the bottom-left and bottom pane if there are any breakpoints or exceptions). Hope this helps, and if not, let me know so we can troubleshoot further
@mariusz7238
@mariusz7238 9 ай бұрын
@@jeFF0Falltrades Thanks, it worked. But still pretty weird that i got some entry breakpoint and 1 exception.
@ThaLiquidEdit
@ThaLiquidEdit Жыл бұрын
Your channel is awesome! Hope there will be more videos :)
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
You’re awesome! Thanks so much - and yes, on the tail end of a new one now, in fact. Stay tuned ;-)
@Kavukamari
@Kavukamari Жыл бұрын
Thanks Jeffo, I hope your Fall Trades go well!
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
They’d be going a lot better if stupid Diane Sweeney wasn’t taking attention away from my beautiful gourds with her glow-in-the-dark pumpkins - It’s nothing but a party trick, but people are too busy gawking over that spectacle to notice the quality of these gourds!
@tylerdaniels4601
@tylerdaniels4601 Жыл бұрын
Really enjoying this course. I’m trying to apply it to an old application (Delta Force 2 Mission Editor), and I started very similarly with trying to patch a string in the About dialog. However, I hit a weird roadblock where I would change the string and export the program, but the text in the application didn’t change. I later found that the app actually uses text from a text.bin file, so I can change the text there and see the result in the app. I’m curious why the text shows up in a Ghidra search of the .exe file if it’s read in from an external file at runtime. Is that a pattern you’re familiar with?
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Nice job! As far as the text, when you search it in Ghidra, where exactly is it showing - i.e. what section is it showing in? Knowing that can help shed some light on what exactly is going on.
@b213videoz
@b213videoz 4 ай бұрын
I wonder if you have Svenska classes, Jeff. The way you explain I might even get it 😊
@jeFF0Falltrades
@jeFF0Falltrades 4 ай бұрын
@@b213videoz Nej det vill du inte 😉😂 There are much better Swedish teachers, I’ll just stick to my machine languages thanks 😆 Thanks for watching as always!
@bug1083
@bug1083 Жыл бұрын
Hey, just throwing this out since you mentioned the confusion with the '&' inside of some of the strings. Having done development with Windows forms, which are like a complex wrapper for low-level C++ GUI development, the '&' is a symbol used by Windows for shortcut keys. I'm not sure when this feature was used the most, but you can still use it today by pressing Alt in a program, and then looking at the menu items that have a character with an underscore. The underscored characters are hints for what menu item you want, if you press the same letter as the underscored character, it will open that menu item.
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Thank you! Yes a few others chimed in to explain that and I appreciate it - I hadn’t seen that syntax before, but it’s kind of a neat way to denote shortcut keys! Thanks so much and thanks for watching!
@bug1083
@bug1083 Жыл бұрын
@@jeFF0Falltrades No problem. Love the videos. I actually found the usage in the strings to be a little funny as I didn't know that C++'s Windows GUI API used the same syntax for that feature. I thought it was a quirk with the C# Windows Forms, so it was entertaining to see it 😄
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
@@bug1083 Hahaha yeah, I’ve really had a laugh at some of the things that come out as happening “under the hood” when reversing software - Lots of “Wait…*that’s* how they made that work?” moments 😆
@bug1083
@bug1083 Жыл бұрын
@@jeFF0Falltrades Yeah haha. I only recently discovered your channel, and not sure how much you dabble in languages and asm optimization, but it might be cool to see you reverse engineer code relating to some of the more lesser known assembly calls, big ones being "vmovupd", "vmaxpd", and "vzeroupper" which are robust vector calls. I'm actually curious how often those keywords appear out in the wild with modern programs today, and what exactly they do in the context they appear in. They are more complicated and require a lot of work on my part when using GCC, you have to almost directly tell the compiler to use them when optimizing sometimes, so it's be interesting to see.
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
@@bug1083 That’s a good idea! I’ll have to see what kind of programs I can find (or make) that would be good for something like that.
@xM0nsterFr3ak
@xM0nsterFr3ak Жыл бұрын
58:40 The '&' in the strings are probablly accelerator key markers. Those are the underlined letters in the menu, for example 'F' for File, E for Edit,...
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Thanks! Someone else also pointed this out and I’ve added a note in the pinned comment - nice spot.
@CrusaderMen
@CrusaderMen Жыл бұрын
Thanks a lot! This is a very clear and easy-to-understand explanation. Is there any x32debugger alternatives for mac?
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
So glad you enjoyed! Debugging software for Macs is tricky - I think the only GUI debugger that works on Mac and comes close to x64dbg is gdbgui. Others may have different options, but that’s the one I’ve seen used most often.
@salesv
@salesv Жыл бұрын
What VS Code theme do you use? I really like the bloom effect going on
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
That would be Robb Owen’s “Synthwave ‘84”! And I don’t know if I’ll ever be able to switch from it because I love it so much.
@salesv
@salesv Жыл бұрын
@@jeFF0Falltrades Thanks! I'll look it up
@fernandoz6329
@fernandoz6329 Жыл бұрын
Nice video! I wonder why the proxied dll (@2:40:!3) suddenly get that big from merely 352kb to a whopping 2,3 MB. Is there anything we can do to keep it small or it's just an inevitable proxy side effect?
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Keep in mind the cards.dll file that was 352kb was the original one (that was packaged with solitaire) so there are a number of reasons it could have been that much smaller (e.g. it was made for compatibility with a far older OS and so used much more memory efficient code/compilation flags) - we could work at reducing the size of our proxied DLL by toying with a few efficiency flags in gcc or using a packer to have it “blend in” a bit better - good spot and good question!
@thebillpepper
@thebillpepper Жыл бұрын
Very cool, there were a lot of good tips in there. Thanks!
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
So glad you enjoyed!
@noobsplain
@noobsplain Жыл бұрын
This is really quality content. Thanks so much for putting it together. Subbed and looking forward to more tutorials like this!
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
So glad to hear you enjoyed! I look forward to making more soon! I think I already have a good subject for the next one :-)
@williefleete
@williefleete 8 ай бұрын
The ampersand may mark the next character to be underlined when text is printed
@jeFF0Falltrades
@jeFF0Falltrades 8 ай бұрын
Yep - I marked it in the pinned comment as well, but as others have said - it actually designates which character in the string will be used for keyboard shortcuts/access keys (which are the same ones that are underlined)! Which made a ton of sense in retrospect. Thanks for watching!
@citizen1791
@citizen1791 6 ай бұрын
this is a really great video but near the end i thought you were going todo something like, an exe that if you launch it apply the patches to the game but don't make permanent changes to the original exe. i don't know if you already have a video on your channel but it would be great for modding
@jeFF0Falltrades
@jeFF0Falltrades 6 ай бұрын
Yeah I think I get what you’re saying - we didn’t do that as much in this video/script, but if you check out my RollerCoaster Tycoon videos, those scripts do exactly that - take patches and apply them to a copy of the original EXE while leaving the original intact. This one just happened to be more focused on the DLL injection. Thanks for the feedback and for watching!
@clovis-2557
@clovis-2557 9 ай бұрын
Really impressive! Thanks for this HUGE info. I'm/was looking for info to reverse engineer an old Fortran program of 140kb. Those programs might help a lot.
@jeFF0Falltrades
@jeFF0Falltrades 9 ай бұрын
That’s awesome! Would love to hear you how make out with that Fortran program - that sounds like fun
@tomkuijer494
@tomkuijer494 Жыл бұрын
58:30 -ish the ampersand (&) is used to tell the window system that it should listen for that key as a shortcut for the menu option
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Correct - I edited my pinned comment to reflect this as others have pointed it out, and that makes perfect sense. Thank you!
@maratmkhitaryan9723
@maratmkhitaryan9723 Жыл бұрын
You cannot import as PE, and export as PE. You have to import as RAW, then export as PE. At least in my case I had no PE option when exporting.
@duckie4670
@duckie4670 Жыл бұрын
You make great ghidra tuts 45:50 this exception you get when patching in ghidra, i think is because you are overwriting with longer string and the data is static thus constant space and what you did with hex editor is basically fixed you mistake.
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Thanks so much! And yes, I think you’re right - You would think Ghidra could detect that and print an error to let you know the same, but idk - maybe it’s a more difficult problem to account for than I think. Thanks for watching!
@khneo
@khneo 2 жыл бұрын
Hey ! Thanks for the video, I think the ampersand is for keyboard shortcut
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Yes! I saw another comment about this and you are correct; I made an edit to the pinned comment to reflect this. That makes perfect sense in hindsight. Thanks for watching!
@maximood-tired
@maximood-tired 2 жыл бұрын
Very high quality and interesting, thank you
@jeFF0Falltrades
@jeFF0Falltrades 2 жыл бұрын
Thanks so much for the kind words!
@tiernanmorgan
@tiernanmorgan 7 ай бұрын
can you reverse engineer a slot machine if you know how much its programmed to pay out and know the seed is constantly changing for time of day
@jeFF0Falltrades
@jeFF0Falltrades 7 ай бұрын
You can RE just about anything! But it probably wouldn’t gain much in the way of winnings or anything but knowledge of how the machine works. Would be really fun to do - most modern ones work similarly and are pretty much just based in stats and probability.
@tiernanmorgan
@tiernanmorgan 7 ай бұрын
@@jeFF0Falltrades i was thinking about the russian hacker dude who did it on older ish machines still prng. had his phone buzz before payouts after filming twenty or so spins. as well as this video kzbin.info/www/bejne/gKqsiIR_md2UhaMsi=9Apc9MAR9z_NgSL8 that machines have to leave the factory paying out exact amount and that the seed is constantly changing every second but somehow someone figured out when and programmed it into a phone. it just interested me if i could figure out when it hits postive payouts or a minigame but not further . im not smart enough to understand the prngs yet though.
@uzisquad6568
@uzisquad6568 Жыл бұрын
I don't have the Portable Executable format. Could someone help me?
@zer0k4ge
@zer0k4ge 6 ай бұрын
You figure it out Im having the same issue
@hanshansli2238
@hanshansli2238 Жыл бұрын
Thanks for the video, I really enjoyed it!!
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
So glad to hear, Hans!
@Emmet_v15
@Emmet_v15 Жыл бұрын
1:42:02, It is being called from 6 sides, could get a little **dicey** lmao, unintended pun?
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
HA! How did I manage to miss this - I would have ridden the high of making that pun all throughout the rest of the video.
@Nunya58294
@Nunya58294 Жыл бұрын
So I took on my first reverse engineering project to reverse a bootloader. I'm proud to say I'm very successful in my project! It's shockingly fun too haha
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
That’s awesome!!! Many wouldn’t think it, but RE can be a blast under the right circumstances. Thanks for watching!
@he1817
@he1817 Жыл бұрын
I dont know English very well and I spent a lot of time learning these and Im tired Thank you very much for your video very nice video :} but can you briefly hack a simple game as a tutorial? I really need this 1:37:56 - How did you find the timer in this part? I cant find it if it were me and I want to learn about it, but unfortunately I couldn't understand it.
@majed3469
@majed3469 Жыл бұрын
Nice content, thank you for sharing
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Thank you for watching!
@TuoiLevan-n4i
@TuoiLevan-n4i 2 ай бұрын
It's too difficult for me to study all my life and not even know it.
@jeFF0Falltrades
@jeFF0Falltrades 2 ай бұрын
@@TuoiLevan-n4iThe initial learning curve is tough, but I promise it’s not insurmountable :-) It just takes practice and willingness to keep trying and seeking answers, even if you get stuck.
@manishtanwar989
@manishtanwar989 Жыл бұрын
Sir can we predict the result of game by previous results in card games
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
The game state is only tracked per game, so you could potentially predict the result of the game for the *current* game based on moves (some games of Solitaire actually do this and end the game when it is unwinnable), but I do not think you could do any prediction based on past games’ results in this case.
@manishtanwar989
@manishtanwar989 Жыл бұрын
Can you help me to predict game result And can you teach me how to predict the result please
@Salsuero
@Salsuero Жыл бұрын
& is used to denote the shortcut key in Windows menus. It converts to an underlined character when displayed.
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Yep, exactly - others have pointed out the same, so I updated the pinned comment to denote this. Thanks, and thanks for watching!
@Salsuero
@Salsuero Жыл бұрын
@@jeFF0FalltradesSorry, I got excited because I was able to contribute something I knew that you didn't... not very common when you're watching something like a training video. I was already familiar with reversing and cracking generically, but I enjoyed watching your specific breakdown vis-à-vis Solitaire and I definitely don't know everything, so there's always something to be learned by observing others. Thanks for the content.
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
@@Salsuero Not a problem at all! You should be excited 😃 Thanks for sharing that knowledge forward!
@googleaccountuser3116
@googleaccountuser3116 11 ай бұрын
The & symbol you are asking about in "st&andard" means that the next letter in this case a will be underlined and if you press a on your keyboard it will select that item. So it provides a quick way to navigate the menu with the keyboard. Although I see it doesn't seem to underline on your end. That said pressing a inside that menu should still work but it could be broken. Select vegas first so the submenu is active, it only works within an active menu so this isn't global. You don't seem to use windows very often which is a good thing I suppose, to refresh the registry or any window for that matter just press F5. 😉
@jeFF0Falltrades
@jeFF0Falltrades 11 ай бұрын
Thanks! Others have mentioned that and I updated the pinned comment with the correction - makes perfect sense in retrospect!
@damicore
@damicore Жыл бұрын
sorry, but why did you use msys2 instead of wsl?
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
I could have used WSL, but I wanted to try to account for folks who probably didn’t want to set WSL up if they hadn’t already just for the tutorial, so MSYS2 seemed like a lightweight solution for Windows users who don’t have WSL already ready to go to quickly follow the build process without configuring a bunch of options.
@im_vinodchoudhary
@im_vinodchoudhary 4 ай бұрын
Great Video on Reverse Engineering
@jeFF0Falltrades
@jeFF0Falltrades 4 ай бұрын
Thank you! So glad you enjoyed!
@gabrielJustGabe
@gabrielJustGabe 7 ай бұрын
How did you add nullbytes in 45:46?
@jeFF0Falltrades
@jeFF0Falltrades 7 ай бұрын
Same I did as the other bytes in that section! Just put 00 in for their values as opposed to any other value, and you have a null byte. If you have questions on how to modify the bytes in general or if I can explain better, let me know! EDIT: And to be clear, I added the extra null bytes to make the string size the same as it was before we modified it, to ensure the modification wouldn’t cause issues elsewhere.
@gabrielJustGabe
@gabrielJustGabe 7 ай бұрын
​@@jeFF0Falltrades I dont think I understood, when I try to add 00 in the byte edit window, it becomes another value in the program...
@jeFF0Falltrades
@jeFF0Falltrades 7 ай бұрын
@@gabrielJustGabe Hm, one thing to watch out for is what text encoding is being used - in the video, this is a Unicode string, so each character is 2 bytes - so in order to make a null char, both bytes need to be 0 (so 00 00 is one null char, in other words). Not sure if you are looking at the same program or a different one, but that is the first place I would check. If that isn’t it, let me know and we can chat more.
@gabrielJustGabe
@gabrielJustGabe 7 ай бұрын
@@jeFF0Falltrades Thanks, that actually helped me to understand! Im following along with same software.
@jeFF0Falltrades
@jeFF0Falltrades 7 ай бұрын
@@gabrielJustGabe Excellent! If you have any other questions, feel free to let me know! Hope you enjoy!
@rbt-0007
@rbt-0007 Жыл бұрын
Best video on YT
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Thank you 🙏 And thank you for watching!
@aa898246
@aa898246 Жыл бұрын
ur a really good teacher
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Thank you, and thank you for watching!
@jordankostov7581
@jordankostov7581 Жыл бұрын
Heya JeFF! This tutorial is a real gem! you helped me get better at my hobby and that is modding :). I have a couple advanced questions. I have a game injected with a DLL file by replacing existing one - just like the way you do it this tutorial. When the injection is loaded i want to run a code that make code of the binary between two addresses become NOPs. I created this function: void SetNop(const char* address, const int length) { char* startAddress = address; const int numNops = length; for (int i = 0; i < numNops; i++) { *(startAddress + i) = 0x90; // Set the byte to the NOP opcode } INFO
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Nice!!! One place to start to look is to see if the memory is writeable - typically it won’t be by default. You can get around this by using a function like VirtualProtect() or WriteProcessMemory() to set the permissions on the section where the code you’re trying to modify is to be writeable.
@jordankostov7581
@jordankostov7581 Жыл бұрын
@@jeFF0Falltrades it took many hours, sweat and blood... but i did it. Thank you so much! :)
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
@@jordankostov7581 Congratulations on persisting! You should be proud!
@jordankostov7581
@jordankostov7581 Жыл бұрын
Thank you Jeff! With my newly acquired knowledge i was thinking how much can be accomplished in terms of migrating my assembly patches to the DLL injection and i got some design questions in mind. If you have any tips regarding them it will be great. Questions: 1. In the video above you impersonate the existing DLL by bypassing it. However the bypass requires the original DLL 4 functions to be defined in the export file so they are still available for the binary to use. What if the original exe had 400 functions? Do you have to define them all manually or there is another approach? 2. I do noticed that you can do the following type of patches quite easily the DLL injection: - change existing binary variables - complete rewrite of existing binary functions But what if there is function that is very large in size and i want to modify just part of it? What will be the most common-sense way approach that? Will I have to use assembly again or there is a better way to modify in C++? What if i want to add the function code ? With normal assembly a jump is done to a empty space at the end of the binary where the new code resides, then after it is executed it goes back to the function. Is there a better approach with the DLL injection where the new code is kept at the DLL instead? 3. What are your thoughts on going around Windows 10 D.E.P. ? As the game we mod gets more (and more complex) patches, player with D.E.P. enabled had their game crashing and even refusing to start. This behaviour is of course based on pure assembly patching with hooks. Will the DLL injection method help me go around that issue? May be questions are not defined really well. :)
@yunusaydin5177
@yunusaydin5177 Жыл бұрын
great job keep going
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Thanks for the kind words!
@Lorendrawn
@Lorendrawn 8 ай бұрын
Show the intro to professor true brian
@Salsuero
@Salsuero Жыл бұрын
You didn't patch out the -100 after explaining that it was hard-coded.
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
At which timestamp?
@Salsuero
@Salsuero Жыл бұрын
@@jeFF0Falltrades1:49:32
@NetworkITguy
@NetworkITguy Жыл бұрын
Hermit status ftw!
@outkast9882
@outkast9882 Жыл бұрын
the god is back
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Nic Cage never left us ❤️
@mrpvr
@mrpvr Жыл бұрын
Thanks ❤
@jeFF0Falltrades
@jeFF0Falltrades Жыл бұрын
Thanks for watching!
@brianredbeard
@brianredbeard Жыл бұрын
I spent 30 seconds searching: Brian Deep
@jeFF0Falltrades
@jeFF0Falltrades 11 ай бұрын
Nice! I should have known to enlist another Brian in his search…a classmate of mine also saw this vid and let me know the day after it was published, too. Thanks to you both for that, so I can find him and let him know just how much he inspired me (and hope he never watches the other insanity of my videos…). Thanks for watching!
@themaniacboy
@themaniacboy Жыл бұрын
Hello, I really liked your video although I'm not experienced at all in RE, but I'm certainly willing to learn more about it! Quick question, could you reverse a game dll file? It's needed for modding a game called Duke Nukem: Manhattan Project, because it's really restricted now. The file is called "duke_base.dll". Would really appreciate it if you could help in any way.
@alexandrohdez3982
@alexandrohdez3982 Жыл бұрын
👏👏👏
@jw200
@jw200 9 ай бұрын
Thanks for video but the XP solitaire sourcecode is in the leaked XP sources available from internet. Im not promoting it but just telling the fact
@adamrushford
@adamrushford Жыл бұрын
You didn't waste your time, it's cool for different reasons than you said, you don't sell you acting jokes very well, they're bad to begin with. I can't believe people still think rick rolling is a thing in 2023. See ya round!
@skeleton_craftGaming
@skeleton_craftGaming Жыл бұрын
I would be suprised if [User/System]32 has a key mask for the registry functions at all... its bad practice to use the registry for storing non-persistent user space values like that... a better way to do this would be to use a binary encoded (most likely a .cfg or .ini) file to store the settings. that way you don't need to run it with elevated perms. Or at least it wouldn't if you don't have it installed in the system files [I think that when it came with windows it was installed in the C:\windows\[games\] folder..] but even then I think that they could've saved to %appdata%\games\solitaire which you would have ring 3 write access [as that is the reason for the %appdata% file after all]..... now that I think of it IDK if fopen can resolve path envar ejections [ie the %% in "%appdata%\games\solitaire"] though I think that User32 has a function for that if it doesn't do it on fopen call... working with system32 in general is kina stupid because there is 2 versions of each function an ascii version (as denoted by the "A" postfix on the system call) and the 16 bit Unicode version (as denoted by the "W" [standing wide because it it uses WCHAR_t (aka short) as its string type] postfix on the system call)
@raffaelemormile9199
@raffaelemormile9199 Жыл бұрын
hiii i need help is there i way to change a game that isn't been made in my language (italian), this is a word game that has ofc english vocabulary, i just want to put the italian vocabulary to play in italian. I dont care if the graphic is in english, just want to put italian words... is that possible with ghidra... the game is Bookworm Adventures deluxe... pls if you dont how to do it PLS can you give me a contact of a person that can teach me how to do it.... o am trying this form 4 years.... thanks... :(
Random Emoji Beatbox Challenge #beatbox #tiktok
00:47
BeatboxJCOP
Рет қаралды 65 МЛН
КОГДА К БАТЕ ПРИШЕЛ ДРУГ😂#shorts
00:59
BATEK_OFFICIAL
Рет қаралды 8 МЛН
PIZZA or CHICKEN // Left or Right Challenge
00:18
Hungry FAM
Рет қаралды 15 МЛН
Software Reverse Engineering with Ghidra
31:08
CAE in Cybersecurity Community
Рет қаралды 17 М.
I Reverse Engineered this Program Automatically.
16:53
Low Level
Рет қаралды 76 М.
Intro to Hardware Reversing: Finding a UART and getting a shell
12:07
Tony Gambacorta
Рет қаралды 902 М.
Reverse Engineered old Compression Algorithm for Frogger
16:29
LiveOverflow
Рет қаралды 254 М.
Reverse Engineering Malware with Ghidra
1:13:43
Off By One Security
Рет қаралды 6 М.
Reverse Engineering RollerCoaster Tycoon | How does it work?
38:54
Nathan Baggs
Рет қаралды 257 М.
How to Crack Software (Reverse Engineering)
16:16
Eric Parker
Рет қаралды 702 М.
HackadayU: Reverse Engineering with Ghidra Class 1
1:05:06
HACKADAY
Рет қаралды 230 М.
Random Emoji Beatbox Challenge #beatbox #tiktok
00:47
BeatboxJCOP
Рет қаралды 65 МЛН