Awesome comment ! Thanks

Thanks for the correction. You are correct. Sometimes I fail to articulate correctly when I am trying to remember everything for the video, I appreciate your comment

your knowledge lvl is over 9000 let that be clear

Thanks. I tried to really give this program a work out. I learnt a lot doing it. You would be correct about the video. The video frames per second of the video kept changing. It was weird. I am ditching that program as it was extremely frustrating. Live and learn :(

I have found a new recording tool. Planning to use OBS Studio. Thanks for your feedback. Let's hope that this improves things, unless you have experience with another product you can recommend? (My line in on my laptop does not like the microphone so I do record audio separately)

It's great for a parent to share an interest with their offspring. I am kinda jealous :)

@@MichaelJenkin I don't personally know of another product, but I'll ask a friend I'm seeing tomorrow about his experience.

@@Sarge2198 Awesome !

Tavaro thanks. I no longer do that. Thanks for the feedback.

Being able to concentrate on multiple sources is a good trait to aquire. Keep the music.

@@Dogsss752 1.: its not about that. I just watch vids with faster speed and music just sounds awfull. 2.: Some might just don't like the music 3.: Feel free to play ur own music while watching the vid

Looks like others have found a solution for you. reverseengineering.stackexchange.com/questions/20950/how-to-load-symbols-from-a-symbol-server-in-ghidra

That is just awesome. Very Cool.

Hey John. Thanks for the comment. We have to catch up in the non virtual world.

Yeah I keep on thinking I should catch up with people between eat-sleep-work-repeat, and fixing things on the weekends. Time gets away from me.

@@JohnStewien Oh dear, the human condition. I have this as well :(

No, not yet. Many of the DLL files I have seen of late have been DotNet and there is a great decompiler for DotNet already. I will have to poke a little more with DLL files. They are really just stored code (executable code) called on when needed so the structure and the way Ghidra behaves will be very similar.

You are very welcome

Thank you. I appreciate the feedback.

Hello, Everyone is at a different level with different skills. recommending what is good for me, might just frustrate you. My best suggestion is join the reverse engineering group on Reddit. Don't jump in with questions as they already have loads you can read about in their posts. Once you know more about what level you are at and the know the level of questions to ask, then jump in and ask. Be careful as they are a great group but do prefer it when people think about their questions before blurting them out.

Hello, Thanks for the question. You can decompile into "Approximate pseudo code". The C code it produces can't always be recompiled. It is a guess that the Ghidra program makes to try and give you code to do approximately the same thing as the binary it sees.The more reliable way to read it is in the less friendly assembly. I don't think Ghidra will produce results reliably that will do what you need. It will get close and then rely one someone to tidy up what it produces.

Thank you

mickyj@mickyj.com

you are very welcome !

Cool. I need to borrow your Assembly skills ;)

Agree. If folks want to see a real tool that's very robust, check out IDA Pro. It makes this thing look silly. The generated code from this is crap.

@@tbordelon6867 Actually if you are an reverse engineer, a skill you should probably have is writing your own tools and have a good oversight of creating software. With that it is easy to extend the functionality of Ghidra and extend its core, because it is Open Source. You are welcome to participate. IDA provides its SDK and IDA-Python scripting for this essential task. For 879$ to 3944$ you will receive your ida.key license file. It's easy like that. So what are you complaining? That there is diversity and a free alternative? That you are unable to write a filter and a decorator? That "silly" is a rock hard term to describe software and yogurt? Nice try, Mr. Guilfanov;) (i am joking) Please do not take this personal, because it is unfair of me posting this 10 months later, where Ghidra development got traction and you have now access to analyzers and scripts from many people on Github.

@pfifo fast Yes, this is called "Shift+Delete" on the old program and moving to OBS Broadcaster. Many have commented and I have listened ! Thanks for the feedback

Are you able to use reverse engineering to get full access to customizing a program? If I were to say and recommend this to you it can help form into a video idea. because some people relatively to me would love to stylized their own programs and maneuvering in say your own custom user interface can be satisfying, eye-pleasing, correct. because you would feel that, "o this plugin is MINES"! and that you can turn a dankish outdated program into its updated self.

@@MichaelJenkin Send Morpheus. Gotham needs your help.

@@MichaelJenkin Out of license retro games with encrypted executables are satan incarnating.

@@MichaelJenkin Dragon drop. Yummy .dll injectables.

He works for the NSA now bro !

Hello, If the name is in text (Ascii) or you know how it is stored, you may be able edit in a Hex editor. If you can understand Assembly language, you can edit the raw code. If you disassemble it with Ghidra you have two problem's. The first is what ever changes you make, you need to recompile the code. the second, the decompilation with Ghidra is a guess, an approximate. The code might be broken and not recompile. If you know how the executable was compiled (e.g. dotNet) then there are other better specific decompilers. So the answer to your question is a firm maybe, based on the file and what you know and how much time you have.

Thsnk you for your feedback

Done ! was it too loud or distracting ? BTW, thanks for the feedback !

@@MichaelJenkin The sparse music that was almost noise around 8 mins in, took away from what you were saying. The stuff with the drum beat wasn't as bad. Just an opinion.

@@corycourtney8923 yeah, but your opinion counts. It was free music from KZbin. I dropped it to -20 db and pumped me by 10 db and sounded fine in the editor. Then I exported and noticed it seemed a lot quieter. It was a long video and I did not like the idea of exporting it again. I should have. thanks for the feedback.

Agreed. I no longer use music. Thanks for the comment. Others that also found it painful educated me and I have listened.

Thanks for pointing that out. Sometimes between preparing, scripting, practising, recording, editing and posting, I goof. It's a lot of work and I am certainly not perfect. Thanks again for pointing it out.

Hello, I have two answers for you. Firstly, each file that needs "Cracking" is likely going to be cracked a different way each time. The only real way to crack a program is to observe what it does in the environment through many and various monitoring tools and then hope to be able to reverse engineer it. The reverse engineering would involve learning C, learning Assembly, learning how the file structure works, what it depends on and experience with working with many different types of files. Not really something I can teach over KZbin. There are so many reference resources to go through and so many different processes involved. Secondly, due to piracy, intellectual rights and ownership, I would be reluctant to crack anything. Hacking/Cracking and the like normally involves someone trying to avoid being a legal owner of a product or trying to make it do something that is outside it's technical design or licencing. I would not do this. Thanks for your comment and sorry that I can't assist.

This was a very early view of the product and how people can use it. Many others have completed decompilation of much harder EXE files. I am not attempting to compete with their Genius.

You are welcome

Not sure what that emoji means. Very small on my screen.

@@MichaelJenkin it's a gorilla. "King Kong"

@@treyv6804 Nice !!!

Hello, At the time this filmed, it was a new product and this video was just an intro into that product and the basics of pulling things apart. For me, the usefulness is in finding out how malware works. For others they want to take things a lot further. We all have different goals. There is no time to build into the videos how to use Assembly code, fix issues in the Pseudo code in C or how to pull down a whole EXE into code and re-engineer it. There are a few other KZbin channels that assume the basics (like my video shows) and then go onto deeper dives. I am not there to compete with them. For those that have the backgrounds, skill sets and time and want to pull things apart and recompile, there is enough in this video to quickly get into Ghidra and take it further with the training they already have. If you want to go further, I would suggest subscribing to the reverse engineering groups in Reddit and reading/watching the posts and comments and learn. I am sorry if you did not get anything from my video, I take that onboard and will try and provide better content from your and other comments. If you don't have the uncompiled version of something, unless you can read and write assembly code, the produced Pseudo code (Whilst it gets better and better) is only a best guess by the decompiler, what it is looking at. Programmers can use encryption, obfuscation and other debug aware tricks to make working from the code you see, very difficult. Not Impossible, just very difficult. There are algorithms (e.g. blowfish) that can make decompilation extremely difficult (if at all). Many EXE files can also be compressed and Ghidra is not going to decompress it for you. You need to recognise what you are dealing with, decompress if you can, get the code back to the raw binary before tricks were done to it, then decompile and hope it is not encrypted etc. For what I do, I have found 1 in 5 exe's were not worth decompiling. In those cases, from monitoring the environment in which it runs (on a test PC) I get the answers I need in other ways. I hope my reply makes sense to you, Thanks again for taking the time.

Thanks for the comment. Yes, I have learnt from your comment and many others. Thanks for watching the 10 mins.

Thank you. Yes I am aware about the audio but can't fix it without uploading a completely new video. I might have to at some point.

TheAmazeer fair enough. Thanks for your comment. It was early days for the product and we know it much better now. Thank you again for your comment.

Many viruses have code within them to detect if they are being debugged. I think dumping the virus straight to Assembly is the best way around those things. Many are also encrypted or rely on external bits of code to form the complete program. I would refrain from suggesting that your friend "wrote" a virus. In most places this is illegal. As it suggests it is not malicious, it is more of a Software tool that locks out a PC that is hard to disassemble. It is a challenge in reverse engineering, not a virus (I hope).

Hello, Thanks for your comment. I am sorry it was too loud and I promise to do better in the future. Thanks for stopping past.