Thanks for being here! I hope you enjoy and get something out of this video. I will be posting any edits/updates/corrections to this pinned comment. The mistakes I've found already in post have already been marked in the video, aside from one: It was a mistake to leave making my intro for last + making it in the middle of the night such that it became the fever dream that you see today. If any other mistakes or updates are identified, I'll post them here - Thanks for watching! 1. H/T to Antoine Neuenschwander for explaining that the ‘&’ I talk about appearing in some strings at 58:36 in the video denotes which key to press when holding “Alt” to highlight or select an option. Thank you! 2. Not an error, but an update: A classmate of mine saw this video and was able to provide the name of the real Professor Brian! False Brian is reacting as you’d expect to the news…
@patrickborys34902 жыл бұрын
Hi , can you please make also the font bigger for the decompiler (this on the right side, with source code) next time :) ?
@jeFF0Falltrades2 жыл бұрын
Yes I will! Sorry about that. I probably need to bump it up in the debugger as well - I was noticing I didn’t do the same adjustment in x64dbg, and it’s needed there too. Thank you for the feedback!
@kxa5540 Жыл бұрын
Mdvo8y
@o1-preview11 ай бұрын
@@jeFF0Falltrades hey, great work! two things: using dark mode would be nice! and second, xref doesn't appear on the score string, any ideas why? I tried looking it up but didnt find it
@jeFF0Falltrades11 ай бұрын
@@o1-preview Thanks for watching and for the follow-ups! 1. I did start using dark mode in my later videos; Just took me a while to finally switch that on in my recordings. 2. You won’t see any Xrefs to strings loaded with “LoadStringW” because they are loaded by *ID*, not by address - so when a disassembler like Ghidra does the disassembling, it doesn’t recognize any cross-reference to the string address because there is no reference to the address itself; Instead the string is loaded by its resource ID.
@antoineneuenschwander83532 жыл бұрын
At 58:36 those ampersand characters are used to denote access keys shortcut. In the dialog, press the "Alt" key to reveal the access keys (underlined characters) and type "a" to switch to Standard mode.
@antoineneuenschwander83532 жыл бұрын
demo: kzbin.info/www/bejne/r6aQkoVppr-jg6s
@jeFF0Falltrades2 жыл бұрын
AHHH! Thank you so much! That makes perfect sense. I’m going to add this to the pinned comment as a correction. Thank you!
@gianbattistavivolo74492 жыл бұрын
Really high quality content here... probably the best video on this platform for a beginner (me)... please continue making this kind of videos Jeff... Love from Italy
@jeFF0Falltrades2 жыл бұрын
Grazie mille, Gianbattista - You are too kind. I’m so glad to hear you enjoyed and I plan on making more content soon! Already have some ideas in mind for next time :-) Happy New Year!
@ashleybyrd20152 жыл бұрын
I think this is the video that makes me finally understand. I like that this video is slower and explains each step plus the reasoning behind it, a lot of videos I've watched seem to just expect me to understand _why_ without explanation. Thank you so much!
@jeFF0Falltrades2 жыл бұрын
So good to hear! That’s why I started doing this series: I always had a hard time finding tutorials that took it slow and built upon concepts, so I’m at least trying to get something like that going in these. Thanks for watching!
@0100-f1v2 жыл бұрын
3 hours... this is a gift... thank you
@jeFF0Falltrades2 жыл бұрын
Haha I’m glad you think so! I’ve found that some people really like the long form, and some people don’t, so I try to mix it up - I like doing these longer vids because I know if I was starting over again, I would want someone to walk me through step-by-step. So I hope you enjoy, and don’t feel like you have to tackle it all at once ;-). Thanks for watching!
@moviezbuzz77 Жыл бұрын
@@jeFF0Falltrades Please upload more videos
@jeFF0Falltrades Жыл бұрын
@@moviezbuzz77 The ideas are there! I have a few things in the chute that I just need to find time to put together. More is coming though :-). Thanks for watching!
@kevinquintana3085 Жыл бұрын
Yup, it's a gift, and in video format
@iamtimsson10 ай бұрын
that's what she said
@b213videoz5 ай бұрын
1:37:39 well that's easy: all you really had to do was so set up a WRITE breakpoint on the SCORE (its address you did figure out and that was a hard part), so the timer would decrease the SCORE and hit your breakpoint on doing so.
@Autom_te2 жыл бұрын
This is a really good introduction to reverse engineering. After other tutorials I was always feeling lost and overwhelmed. Yours has really clear explanations and walk-through of the entire process. Thank you for your work. I am excited to learn more.
@jeFF0Falltrades2 жыл бұрын
So happy to hear as this is what I strive for - so glad you are enjoying it and I hope you continue to learn!
@user-ni9ck8iv1b7 ай бұрын
From your experience, I myself am a beginner, how would you recommend me to start learning reverse engineering by myself. Should I first learn C or assembly or any other topics?
@cochaviz Жыл бұрын
Absolutely the best intro to RE'ing I've ever seen! Directly thanks to you I've been able to crack some long-forgotten niche software my Dad uses on a regular basis. Cannot let abandoned software go to waste :) Thank you so much!
@jeFF0Falltrades Жыл бұрын
Outstanding job!!! Thanks so much for the kind words, and if you enjoy learning more, I have new vid planned for release hopefully by the end of this month/beginning of next :-). Thanks for watching!
@patrickslomian74232 жыл бұрын
Hey ,just viewed your tutorial at work :). I think your teacher (Brian) would be proud of you. I ve been struggling to learn RE for years, always kept it for later. I cant tell you, how much I appreciate that you found time for beginners like me, and explained it perfectly. Thanks !:)
@jeFF0Falltrades2 жыл бұрын
That is so nice of you to say! I truly hope it was helpful and so glad you enjoyed, Patrick!
@rednibcoding3412 Жыл бұрын
I am incredibly grateful for the good reverse engineering tutorials you create. Your detailed and slow-paced approach to teaching is really helpful. Please know that your work is highly appreciated, and I eagerly await each new tutorial. Keep up the fantastic work! Thank you!
@jeFF0Falltrades Жыл бұрын
Thank you so much and I’m so glad you enjoy!! More to come soon! Thank you for the kind words.
@fallenangel4620 Жыл бұрын
Listen to me.... After 5 months of publishing this treasure of infos. And after about 10months for me learning.... 8 can say that u are walking in same road of your teacher.... God bless u both ❤❤ This channel should be my source Now
@jeFF0Falltrades Жыл бұрын
Aw thank you! That is so kind of you to say and I’m glad you’re enjoying these!
@cashgarman Жыл бұрын
Thank you so much for taking the time to put this excellent resource together. You have a fantastic teaching style and my brain feels larger :)
@jeFF0Falltrades Жыл бұрын
Thanks for taking the time to watch it! So glad you got something out of it!
@nickthomsen Жыл бұрын
We need you back dude. Great work! Thanks a lot for sharing your knowledge. I highly appreciate that.
@jeFF0Falltrades Жыл бұрын
Hope to be back soon! Started researching the next vid a couple of months back but work/life (and some issues with YT that have since been resolved) have gotten in the way. I’ll be back soon enough though ;-) Thanks for watching!
@MidtownMadness12 жыл бұрын
I loved the Rollercoaster Tycoon video! Will definitely watch this one too when I have some time :)
@jeFF0Falltrades2 жыл бұрын
Thank you so much! Please take your time with it - As someone who had to watch through multiple times in post, it's best enjoyed in pieces ;-). I hope you enjoy!
@BryanChance11 ай бұрын
Thank you so much for your time in making this video. It's priceless!
@jeFF0Falltrades11 ай бұрын
Thanks so much for watching and so glad you enjoyed!
@mkausch13368 ай бұрын
Hey, I'm a fourth year comp sci student and just wanted to say that I loved the series and the videos were really helpful. We used ARMv8 so I wasn't a beginner by any means, but I thought that your explanations were great and fit in well with my current knowledge base. You also really broke down the use of the tool chain well which allowed me to experiment on my own with your crackme challenge. This actually was a great exercise because it allowed me to see where my knowledge gaps were when I was trying it on my own and in turn i could go back and reference the video. I must admit that ghidra has some quarks compared to watching others use IDA, but 5k for the pro version that comes with a decompiler is too much for educational exploration. Thank you so much for this.
@jeFF0Falltrades8 ай бұрын
Thanks so much for this incredible feedback! So glad to hear you enjoyed this one (I also really enjoyed making this one - it was a ton of fun), and I wish you all the best as a fellow CS grad. Hope some of the other videos here and future videos we do will also help along, and never hesitate to ask questions if you have them. Lastly: Very agreed on the IDA pricing and why I pretty much switched to being all in for Ghidra and (occasionally) IDA free :-)
@dummydummy-o7g2 ай бұрын
thanks just beginning reverse engineering hope this would be helpful wish me luck guys
@jeFF0Falltrades2 ай бұрын
@@dummydummy-o7g Wishing you all the luck in your learning journey! Keep at it!
@hexpiratorАй бұрын
Very good descrition. Now I understand much more about assembler. Thank you very much! Very long Video. I have seen the whole... 😀
@jeFF0FalltradesАй бұрын
@@hexpirator So glad you not only enjoyed, but learned from it ❤️ Thank you for taking the time to watch!
@tomkuijer494 Жыл бұрын
58:30 -ish the ampersand (&) is used to tell the window system that it should listen for that key as a shortcut for the menu option
@jeFF0Falltrades Жыл бұрын
Correct - I edited my pinned comment to reflect this as others have pointed it out, and that makes perfect sense. Thank you!
@moe429372 жыл бұрын
Before I start watching that video I would like to thank you for Rollercoaster Tycoon video I learned a lot Keep going bro :)
@jeFF0Falltrades2 жыл бұрын
Thank you so much for sharing! I love hearing this because this is the reason I enjoy making these videos - So glad to hear the video helped and hope you enjoy this one too! Thanks for the kind words and motivation.
@moe429372 жыл бұрын
@@jeFF0Falltrades I appreciate that, one day youtube will choice your videos and showing them to people who interested in reverse eng and Binary analysis and I'm sure they will be happy as me :)
@jeFF0Falltrades2 жыл бұрын
Thank you, my friend - That means a lot :-)
@xM0nsterFr3ak Жыл бұрын
58:40 The '&' in the strings are probablly accelerator key markers. Those are the underlined letters in the menu, for example 'F' for File, E for Edit,...
@jeFF0Falltrades Жыл бұрын
Thanks! Someone else also pointed this out and I’ve added a note in the pinned comment - nice spot.
@xore_1798 Жыл бұрын
Wow, I've just stumbled accross your channel. Def needs more views, it's insanely good! Thx for the great content:)
@jeFF0Falltrades Жыл бұрын
Thanks so much for the kind words! I’m so happy to have you here. Hoping to push out another one here in the next month or two (if things go to plan) :-). Thanks for watching and I hope it helped you.
@iorusoulАй бұрын
Thanks for the mini course I learned a lot :D
@jeFF0FalltradesАй бұрын
@@iorusoul It makes me so happy to hear that! I can’t wait to make some more and so glad you enjoyed!
@maratmkhitaryan9723 Жыл бұрын
You cannot import as PE, and export as PE. You have to import as RAW, then export as PE. At least in my case I had no PE option when exporting.
@TomStorey96 Жыл бұрын
The score_base_minus_0x30 is probably a pointer to a struct if I had to take a guess. And the score field is stored 48 bytes into the struct, hence adding 0x30. I believe Ghidra has the ability to handle structs if you tell it that something is a struct.
@jeFF0Falltrades Жыл бұрын
Yep, that makes sense - I don’t think I had seen the auto-variable rename like that in Ghidra before, but I like it! Thanks for that clarification and thanks for watching!
@iamtimsson10 ай бұрын
i didn't know that this was what i wanted. entertaining. goodish pace (i don't know what i would want different). thanks. very much NOW MOAR DO IT NAO
@jeFF0Falltrades10 ай бұрын
Hahaha so glad you enjoyed! More to come, but probably not right now, right now - got 2 videos in the works soon though… 👀 Thanks for watching!
@maximood-tired2 жыл бұрын
Very high quality and interesting, thank you
@jeFF0Falltrades2 жыл бұрын
Thanks so much for the kind words!
@therelatableladkaАй бұрын
1:59:40 Teacher, here how did you know that you had to perform *OR*. I was just adding the hexadecimal bytes. I didn't even get the hint that i need to perform*OR*. What's the reason for that here ? Please clear this up sir, or i won't sleep peacefully tonight. 2:01:31 yeah last night it actually did throw me off. I like to translate asm to cpp code. So i remember, i actually found that the asm code includes a structure, i successfully managed to get the fields, int, int and char. What threw me off that the structure was allocated 12 bytes. So i was confused for maybe 10 15 min again translating the asm code to see if i did wrong. But in the end, i vaguely predicted, that it maybe compiler optimization to insert padding bytes. Cause i read somewhere that our machines prefer even alignment. You might have also seen some weird nop sometimes, well they are just for paddings to have the program even aligned in the multiple of 8. Stack is although 16 bytes aligned. 2:16:34 i thought we were going for code caves, but anyways dll hijacking simple and cool.
@jeFF0FalltradesАй бұрын
Fantastic question! You are the first to ask, but I should have elaborated as those who are new to programming may not know about this concept: Bit Flags You can read more here: docs.revenera.com/installshield27helplib/helplibrary/BitFlags.htm But in short, it’s a very common practice in programming is to use bit flags, which usually use one byte to hold multiple potential values of a flag by combining values using a bitwise OR operation - using OR ensures we can combine one or more flags without overwriting a previous flag - in other words, the addition of a new flag will never create an ambiguous flag value when combined with an existing flag value, which could happen if you just added them together with addition - e.g. if you have flags 1, 2, and 3 and try to combine 1 and 2, they’ll add up to 3, and so your program will think you’re actually specifying flag 3, not flags 1 and 2 combined. Hope that makes sense and thanks for the great question!
@therelatableladka6 күн бұрын
@jeFF0Falltrades yess i did somw research on this and found out, like when we open a file, we give flags for it. For example in go we might do os.OpenFile(fname, os.RDONLY|os.Create|os.Append) Those were the flags all along ! I know now OR makes sure all the values are submitted correctly to the function without overwriting. Simple yet so much effective, it's the same in py (rw+). I didn't even notice that until you pointed it out. Have a great day !
@jeFF0Falltrades6 күн бұрын
@ Great work! So glad you found the info!
@JohnSmith-he5xg Жыл бұрын
A useful tool for you to add to your arsenal might be Cheat Engine (A memory scanner). Can really aid in finding how various values are stored, what code they're accessed by, etc. Great video
@jeFF0Falltrades Жыл бұрын
Thanks so much, John! Very familiar with Cheat Engine, and I would also recommend it to anyone wanting a smooth intro to patching/RE. I’ve thought about including it in some future videos, but I’ve had issues with YT flagging videos for any mention of it previously. I’ll say here though: A great tool for beginners (when used for good)!
@Emmet_v15 Жыл бұрын
1:42:02, It is being called from 6 sides, could get a little **dicey** lmao, unintended pun?
@jeFF0Falltrades Жыл бұрын
HA! How did I manage to miss this - I would have ridden the high of making that pun all throughout the rest of the video.
@noobsplain2 жыл бұрын
This is really quality content. Thanks so much for putting it together. Subbed and looking forward to more tutorials like this!
@jeFF0Falltrades2 жыл бұрын
So glad to hear you enjoyed! I look forward to making more soon! I think I already have a good subject for the next one :-)
@Kavukamari Жыл бұрын
Thanks Jeffo, I hope your Fall Trades go well!
@jeFF0Falltrades Жыл бұрын
They’d be going a lot better if stupid Diane Sweeney wasn’t taking attention away from my beautiful gourds with her glow-in-the-dark pumpkins - It’s nothing but a party trick, but people are too busy gawking over that spectacle to notice the quality of these gourds!
@fernandoz6329 Жыл бұрын
Nice video! I wonder why the proxied dll (@2:40:!3) suddenly get that big from merely 352kb to a whopping 2,3 MB. Is there anything we can do to keep it small or it's just an inevitable proxy side effect?
@jeFF0Falltrades Жыл бұрын
Keep in mind the cards.dll file that was 352kb was the original one (that was packaged with solitaire) so there are a number of reasons it could have been that much smaller (e.g. it was made for compatibility with a far older OS and so used much more memory efficient code/compilation flags) - we could work at reducing the size of our proxied DLL by toying with a few efficiency flags in gcc or using a packer to have it “blend in” a bit better - good spot and good question!
@thebillpepper2 жыл бұрын
Very cool, there were a lot of good tips in there. Thanks!
@jeFF0Falltrades2 жыл бұрын
So glad you enjoyed!
@bug1083 Жыл бұрын
Hey, just throwing this out since you mentioned the confusion with the '&' inside of some of the strings. Having done development with Windows forms, which are like a complex wrapper for low-level C++ GUI development, the '&' is a symbol used by Windows for shortcut keys. I'm not sure when this feature was used the most, but you can still use it today by pressing Alt in a program, and then looking at the menu items that have a character with an underscore. The underscored characters are hints for what menu item you want, if you press the same letter as the underscored character, it will open that menu item.
@jeFF0Falltrades Жыл бұрын
Thank you! Yes a few others chimed in to explain that and I appreciate it - I hadn’t seen that syntax before, but it’s kind of a neat way to denote shortcut keys! Thanks so much and thanks for watching!
@bug1083 Жыл бұрын
@@jeFF0Falltrades No problem. Love the videos. I actually found the usage in the strings to be a little funny as I didn't know that C++'s Windows GUI API used the same syntax for that feature. I thought it was a quirk with the C# Windows Forms, so it was entertaining to see it 😄
@jeFF0Falltrades Жыл бұрын
@@bug1083 Hahaha yeah, I’ve really had a laugh at some of the things that come out as happening “under the hood” when reversing software - Lots of “Wait…*that’s* how they made that work?” moments 😆
@bug1083 Жыл бұрын
@@jeFF0Falltrades Yeah haha. I only recently discovered your channel, and not sure how much you dabble in languages and asm optimization, but it might be cool to see you reverse engineer code relating to some of the more lesser known assembly calls, big ones being "vmovupd", "vmaxpd", and "vzeroupper" which are robust vector calls. I'm actually curious how often those keywords appear out in the wild with modern programs today, and what exactly they do in the context they appear in. They are more complicated and require a lot of work on my part when using GCC, you have to almost directly tell the compiler to use them when optimizing sometimes, so it's be interesting to see.
@jeFF0Falltrades Жыл бұрын
@@bug1083 That’s a good idea! I’ll have to see what kind of programs I can find (or make) that would be good for something like that.
@duckie46702 жыл бұрын
You make great ghidra tuts 45:50 this exception you get when patching in ghidra, i think is because you are overwriting with longer string and the data is static thus constant space and what you did with hex editor is basically fixed you mistake.
@jeFF0Falltrades2 жыл бұрын
Thanks so much! And yes, I think you’re right - You would think Ghidra could detect that and print an error to let you know the same, but idk - maybe it’s a more difficult problem to account for than I think. Thanks for watching!
@hanshansli22382 жыл бұрын
Thanks for the video, I really enjoyed it!!
@jeFF0Falltrades2 жыл бұрын
So glad to hear, Hans!
@CrusaderMen Жыл бұрын
Thank you! I'm learning a lot. I wanted to ask, how the functions addresses in ghidra and in the x32dbg are the same? The addresses are predefined in build time?
@jeFF0Falltrades Жыл бұрын
This can depend on if your system has ASLR enabled and a few other factors - Most executables have a preferred base address, which is what Ghidra goes off of, and - if ASLR is not enabled - x32dbg will also load the PE at that preferred address. And that base address can indeed be set at compile time, but it may not be respected by the OS (that’s why it’s called “preferred”). Hope that helps!
@20b886 Жыл бұрын
After building the DLL i keep getting 0x7b error. Couldn't find out why and was slowly losing it. Pulled it into ghidra and found out it was a 64bit. Builed again with MinGW x86 and succsefully got rick rolled . Finally, i was sane again. Thank you for this wonderful course.
@jeFF0Falltrades Жыл бұрын
"Successfully got rick rolled. Finally, I was sane again" - The universe in balance once again. Haha, thanks so much for watching and so glad you enjoyed! Great troubleshooting, too.
@Proferk Жыл бұрын
great video. I've decided to watch other videos (like this one) of yours after finishing the x86 assembly class you recently uploaded. I have one question though, why do you use PascalCase for variables and function names?
@jeFF0Falltrades Жыл бұрын
Thank you! And to your question - Where do you mean? Because I usually use snake case for functions and variables when writing my own stuff?
@Proferk Жыл бұрын
@@jeFF0Falltrades I'm talking about the labels you assign to local variables and parameters of functions in ghidra. For example, you set the variable of the score mode, to "ScoreMode" (PascalCase), instead of "scoreMode" (camelCase) or "score_mode" (snake_case)
@jeFF0Falltrades Жыл бұрын
@@Proferk Ahhh I see. TBH, I have no idea hahaha. I didn’t even realize I was using a different style in Ghidra vs VS Code until you pointed it out. I probably started doing it to differentiate my named variables vs Ghidra’s or something and it just stuck. Usually I prefer snake case for vars and functions and PascalCase for class names. Good spot haha
@citizen17917 ай бұрын
this is a really great video but near the end i thought you were going todo something like, an exe that if you launch it apply the patches to the game but don't make permanent changes to the original exe. i don't know if you already have a video on your channel but it would be great for modding
@jeFF0Falltrades7 ай бұрын
Yeah I think I get what you’re saying - we didn’t do that as much in this video/script, but if you check out my RollerCoaster Tycoon videos, those scripts do exactly that - take patches and apply them to a copy of the original EXE while leaving the original intact. This one just happened to be more focused on the DLL injection. Thanks for the feedback and for watching!
@ThaLiquidEdit Жыл бұрын
Your channel is awesome! Hope there will be more videos :)
@jeFF0Falltrades Жыл бұрын
You’re awesome! Thanks so much - and yes, on the tail end of a new one now, in fact. Stay tuned ;-)
@khneo2 жыл бұрын
Hey ! Thanks for the video, I think the ampersand is for keyboard shortcut
@jeFF0Falltrades2 жыл бұрын
Yes! I saw another comment about this and you are correct; I made an edit to the pinned comment to reflect this. That makes perfect sense in hindsight. Thanks for watching!
@im_vinodchoudhary5 ай бұрын
Great Video on Reverse Engineering
@jeFF0Falltrades5 ай бұрын
Thank you! So glad you enjoyed!
@Salsuero Жыл бұрын
& is used to denote the shortcut key in Windows menus. It converts to an underlined character when displayed.
@jeFF0Falltrades Жыл бұрын
Yep, exactly - others have pointed out the same, so I updated the pinned comment to denote this. Thanks, and thanks for watching!
@Salsuero Жыл бұрын
@@jeFF0FalltradesSorry, I got excited because I was able to contribute something I knew that you didn't... not very common when you're watching something like a training video. I was already familiar with reversing and cracking generically, but I enjoyed watching your specific breakdown vis-à-vis Solitaire and I definitely don't know everything, so there's always something to be learned by observing others. Thanks for the content.
@jeFF0Falltrades Жыл бұрын
@@Salsuero Not a problem at all! You should be excited 😃 Thanks for sharing that knowledge forward!
@CrusaderMen Жыл бұрын
Thanks a lot! This is a very clear and easy-to-understand explanation. Is there any x32debugger alternatives for mac?
@jeFF0Falltrades Жыл бұрын
So glad you enjoyed! Debugging software for Macs is tricky - I think the only GUI debugger that works on Mac and comes close to x64dbg is gdbgui. Others may have different options, but that’s the one I’ve seen used most often.
@b213videoz5 ай бұрын
I wonder if you have Svenska classes, Jeff. The way you explain I might even get it 😊
@jeFF0Falltrades5 ай бұрын
@@b213videoz Nej det vill du inte 😉😂 There are much better Swedish teachers, I’ll just stick to my machine languages thanks 😆 Thanks for watching as always!
@clovis-255710 ай бұрын
Really impressive! Thanks for this HUGE info. I'm/was looking for info to reverse engineer an old Fortran program of 140kb. Those programs might help a lot.
@jeFF0Falltrades10 ай бұрын
That’s awesome! Would love to hear you how make out with that Fortran program - that sounds like fun
@DeineRöhre-s6j2 ай бұрын
Very good video. I love it. But unfortunately the internet archive doesn´t work right now and I don´t think it will ever get online again. Do you know another source such as the internet archive?
@jeFF0Falltrades2 ай бұрын
@@DeineRöhre-s6j Thank you so much! And if it’s any consolation, Internet Archive will be back up soon - They actually suffered a cyber breach recently and are recovering from it still, so they had to take down a lot of the links for now. There are several sites on Google that claim to have the original XP solitaire, but I cannot vouch for them as legitimate - If you don’t want to wait for the archive to come back up, I’d look around Reddit or some forums where you can get real human feedback on links, and if you do find a file you’re unsure of, upload it to VirusTotal and check out the scores. I unfortunately don’t have access to my versions anymore either :-( Thanks so much for watching, though, and if you do find a good link, please feel free to share and I’ll pin it!
@majed3469 Жыл бұрын
Nice content, thank you for sharing
@jeFF0Falltrades Жыл бұрын
Thank you for watching!
@davidmichaels307 Жыл бұрын
Why does my Ghidra export sol.exe not have PE in the format selection box when I try to export sol.exe? I have "original file."
@jeFF0Falltrades Жыл бұрын
If I understand correctly, you’re trying to export a PE from the original sol.exe? If that’s the case, then “original file” is what you want, since sol.exe should also be a PE.
@salesv Жыл бұрын
What VS Code theme do you use? I really like the bloom effect going on
@jeFF0Falltrades Жыл бұрын
That would be Robb Owen’s “Synthwave ‘84”! And I don’t know if I’ll ever be able to switch from it because I love it so much.
@salesv Жыл бұрын
@@jeFF0Falltrades Thanks! I'll look it up
@he1817 Жыл бұрын
I dont know English very well and I spent a lot of time learning these and Im tired Thank you very much for your video very nice video :} but can you briefly hack a simple game as a tutorial? I really need this 1:37:56 - How did you find the timer in this part? I cant find it if it were me and I want to learn about it, but unfortunately I couldn't understand it.
@aa898246 Жыл бұрын
ur a really good teacher
@jeFF0Falltrades Жыл бұрын
Thank you, and thank you for watching!
@rbt-0007 Жыл бұрын
Best video on YT
@jeFF0Falltrades Жыл бұрын
Thank you 🙏 And thank you for watching!
@yunusaydin5177 Жыл бұрын
great job keep going
@jeFF0Falltrades Жыл бұрын
Thanks for the kind words!
@yolamontalvan95029 ай бұрын
University offers Reverse Engineering courses? Where is that? Which one? I’m interested.
@jeFF0Falltrades9 ай бұрын
In the case I’m talking about in the video, it was a course taught by an adjunct professor at the university I went to, but these days, I know of several university computer science departments who now offer reverse engineering courses (at least in the US) - a friend of mine has his own course lectures on the topic online for free at class.malware.re if you’re interested !
@tylerdaniels4601 Жыл бұрын
Really enjoying this course. I’m trying to apply it to an old application (Delta Force 2 Mission Editor), and I started very similarly with trying to patch a string in the About dialog. However, I hit a weird roadblock where I would change the string and export the program, but the text in the application didn’t change. I later found that the app actually uses text from a text.bin file, so I can change the text there and see the result in the app. I’m curious why the text shows up in a Ghidra search of the .exe file if it’s read in from an external file at runtime. Is that a pattern you’re familiar with?
@jeFF0Falltrades Жыл бұрын
Nice job! As far as the text, when you search it in Ghidra, where exactly is it showing - i.e. what section is it showing in? Knowing that can help shed some light on what exactly is going on.
@williefleete9 ай бұрын
The ampersand may mark the next character to be underlined when text is printed
@jeFF0Falltrades9 ай бұрын
Yep - I marked it in the pinned comment as well, but as others have said - it actually designates which character in the string will be used for keyboard shortcuts/access keys (which are the same ones that are underlined)! Which made a ton of sense in retrospect. Thanks for watching!
@gabrielJustGabe8 ай бұрын
How did you add nullbytes in 45:46?
@jeFF0Falltrades8 ай бұрын
Same I did as the other bytes in that section! Just put 00 in for their values as opposed to any other value, and you have a null byte. If you have questions on how to modify the bytes in general or if I can explain better, let me know! EDIT: And to be clear, I added the extra null bytes to make the string size the same as it was before we modified it, to ensure the modification wouldn’t cause issues elsewhere.
@gabrielJustGabe8 ай бұрын
@@jeFF0Falltrades I dont think I understood, when I try to add 00 in the byte edit window, it becomes another value in the program...
@jeFF0Falltrades8 ай бұрын
@@gabrielJustGabe Hm, one thing to watch out for is what text encoding is being used - in the video, this is a Unicode string, so each character is 2 bytes - so in order to make a null char, both bytes need to be 0 (so 00 00 is one null char, in other words). Not sure if you are looking at the same program or a different one, but that is the first place I would check. If that isn’t it, let me know and we can chat more.
@gabrielJustGabe8 ай бұрын
@@jeFF0Falltrades Thanks, that actually helped me to understand! Im following along with same software.
@jeFF0Falltrades8 ай бұрын
@@gabrielJustGabe Excellent! If you have any other questions, feel free to let me know! Hope you enjoy!
@NetworkITguy Жыл бұрын
Hermit status ftw!
@mariusz723810 ай бұрын
Hey, how do you do that the x32dbg when dragged sol.exe on it opens the actual game window, on my side nothing happens. The process itself (the solitaire game) exists within x32dbg's process but there is no window for it.
@jeFF0Falltrades10 ай бұрын
Hey! Make sure that your debugger is not stopping on a breakpoint (check the bottom-left corner of the debugger which will say “Paused”). If it is Paused, hit the “Run” button or press F9 to get the program to proceed; That should pop up the game window and let the program proceed, assuming there are no other breakpoints or exceptions taking place (the debugger will let you know in the bottom-left and bottom pane if there are any breakpoints or exceptions). Hope this helps, and if not, let me know so we can troubleshoot further
@mariusz723810 ай бұрын
@@jeFF0Falltrades Thanks, it worked. But still pretty weird that i got some entry breakpoint and 1 exception.
@manishtanwar989 Жыл бұрын
Sir can we predict the result of game by previous results in card games
@jeFF0Falltrades Жыл бұрын
The game state is only tracked per game, so you could potentially predict the result of the game for the *current* game based on moves (some games of Solitaire actually do this and end the game when it is unwinnable), but I do not think you could do any prediction based on past games’ results in this case.
@manishtanwar989 Жыл бұрын
Can you help me to predict game result And can you teach me how to predict the result please
@tiernanmorgan8 ай бұрын
can you reverse engineer a slot machine if you know how much its programmed to pay out and know the seed is constantly changing for time of day
@jeFF0Falltrades8 ай бұрын
You can RE just about anything! But it probably wouldn’t gain much in the way of winnings or anything but knowledge of how the machine works. Would be really fun to do - most modern ones work similarly and are pretty much just based in stats and probability.
@tiernanmorgan8 ай бұрын
@@jeFF0Falltrades i was thinking about the russian hacker dude who did it on older ish machines still prng. had his phone buzz before payouts after filming twenty or so spins. as well as this video kzbin.info/www/bejne/gKqsiIR_md2UhaMsi=9Apc9MAR9z_NgSL8 that machines have to leave the factory paying out exact amount and that the seed is constantly changing every second but somehow someone figured out when and programmed it into a phone. it just interested me if i could figure out when it hits postive payouts or a minigame but not further . im not smart enough to understand the prngs yet though.
@googleaccountuser3116 Жыл бұрын
The & symbol you are asking about in "st&andard" means that the next letter in this case a will be underlined and if you press a on your keyboard it will select that item. So it provides a quick way to navigate the menu with the keyboard. Although I see it doesn't seem to underline on your end. That said pressing a inside that menu should still work but it could be broken. Select vegas first so the submenu is active, it only works within an active menu so this isn't global. You don't seem to use windows very often which is a good thing I suppose, to refresh the registry or any window for that matter just press F5. 😉
@jeFF0Falltrades Жыл бұрын
Thanks! Others have mentioned that and I updated the pinned comment with the correction - makes perfect sense in retrospect!
@uzisquad6568 Жыл бұрын
I don't have the Portable Executable format. Could someone help me?
@zer0k4ge7 ай бұрын
You figure it out Im having the same issue
@jamesbossingham9694Ай бұрын
I would like to know how to take parts of one game and at it to another game
@jeFF0FalltradesАй бұрын
@@jamesbossingham9694 Interesting concept! Something like that comes down to how alike the underpinnings are of the games: Do they use the same engine? If not, this becomes significantly more challenging unless you translate code/assets from one engine to the other manually. This is essentially the same as borrowing “concepts” from one game, and reimplementing those concepts yourself in a different engine (like when people remake classic Ninentdo games in Unreal Engine. If the games use the same engine, on the other hand, you’d still have a significant challenge in reverse engineering the parts of the game you want to cut/paste over to another game unless you have access to the source code of the game. Hopefully that helps shine some light on this interesting concept!
@jamesbossingham9694Ай бұрын
@jeFF0Falltrades ok so let me make sure I'm reading correctly I would have to copy all the game code paste it into a game engine like unity and then copy and paste the code fron the other game i want.
@jeFF0FalltradesАй бұрын
@ Simplified - yes. The problem becomes: * Most game code is not openly accessible and would have to be reverse engineered to understand (though there are some open-source versions of games published online) * You’d have to check the applicable terms and conditions attached to both games to sort out the legality of reversing the games (usually, if you’re not selling any part of the result, and simply using it for education, you should be okay but IANAL :-))
@jamesbossingham9694Ай бұрын
@jeFF0Falltrades I'm just looking to add part of Rocksmith2014 to tone lib jam for my own use
@outkast9882 Жыл бұрын
the god is back
@jeFF0Falltrades Жыл бұрын
Nic Cage never left us ❤️
@mrpvr Жыл бұрын
Thanks ❤
@jeFF0Falltrades Жыл бұрын
Thanks for watching!
@damicore2 жыл бұрын
sorry, but why did you use msys2 instead of wsl?
@jeFF0Falltrades2 жыл бұрын
I could have used WSL, but I wanted to try to account for folks who probably didn’t want to set WSL up if they hadn’t already just for the tutorial, so MSYS2 seemed like a lightweight solution for Windows users who don’t have WSL already ready to go to quickly follow the build process without configuring a bunch of options.
@jordankostov7581 Жыл бұрын
Heya JeFF! This tutorial is a real gem! you helped me get better at my hobby and that is modding :). I have a couple advanced questions. I have a game injected with a DLL file by replacing existing one - just like the way you do it this tutorial. When the injection is loaded i want to run a code that make code of the binary between two addresses become NOPs. I created this function: void SetNop(const char* address, const int length) { char* startAddress = address; const int numNops = length; for (int i = 0; i < numNops; i++) { *(startAddress + i) = 0x90; // Set the byte to the NOP opcode } INFO
@jeFF0Falltrades Жыл бұрын
Nice!!! One place to start to look is to see if the memory is writeable - typically it won’t be by default. You can get around this by using a function like VirtualProtect() or WriteProcessMemory() to set the permissions on the section where the code you’re trying to modify is to be writeable.
@jordankostov7581 Жыл бұрын
@@jeFF0Falltrades it took many hours, sweat and blood... but i did it. Thank you so much! :)
@jeFF0Falltrades Жыл бұрын
@@jordankostov7581 Congratulations on persisting! You should be proud!
@jordankostov7581 Жыл бұрын
Thank you Jeff! With my newly acquired knowledge i was thinking how much can be accomplished in terms of migrating my assembly patches to the DLL injection and i got some design questions in mind. If you have any tips regarding them it will be great. Questions: 1. In the video above you impersonate the existing DLL by bypassing it. However the bypass requires the original DLL 4 functions to be defined in the export file so they are still available for the binary to use. What if the original exe had 400 functions? Do you have to define them all manually or there is another approach? 2. I do noticed that you can do the following type of patches quite easily the DLL injection: - change existing binary variables - complete rewrite of existing binary functions But what if there is function that is very large in size and i want to modify just part of it? What will be the most common-sense way approach that? Will I have to use assembly again or there is a better way to modify in C++? What if i want to add the function code ? With normal assembly a jump is done to a empty space at the end of the binary where the new code resides, then after it is executed it goes back to the function. Is there a better approach with the DLL injection where the new code is kept at the DLL instead? 3. What are your thoughts on going around Windows 10 D.E.P. ? As the game we mod gets more (and more complex) patches, player with D.E.P. enabled had their game crashing and even refusing to start. This behaviour is of course based on pure assembly patching with hooks. Will the DLL injection method help me go around that issue? May be questions are not defined really well. :)
@Lorendrawn9 ай бұрын
Show the intro to professor true brian
@TuoiLevan-n4i3 ай бұрын
It's too difficult for me to study all my life and not even know it.
@jeFF0Falltrades3 ай бұрын
@@TuoiLevan-n4iThe initial learning curve is tough, but I promise it’s not insurmountable :-) It just takes practice and willingness to keep trying and seeking answers, even if you get stuck.
@Salsuero Жыл бұрын
You didn't patch out the -100 after explaining that it was hard-coded.
@jeFF0Falltrades Жыл бұрын
At which timestamp?
@Salsuero Жыл бұрын
@@jeFF0Falltrades1:49:32
@alexandrohdez3982 Жыл бұрын
👏👏👏
@themaniacboy Жыл бұрын
Hello, I really liked your video although I'm not experienced at all in RE, but I'm certainly willing to learn more about it! Quick question, could you reverse a game dll file? It's needed for modding a game called Duke Nukem: Manhattan Project, because it's really restricted now. The file is called "duke_base.dll". Would really appreciate it if you could help in any way.
@arushford Жыл бұрын
You didn't waste your time, it's cool for different reasons than you said, you don't sell you acting jokes very well, they're bad to begin with. I can't believe people still think rick rolling is a thing in 2023. See ya round!
@brianredbeard Жыл бұрын
I spent 30 seconds searching: Brian Deep
@jeFF0Falltrades Жыл бұрын
Nice! I should have known to enlist another Brian in his search…a classmate of mine also saw this vid and let me know the day after it was published, too. Thanks to you both for that, so I can find him and let him know just how much he inspired me (and hope he never watches the other insanity of my videos…). Thanks for watching!
@skeleton_craftGaming Жыл бұрын
I would be suprised if [User/System]32 has a key mask for the registry functions at all... its bad practice to use the registry for storing non-persistent user space values like that... a better way to do this would be to use a binary encoded (most likely a .cfg or .ini) file to store the settings. that way you don't need to run it with elevated perms. Or at least it wouldn't if you don't have it installed in the system files [I think that when it came with windows it was installed in the C:\windows\[games\] folder..] but even then I think that they could've saved to %appdata%\games\solitaire which you would have ring 3 write access [as that is the reason for the %appdata% file after all]..... now that I think of it IDK if fopen can resolve path envar ejections [ie the %% in "%appdata%\games\solitaire"] though I think that User32 has a function for that if it doesn't do it on fopen call... working with system32 in general is kina stupid because there is 2 versions of each function an ascii version (as denoted by the "A" postfix on the system call) and the 16 bit Unicode version (as denoted by the "W" [standing wide because it it uses WCHAR_t (aka short) as its string type] postfix on the system call)
@jw20010 ай бұрын
Thanks for video but the XP solitaire sourcecode is in the leaked XP sources available from internet. Im not promoting it but just telling the fact
@Nunya58294 Жыл бұрын
So I took on my first reverse engineering project to reverse a bootloader. I'm proud to say I'm very successful in my project! It's shockingly fun too haha
@jeFF0Falltrades Жыл бұрын
That’s awesome!!! Many wouldn’t think it, but RE can be a blast under the right circumstances. Thanks for watching!
@raffaelemormile9199 Жыл бұрын
hiii i need help is there i way to change a game that isn't been made in my language (italian), this is a word game that has ofc english vocabulary, i just want to put the italian vocabulary to play in italian. I dont care if the graphic is in english, just want to put italian words... is that possible with ghidra... the game is Bookworm Adventures deluxe... pls if you dont how to do it PLS can you give me a contact of a person that can teach me how to do it.... o am trying this form 4 years.... thanks... :(