WEBVTT 1 00:01.870 --> 00:03.850 Hello and welcome to this course. 2 00:03.880 --> 00:09.880 In this lesson, I'm going to explain to you why we use a debugger to learn assembly programming instead 3 00:09.880 --> 00:13.660 of the assemblers like FASM, NASM, or MASM. 4 00:15.600 --> 00:23.700 Firstly, by using x64dbg, you will be familiarizing yourself with the debugger itself, which you'll 5 00:23.700 --> 00:25.530 be using for reverse engineering. 6 00:25.950 --> 00:30.330 Secondly, it also teaches you how to hollow out an 7 00:30.330 --> 00:33.360 .EXE file to insert custom instructions. 8 00:33.390 --> 00:34.560 Number three: 9 00:34.650 --> 00:40.440 You'll also be able to know how to inject added instructions using code caves. 10 00:40.470 --> 00:42.720 Code caves are those areas in the 11 00:42.720 --> 00:47.220 .EXE file which are having blank instructions or null bytes. 12 00:48.210 --> 00:54.630 Number four: how to modify existing .EXE programs to alter flow instructions. 13 00:55.200 --> 00:59.370 And number five: you also have direct access to process memory. 14 01:00.090 --> 01:05.460 This direct access allows you to hack and modify process memory itself, which you can't do if you're 15 01:05.460 --> 01:07.380 using an assembler. 16 01:07.830 --> 01:15.270 Number six: you'll also be able to modify existing functions to create or add new functionality. 17 01:15.360 --> 01:21.570 So these are all compelling reasons why you should be using x64dbg for learning assembly. 18 01:24.430 --> 01:28.960 In order to do that, you need to have an .EXE file that you are going to mod. 19 01:29.170 --> 01:35.920 So I've created an .EXE file, a 64-bit one called "x64_template.exe." 20 01:36.190 --> 01:43.450 And this is actually compiled from the source code here, which you can take a look at using any text editor. 21 01:44.470 --> 01:52.390 It is a simple program in C which has got one include library and it has got one main function. 22 01:52.540 --> 01:58.240 It creates an integer variable "a" and it has a printf, scanf, printf, 23 01:58.270 --> 01:58.690 printf, 24 01:58.690 --> 02:00.310 and then pause and return. 25 02:00.670 --> 02:03.730 So you don't really need to know how C programs work. 26 02:03.730 --> 02:08.050 But this is just to inform you how I got the template. 27 02:08.170 --> 02:11.890 I did it by writing this program, I compiled and built it into an 28 02:11.890 --> 02:12.610 .EXE file, 29 02:12.610 --> 02:14.380 and this is your .EXE file. 30 02:14.830 --> 02:21.100 If you prefer to use your own compiler, you can take this source code and compile it into an .EXE file 31 02:21.100 --> 02:24.880 and use that instead of using my example .EXE file. 32 02:25.930 --> 02:33.040 So let's take a look now at how we can open this x64_template and take a look at the content. 33 02:33.160 --> 02:37.420 So to do that, you need to have x64dbg. 34 02:37.750 --> 02:38.800 There are two— 35 02:38.830 --> 02:39.790 there are two. 36 02:39.790 --> 02:43.840 When you install x64dbg, it comes with two debuggers. 37 02:43.840 --> 02:46.360 One is the 32-bit, one is the 64-bit. 38 02:47.260 --> 02:53.590 Since we are learning x64 or 64-bit programs, we are going to use the x64 version. 39 02:53.590 --> 02:59.500 So double-click on this and then open the program which is on your desktop. 40 03:01.400 --> 03:02.450 This program here. 41 03:02.450 --> 03:07.100 You can open it by dragging it in, and then it will run in the back. 42 03:07.100 --> 03:14.270 And now you can see, if you scroll down, you can see the instructions, the entry point, and you scroll 43 03:14.270 --> 03:14.480 down. 44 03:14.480 --> 03:18.860 You can see over here this is your main program. 45 03:20.040 --> 03:21.360 The main starts from here. 46 03:22.560 --> 03:24.630 Every function starts with a push 47 03:24.660 --> 03:30.420 -, mov -, - and every function ends with a pop 48 03:30.780 --> 03:32.340 - and return. 49 03:32.460 --> 03:35.370 So this is actually the main function itself. 50 03:36.540 --> 03:44.820 And inside the main function, you can see here this is where you load the string and then call the 51 03:44.820 --> 03:45.330 printf. 52 03:46.080 --> 03:51.750 And then here is where you create the parameters for scanf. 53 03:52.020 --> 03:57.390 And this is where you have the parameters for printf, and you have a parameter for putchar. 54 03:58.110 --> 04:01.530 And over here you have a parameter for pause, 55 04:01.530 --> 04:02.940 and finally you return. 56 04:03.450 --> 04:08.070 So all these details will be taught in this course as you go along. 57 04:08.070 --> 04:11.790 And we have already seen this actually in the earlier course, 58 04:11.790 --> 04:13.560 but this is just a refresher. 59 04:14.070 --> 04:20.490 So if you want to use an existing .EXE file, you can now modify this file. 60 04:21.450 --> 04:23.760 That means you can take out all this part here, 61 04:23.760 --> 04:28.650 remove it by right-clicking and then "Binary," "Fill with NOPs." 62 04:29.520 --> 04:31.890 So when you do that, then you click "OK." 63 04:32.250 --> 04:35.070 You will get all NOPs. 64 04:35.730 --> 04:37.920 So now you can add your own code in here. 65 04:39.660 --> 04:41.790 So you can use this to insert your own code. 66 04:42.210 --> 04:44.970 So this is how I created the template file. 67 04:45.450 --> 04:49.890 So we will be making use of this concept throughout this course. 68 04:50.430 --> 04:56.100 If you don't want to use this template, you can create—you can use any other .EXE file of your preference. 69 04:56.100 --> 05:01.170 But I use this template because it's the simplest .EXE file that you can create. 70 05:01.950 --> 05:04.200 So that's all for this video. 71 05:04.200 --> 05:05.580 Thank you for watching.