WEBVTT 1 00:01.820 --> 00:03.200 Hello and welcome back. 2 00:03.200 --> 00:06.680 In this lesson, I'm going to show you how to create variables. 3 00:09.520 --> 00:15.670 So to create variables, we will open the template as before. 4 00:18.150 --> 00:19.950 And then select Dump 1. 5 00:20.910 --> 00:22.260 Go to "Memory Map." 6 00:22.740 --> 00:26.520 And this time you select BSS, uninitialized data. 7 00:27.180 --> 00:32.820 The difference between this and data is that data is fixed—the constants. 8 00:33.180 --> 00:38.370 That means after you reboot the program, the data is still in the memory. 9 00:38.850 --> 00:45.720 But for BSS, whenever you reboot, everything that is there will be wiped clean. 10 00:46.320 --> 00:48.450 So that's why they are called variables. 11 00:48.450 --> 00:50.640 So you can put your variables here. 12 00:50.940 --> 00:52.890 So double-click on this. 13 00:52.890 --> 00:54.420 And in your Dump 1, 14 00:54.420 --> 00:59.010 you can make use of any of these free spaces here to create your variables. 15 00:59.370 --> 01:01.980 So let's say you want to create a variable here. 16 01:01.980 --> 01:04.230 So just select this location. 17 01:04.500 --> 01:06.960 Right-click, copy the address. 18 01:07.410 --> 01:08.970 Copy the address. 19 01:09.570 --> 01:12.120 So here, so you can store a number here. 20 01:12.570 --> 01:21.960 Now we go to your code and then hollow out all these instructions here: "Binary," "Fill with NOPs." 21 01:23.470 --> 01:25.390 And then let's write our code. 22 01:25.420 --> 01:27.580 Now let's copy a number here. 23 01:27.580 --> 01:30.520 Maybe we'll copy 12345678 here. 24 01:30.880 --> 01:36.490 So just press spacebar and then type the MOV command. 25 01:36.880 --> 01:40.300 And then "QWORD PTR," 26 01:40.660 --> 01:42.010 square brackets, 27 01:42.010 --> 01:49.120 put in the hex prefix, and then copy and then paste your address which you copied. 28 01:49.750 --> 01:52.180 And let's say we want to store the number. 29 01:52.180 --> 01:57.370 So we put hex prefix: 12345678. 30 01:58.000 --> 01:58.750 Click "OK." 31 02:01.080 --> 02:05.340 So this is how you can store a number directly into a variable here. 32 02:05.760 --> 02:12.390 Next thing, we are going to store the value in - to this location. 33 02:12.750 --> 02:14.370 So we can do that as well. 34 02:14.370 --> 02:16.620 So copy this other variable here. 35 02:16.620 --> 02:19.110 So now we have another variable—two variables already. 36 02:19.680 --> 02:22.950 So note that a variable is just a memory address. 37 02:23.490 --> 02:28.140 So now right-click this other variable and then copy this address. 38 02:28.140 --> 02:39.000 Come back here, press spacebar, type "MOV," type "QWORD" again, "PTR," and then hex prefix, paste the new variable. 39 02:39.660 --> 02:49.080 And this time we are going to move whatever is in -, say whatever is in -, we want to move over there. 40 02:49.830 --> 02:50.640 Click "OK." 41 02:51.360 --> 02:53.940 Now we put a breakpoint and we run. 42 02:54.360 --> 02:59.400 Then step over, and now you notice our two variables are there. 43 02:59.880 --> 03:03.780 They are now empty, still empty: 0050. 44 03:03.780 --> 03:10.980 Maybe this one is from the running of the program, which is other parts of the instructions— 45 03:10.980 --> 03:14.100 not our instructions, so just ignore it. 46 03:14.100 --> 03:15.510 Don't worry about 01 there. 47 03:15.690 --> 03:19.140 This variable changes all the time, so it's OK. 48 03:19.140 --> 03:21.180 We will overwrite whatever is there. 49 03:21.360 --> 03:24.420 So now let's step over and see this value copied there. 50 03:24.870 --> 03:31.200 So we step over and now you can see 12345678 in reverse order. 51 03:32.220 --> 03:35.940 Now we are going to copy whatever is in -. 52 03:35.940 --> 03:38.430 We're going to copy it into the next variable, which is here. 53 03:38.580 --> 03:48.150 Step over that, and you can see our - value, 1, is now copied here: 0000 and all the way 01. 54 03:49.110 --> 03:54.210 So this is how we can create variables for x64dbg. 55 03:55.290 --> 04:02.760 As usual, if you want to save this, you can patch: click "Patch File," and then you can give it a name. 56 04:02.760 --> 04:07.530 Maybe you want to call it "03_Variables." 57 04:10.130 --> 04:13.340 ".exe," then click "Save." 58 04:15.390 --> 04:16.170 So that's all. 59 04:16.170 --> 04:24.300 In this video, we have learned how to create variables by using the BSS segment of the memory and how 60 04:24.300 --> 04:31.710 to also write values directly into the variable, and also how to write the value in the register to 61 04:31.710 --> 04:32.520 the variable. 62 04:33.390 --> 04:33.990 So— 63 04:33.990 --> 04:38.790 and also the fact that the variables are different from constants, 64 04:39.540 --> 04:46.050 you know, in the sense that for constants—initialized data—whenever you reboot, the data is still there. 65 04:46.290 --> 04:50.310 But for variables, whenever you reboot, everything is lost. 66 04:50.970 --> 04:52.590 So that's all for this video. 67 04:52.590 --> 04:53.760 Thank you for watching.