WEBVTT 1 00:01.400 --> 00:02.930 Hello and welcome back. 2 00:02.930 --> 00:07.880 In this lesson, we are going to learn how to use the exchange instruction. 3 00:08.360 --> 00:10.310 So there are two main forms. 4 00:10.310 --> 00:13.430 The first one is exchange register and register. 5 00:13.700 --> 00:17.030 The second form is exchange memory and register. 6 00:17.780 --> 00:24.680 So what it does is to swap values between the two registers, or to swap values between the memory and 7 00:24.680 --> 00:25.580 the register. 8 00:26.180 --> 00:33.290 So let's open up our x64dbg and now the template program and start keying these instructions. 9 00:34.220 --> 00:35.810 We put a breakpoint here first. 10 00:37.840 --> 00:38.170 Then, 11 00:38.170 --> 00:40.180 now we type our instruction. 12 00:40.180 --> 00:47.050 The first one is exchange XCHG - -. 13 00:48.850 --> 00:49.750 Okay. 14 00:49.750 --> 00:54.040 And the second one is - we will do it later. 15 00:54.040 --> 01:00.430 So we put a breakpoint, we run, and then we step over until we come to this instruction. 16 01:00.820 --> 01:05.200 Now we are going to put a value in - in -. 17 01:05.320 --> 01:09.280 So you right-click - first and we modify the value there. 18 01:09.880 --> 01:16.360 Let's say we put three in -, and then we right-click on -. 19 01:17.500 --> 01:19.090 Modify the value. 20 01:19.090 --> 01:21.640 And let's say we put five here. 21 01:22.270 --> 01:26.050 So now we have three in - and five in -. 22 01:26.260 --> 01:29.440 And now we are about to execute this instruction. 23 01:29.440 --> 01:32.140 So let's step over and see what happens. 24 01:32.140 --> 01:33.340 So we step over now. 25 01:33.670 --> 01:38.080 And you notice now the values have swapped places. 26 01:38.800 --> 01:43.120 Five has gone up to - and three has gone down to -. 27 01:43.720 --> 01:45.700 Now let's take a look at the second one. 28 01:46.540 --> 01:48.340 Exchange memory with -. 29 01:48.430 --> 01:51.100 So now we have to put a value in memory. 30 01:51.100 --> 01:55.420 So let's go to select dump one and let's go to the memory map. 31 01:55.420 --> 01:56.620 Select data. 32 01:56.620 --> 02:00.880 Double-click on it and let's choose a blank memory here. 33 02:00.880 --> 02:04.060 Let's say this - where this memory address here. 34 02:04.270 --> 02:06.940 And let's say we put 1234. 35 02:08.440 --> 02:09.340 We select 36 02:11.060 --> 02:11.870 all this, 37 02:11.870 --> 02:15.110 and then we put 1234 binary edit. 38 02:16.760 --> 02:22.760 So it will be in reverse endian, reverse format because of little-endian. 39 02:22.760 --> 02:24.050 So let's see. Okay. 40 02:24.860 --> 02:27.920 So now we have 1234 there in this address. 41 02:27.920 --> 02:28.910 So let's copy that. 42 02:28.910 --> 02:32.510 Right-click this address and copy that address. 43 02:32.840 --> 02:37.160 And now we go up to this line and let's press spacebar. 44 02:37.700 --> 02:39.230 Type XCHG. 45 02:41.330 --> 02:48.410 And then put our memory keyword pointer, the hex prefix, 46 02:48.410 --> 02:53.630 and then we paste our address that we have copied and we type -. 47 02:54.680 --> 02:57.500 So now let's put some value in -. 48 02:58.820 --> 03:05.960 Over in -, let's put five six seven eight, modified, and then type 5678. 49 03:07.900 --> 03:08.410 All right. 50 03:08.410 --> 03:10.930 So now - has got 5678, 51 03:10.930 --> 03:14.050 and this address in memory has got 1234. 52 03:14.050 --> 03:16.270 So it's supposed to swap places. 53 03:16.270 --> 03:19.300 So let's execute this line now. 54 03:20.940 --> 03:25.740 And you see one two three four has swapped into -. 55 03:26.370 --> 03:30.450 And it has reversed the order here. It was 3412, 56 03:30.480 --> 03:32.460 so over here it became 1234. 57 03:32.460 --> 03:36.330 And here five six seven eight has gone into the memory instead, 58 03:36.330 --> 03:40.950 and it has reversed the reverse order because of little-endian. 59 03:41.100 --> 03:43.590 It becomes five six seven eight, but in reverse order. 60 03:43.920 --> 03:47.940 So this is how we can use the exchange instruction in the x64dbg. 61 03:48.330 --> 03:50.250 So that's all for this video. 62 03:50.250 --> 03:51.540 Thank you for watching.