WEBVTT

1
00:01.880 --> 00:03.410
Hello and welcome back.

2
00:03.440 --> 00:06.050
In this lesson, we are going to study

3
00:06.710 --> 00:14.390
how we're going to implement the if structure in assembly. In C programming, we have a structure called

4
00:14.390 --> 00:15.350
if structure.

5
00:15.530 --> 00:17.300
And this is what it looks like.

6
00:18.960 --> 00:21.630
So you will have an if statement here.

7
00:21.630 --> 00:27.030
If length equals to zero, then assign one to length and then end if.

8
00:27.660 --> 00:35.820
Now if this if is going to be implemented in assembly, length would need to be created as a variable

9
00:36.120 --> 00:37.260
in the memory.

10
00:37.890 --> 00:44.760
As we have stated before, to create variables in assembly, we assign values to memory.

11
00:45.270 --> 00:48.090
So in this example here, we are going to do just that.

12
00:48.090 --> 00:49.170
Later I will show you.

13
00:49.530 --> 00:54.480
So to implement this in assembly, we will have an address here.

14
00:54.750 --> 00:57.300
And then at this address here.

15
00:57.300 --> 00:59.370
This, by the way, is just a label.

16
00:59.550 --> 01:04.050
If you are implementing this, you need to use addresses instead of labels.

17
01:04.590 --> 01:11.700
So at this address here, you will move the value stored at this address into -.

18
01:11.730 --> 01:15.600
Then you will test - with - whether it's zero.

19
01:16.050 --> 01:20.610
And then if it is zero, then this will be true, jump not equal.

20
01:21.360 --> 01:23.730
And then it will jump to this address.

21
01:23.730 --> 01:27.330
And endif is just another address here.

22
01:28.110 --> 01:32.940
If you were going to implement this using compare, then it will look like this.

23
01:32.970 --> 01:35.310
We have an address here, if address.

24
01:35.310 --> 01:40.710
And over here we move the value in this address into - register.

25
01:40.920 --> 01:42.870
Then we do a comparison.

26
01:42.870 --> 01:53.490
We will compare whether - is zero, and jump not equal will be true if - is not equal to zero.

27
01:54.000 --> 01:56.280
So it will jump over here.

28
01:56.790 --> 02:00.150
So these are the two ways in which you could implement this.

29
02:00.570 --> 02:03.210
So let's try this in x64dbg.

30
02:03.660 --> 02:07.320
I have opened template2.exe, put a breakpoint here.

31
02:07.470 --> 02:13.260
And now we have to look for memory to store this variable length.

32
02:13.560 --> 02:20.370
So we select dump one and then go to memory map and then look for the BSS segment.

33
02:20.400 --> 02:22.620
BSS is for the variables.

34
02:22.920 --> 02:25.620
Right-click on BSS, follow in dump.

35
02:25.950 --> 02:27.420
So it will be in dump one.

36
02:27.750 --> 02:32.400
So in dump one, you find that there are many empty locations we can use.

37
02:32.400 --> 02:36.780
So let us choose 0x407040.

38
02:37.320 --> 02:40.380
So this location here is already zero.

39
02:40.380 --> 02:42.030
So we don't have to do anything.

40
02:42.030 --> 02:50.640
So at this location, we assume this is an address that holds variable length, and it is already zero.

41
02:51.720 --> 02:56.370
So now we're going to move this value into -.

42
02:56.880 --> 03:00.150
So we need to copy this address here.

43
03:01.230 --> 03:05.640
And then copy address and then come up here.

44
03:06.180 --> 03:16.140
We will type MOV into -, QWORD PTR, and then the address.

45
03:19.990 --> 03:23.680
Next, we are going to test - with -.

46
03:28.780 --> 03:32.830
And then we are going to do a jump not equal to an address.

47
03:32.830 --> 03:35.020
So what address are we going to jump to?

48
03:35.020 --> 03:38.530
So for this endif here, let's choose an address somewhere down here.

49
03:38.530 --> 03:41.290
Maybe we choose this one.

50
03:41.860 --> 03:44.800
So we copy this address.

51
03:48.750 --> 03:51.780
We come here, we perform a jump not equal.

52
03:53.040 --> 03:55.920
And then we paste the address that we want to jump to.

53
03:57.410 --> 03:57.920
Yes.

54
03:57.920 --> 04:01.880
So you see, we already implemented this if statement using assembly.

55
04:02.060 --> 04:04.520
So let us run to our code here now.

56
04:04.520 --> 04:07.190
So we run, it hits our breakpoint.

57
04:07.190 --> 04:08.330
We step over.

58
04:09.680 --> 04:13.880
So now it's going to move the value at this address into -.

59
04:14.690 --> 04:19.220
If you come down here, you will see that this address, the value is zero.

60
04:19.820 --> 04:28.190
Now if it is not zero, let's say for some reason, during the execution of this pushad

61
04:28.190 --> 04:31.550
or whatever, it has written some value there.

62
04:31.700 --> 04:38.750
So to solve the problem, you just right-click and then here you just binary edit and just clean all to

63
04:38.750 --> 04:39.440
zeros.

64
04:39.950 --> 04:40.520
That's all.

65
04:42.370 --> 04:44.260
So now it shows zero.

66
04:44.260 --> 04:48.250
So now we are going to move this zero into -.

67
04:48.250 --> 04:52.210
So let's step over, and you find that now - is zero.

68
04:52.570 --> 04:55.870
Then we are going to test the value in - whether it is zero or not.

69
04:55.870 --> 04:57.310
So we step over.

70
04:58.640 --> 05:01.220
And now you notice that it is tested.

71
05:01.340 --> 05:06.230
And then when it comes to this next line, jump not equal,

72
05:07.070 --> 05:11.600
you notice that the jump arrow is grayed out.

73
05:12.560 --> 05:15.770
This indicates that it is not going to jump.

74
05:16.040 --> 05:20.810
And the reason for that is because it will only jump if not equal to zero.

75
05:20.840 --> 05:24.140
But in this case here, it is zero.

76
05:24.140 --> 05:25.430
Therefore, it won't jump.

77
05:26.090 --> 05:27.230
So this is how it works.

78
05:27.230 --> 05:31.730
So if you continue running, stepping over, it will just continue on like this.

79
05:32.510 --> 05:38.360
So this is how you implement this inside your assembly using TEST.

80
05:38.750 --> 05:40.850
Now let's repeat this with compare.

81
05:41.720 --> 05:44.150
So for compare, we do the same thing.

82
05:44.330 --> 05:47.720
We are going to use this same code here.

83
05:47.720 --> 05:52.370
So we just copy this code and paste it here.

84
05:58.860 --> 06:03.000
And then we are going to compare - with zero.

85
06:09.250 --> 06:11.530
And then we are going to do a jump not equal.

86
06:11.530 --> 06:13.600
So we just copy this code here.

87
06:15.650 --> 06:23.600
What I did was I pressed spacebar on this line here, and then I just select all this and Ctrl+C to

88
06:23.600 --> 06:27.500
copy, or right-click on the mouse to copy.

89
06:29.530 --> 06:31.450
Then I come back down here.

90
06:31.570 --> 06:34.210
Press spacebar again and Ctrl+V to paste.

91
06:34.210 --> 06:37.990
Or right-click the mouse and select paste.

92
06:39.590 --> 06:40.520
Click okay.

93
06:41.410 --> 06:44.080
So now we are here, and let's step over.

94
06:44.080 --> 06:48.910
Again, it's going to move the value in here to -.

95
06:49.180 --> 06:54.370
So assuming - is not zero, let's say we modify this to two.

96
06:56.270 --> 07:01.340
So now you step over this and see what happens, and it becomes two.

97
07:01.700 --> 07:05.240
Next, we will compare with zero.

98
07:05.240 --> 07:05.840
Step over that.

99
07:06.860 --> 07:08.270
And it has compared.

100
07:08.270 --> 07:12.200
And when it comes to the jump not equal, the arrow is grayed out.

101
07:12.200 --> 07:18.950
So this indicates again that the jump is not going to happen because - is zero.

102
07:19.400 --> 07:21.320
So that's why it doesn't jump.

103
07:21.920 --> 07:27.710
So this is how we can implement the if statements inside assembly.

104
07:28.160 --> 07:29.480
That's all for this video.

105
07:29.480 --> 07:30.740
Thank you for watching.