WEBVTT

1
00:00.980 --> 00:02.060
Welcome back.

2
00:02.060 --> 00:07.190
In this lesson, we are going to go through each element of the array using a program.

3
00:08.500 --> 00:14.620
So over here, this is a program written in assembly that can help you iterate through the array.

4
00:15.940 --> 00:21.760
So as before, I've already inserted all the elements of the array in this address.

5
00:22.150 --> 00:24.820
Base address 403180.

6
00:24.820 --> 00:27.640
And then the second element at this address.

7
00:27.640 --> 00:30.910
And so on, as we have done in the previous lesson.

8
00:30.940 --> 00:34.390
So to loop through, we use this program.

9
00:34.420 --> 00:40.270
The first step is to load the address, the base address, into a register.

10
00:41.320 --> 00:44.650
So in this case, the base address is 403180.

11
00:44.650 --> 00:48.100
So we load the base address of the array into -.

12
00:48.190 --> 00:51.940
- will be our register which holds the base address.

13
00:52.090 --> 00:54.790
And then we initialize the index to zero.

14
00:54.790 --> 00:57.520
So - will be our index and also our counter.

15
00:57.700 --> 01:00.280
And we set it to zero to start off.

16
01:00.640 --> 01:02.080
Then we enter the loop.

17
01:02.080 --> 01:05.470
So inside the loop, we have a start of the loop.

18
01:06.340 --> 01:10.570
This address here will be where the instruction "move" begins.

19
01:10.720 --> 01:14.470
So load the current element of the array into -.

20
01:15.070 --> 01:21.190
So to access the first element of the array, we use the formula - plus - times eight.

21
01:21.340 --> 01:28.030
Since - is the base address, so you plus the offset, you will get the first element.

22
01:28.300 --> 01:30.970
The first offset will be - times eight.

23
01:31.330 --> 01:34.960
When - is zero, zero times eight still remains as zero.

24
01:34.960 --> 01:37.180
So you get back the first element of the array.

25
01:37.960 --> 01:39.790
Then you increment the counter.

26
01:40.580 --> 01:44.000
And then after that, you compare whether the counter is less than five.

27
01:44.000 --> 01:44.630
Why five?

28
01:44.630 --> 01:48.590
Because there are five elements inside here, so you need to go through it five times.

29
01:49.460 --> 01:53.930
And then if - is less than five, then you will jump less.

30
01:54.440 --> 01:56.900
Go back to the loop again and start all over again.

31
01:57.440 --> 02:01.970
So JL here means jump less than, and then you keep on looping like this.

32
02:01.970 --> 02:05.750
And each time it loops, it will iterate through the array one by one.

33
02:05.750 --> 02:12.890
So in the second loop, because your - is now one, one times eight is eight, so eight plus the base

34
02:12.890 --> 02:15.530
address will take you to this location here.

35
02:16.190 --> 02:19.790
And then here you retrieve 22, assign it to -.

36
02:20.120 --> 02:22.580
Then you can do whatever you want with -.

37
02:22.580 --> 02:24.410
If you wanted to.

38
02:24.410 --> 02:25.910
Next, you will increment counter.

39
02:25.910 --> 02:28.160
Counter will become, counter will become two.

40
02:28.160 --> 02:29.000
And then you compare.

41
02:29.000 --> 02:30.020
Is two less than five?

42
02:30.020 --> 02:30.380
Yes.

43
02:30.380 --> 02:31.670
And it goes up again.

44
02:31.670 --> 02:34.940
Then it retrieves the third element and so on.

45
02:35.270 --> 02:37.340
Eventually, - will be five.

46
02:37.340 --> 02:40.490
So when you compare, five is not less than five.

47
02:40.490 --> 02:44.210
So you exit the loop and continue with the rest of the code after the loop.

48
02:44.570 --> 02:51.350
So let us now go inside, inside your x64dbg and put in this code.

49
02:51.350 --> 02:52.280
So next.

50
02:52.280 --> 02:58.460
So just go to this line here and type your code, "move -".

51
02:59.630 --> 03:04.040
So you need this address. For me, it's this address here.

52
03:04.700 --> 03:07.370
So I just copy this address for you.

53
03:07.370 --> 03:10.670
It might be different depending on where you put your array.

54
03:20.810 --> 03:28.400
Then next one will be to "move -, zero".

55
03:28.550 --> 03:31.580
This will be a counter and an index.

56
03:31.850 --> 03:33.740
Then will be this one.

57
03:34.430 --> 03:35.300
Move.

58
03:37.080 --> 03:38.040
-.

59
03:54.100 --> 03:54.520
Okay.

60
03:54.520 --> 03:57.010
Take a note over here.

61
03:57.010 --> 03:59.740
You are doing the calculation within the square brackets.

62
03:59.740 --> 04:02.470
So this is permitted inside the assembly.

63
04:02.470 --> 04:04.810
So you are doing the calculation here.

64
04:04.810 --> 04:08.530
And then you are dereferencing it to access the value stored there.

65
04:08.530 --> 04:12.430
And then you assign it to -, assign it to -.

66
04:12.880 --> 04:14.560
Next, you increase

67
04:16.370 --> 04:20.900
- by one, and then you compare.

68
04:24.020 --> 04:26.000
-, 5.

69
04:28.610 --> 04:32.990
And then here is where you need to get the address of loop start.

70
04:33.020 --> 04:35.510
Loop start is where this instruction begins.

71
04:35.510 --> 04:37.460
So the instruction here is loop start.

72
04:38.870 --> 04:47.960
So we copy that address and come here and type "jump less than" and paste your address there.

73
04:49.930 --> 04:53.050
So let us check the code, make sure we entered it correctly.

74
04:53.050 --> 04:58.150
Move -, the base address 1403180, which is here.

75
04:58.450 --> 05:03.940
Then you move zero to -, then you move this into -.

76
05:03.940 --> 05:04.810
This is our.

77
05:05.020 --> 05:07.750
This formula is - plus - times eight.

78
05:08.020 --> 05:11.290
Then you increment -, you compare - with five.

79
05:11.290 --> 05:18.730
Then you jump less to the start of the loop, which is 401564.

80
05:18.760 --> 05:23.590
As you can see, when you click on this line, there's a grayed-out arrow indicating that this is where

81
05:23.590 --> 05:25.600
it is potentially going to jump to.

82
05:26.590 --> 05:27.760
So it is correct.

83
05:27.760 --> 05:33.520
So now we put a breakpoint and run to our breakpoint and then step over.

84
05:34.630 --> 05:40.030
So now it's going to move this address, base address, into -.

85
05:40.630 --> 05:44.410
So base address is 1403180.

86
05:44.470 --> 05:48.940
Step over and you can see 403180 is in -.

87
05:49.360 --> 05:51.490
Then it's going to move zero to -.

88
05:51.490 --> 05:52.060
Step over.

89
05:52.060 --> 05:53.800
And now zero is in -.

90
05:54.810 --> 06:01.740
Next is going to retrieve the value at the first element of the array, which is 11, and move it into

91
06:01.920 --> 06:02.010
-.

92
06:03.450 --> 06:05.460
And now we see 11 is in -.

93
06:06.090 --> 06:09.000
Then you increase our - by one.

94
06:09.000 --> 06:11.280
So - is now one.

95
06:11.400 --> 06:12.990
Initially it was zero.

96
06:12.990 --> 06:17.280
And then you compare whether one, whether zero is less than five.

97
06:17.310 --> 06:18.930
Yes, it is less than five.

98
06:18.930 --> 06:21.360
Therefore, it will jump up to the loop.

99
06:21.600 --> 06:27.480
The red arrow is highlighted in red, and then the jump is taken is shown down here.

100
06:28.380 --> 06:30.750
So you step over, goes back up again.

101
06:30.750 --> 06:38.370
And now it's going to retrieve the next value of the element of the array, which is 22, and move it

102
06:38.370 --> 06:39.480
to -.

103
06:39.480 --> 06:41.850
So our - is now 22.

104
06:42.300 --> 06:43.800
Increase - by one.

105
06:43.830 --> 06:45.330
- becomes two.

106
06:45.630 --> 06:46.920
Is two less than five?

107
06:46.950 --> 06:47.580
Yes.

108
06:47.580 --> 06:48.600
Jump up again.

109
06:48.840 --> 06:50.640
And now it's going to be three.

110
06:50.940 --> 06:53.700
The third element, which is 33.

111
06:54.720 --> 06:56.310
And move it into -.

112
06:56.790 --> 06:58.050
Increase -.

113
06:58.080 --> 06:59.670
- now becomes three.

114
07:00.210 --> 07:01.560
Is three less than five?

115
07:01.590 --> 07:02.010
Yes.

116
07:02.010 --> 07:02.940
Jump up again.

117
07:03.150 --> 07:06.930
And now you're going to retrieve the next element, which is 44.

118
07:08.040 --> 07:11.550
And then now 44 is in -. Increase -.

119
07:11.580 --> 07:12.900
- becomes four.

120
07:13.500 --> 07:15.330
Compare, is four less than five?

121
07:15.360 --> 07:16.050
Yes.

122
07:16.050 --> 07:17.070
Jump back up.

123
07:17.250 --> 07:19.620
Now we're going to retrieve 55.

124
07:20.720 --> 07:26.090
Step over, and after 55 is in -, increase -, - now becomes five.

125
07:26.570 --> 07:27.170
Compare.

126
07:27.170 --> 07:29.540
-, is it five?

127
07:29.540 --> 07:30.710
Is five less than five?

128
07:30.710 --> 07:31.400
No.

129
07:31.730 --> 07:33.560
So it will not jump up again.

130
07:33.560 --> 07:34.850
It will quit the loop.

131
07:35.240 --> 07:35.930
That's it.

132
07:36.440 --> 07:45.170
So this is how you can use this assembly to implement the loop that can iterate

133
07:45.170 --> 07:48.860
through the array inside your assembly code.

134
07:48.860 --> 07:55.250
And this is also how you can implement an array within your x64dbg.

135
07:55.610 --> 08:00.260
So this will be useful because when you are reversing code, sometimes you can go through the array

136
08:00.260 --> 08:06.350
directly and directly access the array in memory, and then do whatever you want with the array to alter

137
08:06.350 --> 08:09.890
the program or whatever you like to do.

138
08:10.400 --> 08:12.140
So that's all for this video.

139
08:12.140 --> 08:13.520
Thank you for watching.