WEBVTT

1
00:00.350 --> 00:00.710
Hello.

2
00:00.710 --> 00:01.520
Welcome back.

3
00:01.520 --> 00:04.730
Now we are going to do a call with five arguments.

4
00:04.730 --> 00:08.630
So we're going to have the fifth argument pushed onto the stack.

5
00:08.720 --> 00:09.830
All right, let's try it.

6
00:10.280 --> 00:14.780
So the first thing is as usual, we move our

7
00:16.820 --> 00:27.110
first argument. We move - second, we move - third, and we move -.

8
00:28.640 --> 00:35.000
Fourth. Now, we are going to use the stack to store the fifth arguments, so we must create space for that.

9
00:35.000 --> 00:37.160
So we need to sub -.

10
00:38.330 --> 00:43.970
We need 32 bytes plus 8, 32 bytes for shadow space and eight for the fifth argument.

11
00:44.360 --> 00:46.760
So we need 40 bytes.

12
00:50.880 --> 00:56.010
Now we are going to move the fifth argument into the stack.

13
00:56.010 --> 01:00.810
So to do that, we need to use this offset to - plus 32.

14
01:01.200 --> 01:03.930
So we do that, move

15
01:06.220 --> 01:08.260
- plus 32.

16
01:08.260 --> 01:13.420
And we're going to move the fifth argument there like this onto the stack.

17
01:14.830 --> 01:18.280
So fifth argument is - plus 32.

18
01:18.280 --> 01:19.540
So this is in hex.

19
01:20.380 --> 01:22.930
Then we can call our function.

20
01:24.310 --> 01:25.060
So here.

21
01:33.890 --> 01:36.740
Then we go to that function now and we are going to implement.

22
01:37.580 --> 01:40.730
Of course, we need to clean the stack after we come back.

23
01:40.730 --> 01:43.040
So add - 40.

24
01:46.410 --> 01:52.110
So because we sub 40, we also have to add - 40 to clean the stack.

25
01:52.590 --> 01:52.980
All right.

26
01:52.980 --> 01:59.460
So now in the function we will do our function prologue as usual, push -.

27
02:01.650 --> 02:04.140
We are going to move - -.

28
02:05.040 --> 02:07.530
And we're going to create four local variables.

29
02:07.530 --> 02:13.590
So we're going to sub - 32 for four local variables.

30
02:14.400 --> 02:21.180
And maybe this time now we're going to zero out the - as well.

31
02:23.090 --> 02:30.620
Then we are going to add, uh, the first number to -.

32
02:31.370 --> 02:33.800
We're going to add second number.

33
02:35.630 --> 02:42.290
And then we're going to add the third number to - -.

34
02:43.040 --> 02:49.850
And then we're going to add the fourth number to - which is -.

35
02:50.330 --> 02:52.160
Now the fifth one.

36
02:54.620 --> 03:03.530
We have to access the fifth argument, which is - plus 48.

37
03:04.720 --> 03:10.180
So over here we need to do - plus 48.

38
03:13.890 --> 03:16.710
Then we clean the stack.

39
03:16.710 --> 03:18.360
So we need to sub.

40
03:18.510 --> 03:20.610
We need to add -.

41
03:22.980 --> 03:23.670
32.

42
03:23.700 --> 03:25.170
Because over here we create

43
03:25.200 --> 03:25.950
32.

44
03:25.980 --> 03:29.640
Although we create four local variables, but we don't use it anymore at all.

45
03:29.640 --> 03:31.020
But this is just a demonstration.

46
03:31.260 --> 03:31.710
Okay.

47
03:31.710 --> 03:32.880
So we don't use it.

48
03:32.880 --> 03:35.940
So we just say we just clean it anyway.

49
03:36.480 --> 03:46.530
And now we are going to move - -, and pop -, and we return.

50
03:47.340 --> 03:48.030
That's it.

51
03:49.090 --> 03:51.760
Put a breakpoint there and run to the breakpoint.

52
03:51.760 --> 03:54.850
Move all the arguments to the registers.

53
03:54.850 --> 03:57.880
So you have 1, 2, 3, 4.

54
03:57.880 --> 04:03.610
And then we create a shadow space plus the space of eight bytes for one argument,

55
04:03.610 --> 04:04.570
fifth argument.

56
04:04.570 --> 04:08.710
So we minus - with 40.

57
04:09.310 --> 04:11.290
Then we now move on.

58
04:11.440 --> 04:16.900
We want to assign the five to the fifth argument, - plus 20.

59
04:16.900 --> 04:20.560
So according to this, - plus 32 is here.

60
04:20.560 --> 04:23.170
This is - plus 32 is in hex.

61
04:23.380 --> 04:24.760
So you move this there.

62
04:25.270 --> 04:36.430
So we step over, and then we should see our - plus 20 there. - is pointing to

63
04:37.240 --> 04:42.460
65 FD F8, 65 F8.

64
04:44.010 --> 04:46.080
65.

65
04:47.250 --> 04:47.670
F8.

66
04:55.840 --> 04:57.790
- plus 32.

67
04:57.790 --> 05:01.510
So plus 32 should be 1, 2, 3, 4 over here.

68
05:01.690 --> 05:06.760
So this is - plus 32 comes down here, five.

69
05:06.760 --> 05:10.570
So we have moved the fifth argument to - plus 32.

70
05:11.430 --> 05:12.390
- plus 32.

71
05:12.420 --> 05:16.140
Fifth argument is here, okay, so now we are ready to call.

72
05:16.140 --> 05:17.430
We step into the call.

73
05:18.150 --> 05:19.620
Then we are in a function.

74
05:20.160 --> 05:22.200
Now we're going to do the function prologue.

75
05:22.530 --> 05:25.140
Create four local variables.

76
05:28.500 --> 05:31.920
Zero out -, add - to -.

77
05:32.190 --> 05:36.960
So you get one, add - to -.

78
05:37.860 --> 05:42.390
Now we get three, add - to -.

79
05:42.510 --> 05:45.990
Now you get six, add - to -.

80
05:46.110 --> 05:47.400
Now we get ten.

81
05:47.430 --> 05:55.140
Then we are going to add - plus 30, which is - plus, not - plus, - plus 48.

82
05:55.470 --> 05:56.400
Fifth argument.

83
05:56.400 --> 05:57.480
Fifth argument is five.

84
05:57.510 --> 06:00.990
You can see from here, - plus eight.

85
06:01.380 --> 06:02.310
Look at -.

86
06:02.340 --> 06:02.790
Where is it?

87
06:02.970 --> 06:04.980
- is 65

88
06:05.910 --> 06:08.820
FDE. Over here it's shown there.

89
06:09.210 --> 06:13.440
So it contains 65 5518, which is here.

90
06:14.070 --> 06:18.900
So - is - is 65

91
06:19.680 --> 06:21.810
FDE, which is here.

92
06:23.790 --> 06:25.290
This is - over here.

93
06:25.290 --> 06:28.500
So E plus 5, 1, 2, 3, 4.

94
06:28.770 --> 06:29.400
Sorry.

95
06:29.400 --> 06:31.410
E plus, uh, 48.

96
06:31.410 --> 06:31.620
Yeah.

97
06:31.620 --> 06:32.880
So 48 should be here.

98
06:33.090 --> 06:36.240
1, 2, 3, 4, 5, 6, 6 times

99
06:36.240 --> 06:38.220
8, 48, 48 bytes down.

100
06:38.460 --> 06:40.470
So we get this five.

101
06:40.470 --> 06:42.090
This is - plus 48.

102
06:42.690 --> 06:46.020
So you dereference - plus 48, add it to -.

103
06:46.020 --> 06:48.330
So this is the fifth parameter, fifth argument.

104
06:48.540 --> 06:50.280
So you should get 15 here.

105
06:50.280 --> 06:53.100
So step over and you get 15, correct.

106
06:53.700 --> 07:04.350
So now you clean the local variables by adding - 30, - 32 clean, then clean the local stack,

107
07:05.040 --> 07:08.280
pop, and then return back to caller.

108
07:08.790 --> 07:14.730
Here you clean the stack in the caller itself by adding 40 to -.

109
07:15.780 --> 07:22.080
And you see - result has got the value 15. Step over and that's it.

110
07:22.080 --> 07:32.790
So this is how you can implement arguments, five arguments, a function call using your x64dbg and also

111
07:32.790 --> 07:34.980
use, create four local variables.

112
07:35.970 --> 07:37.290
Now that's all for this video.

113
07:37.290 --> 07:39.240
Thank you for watching.