Very cool demo of windows debugging.. I guess this is how people reverse engineer compiled apps and make mods/patches/cracks? Coming from web dev background I'm unfamiliar with windows dev but isn't it the case usually in production builds debug symbols are removed prior to publishing?
Thanks! Indeed they are not shipped, but Microsoft provides many PDB files (with symbols) through its symbol server to assist debugging, by default these symbols are automatically fetched by Windbg
Yes, symbol files are usually exactly what developers of closed source software try to keep away from you. Without those, you only have calls to standard libraries (and maybe external modules, which have to use visible symbols at least for their exports) to figure out what's going on.
The main difference is that with reversing “in the wild”, you aren’t given function or variable names and have to figure out what each section of assembly is doing on your own. You also have to work around obfuscation techniques which can range from annoying to nearly impossible. It’s much, much easier to be a forward engineer 😉
@ChamaraVFX In web dev, PDB is like a source map file from JS bundler. It give us the ability to "reverse minify" the bundled JS into somewhat readable JS code back to assist debugging
Hi Nir, Your content & knowledge are exceptional. I've followed all your videos and I'm really impressed. I'm curious, how did you acquire such high-quality knowledge on these low-level topics?
I really like your videos :) looking forward to the next one! When I played around with this, I replaced the instruction with "mov bl,byte ptr [eax-100]" which draws the ball sprite instead of just black :) edit: I guess it draws nothing then and just keeps the previously drawn ball :D
I'm a bit late, but I'm definitely coming in for a NEAT. Also, it would appear that after some animations the board is reset to it's original graphic, likely cause the "rest" sprite contains the background, eh?
awesome video thanks, how can the one find where to start watching the videos on your channel or from which video to start? knowing that i am already a professional programmer and i know c/c++ done some ctfs on reverse engineering studied some courses on hacking, tried some low level programs and currently studying from nand to tetris course, thanks in advance
You can play Pinball even today in modern Windows? Where did you get it and what about other games? I wanna play other old games, they were so cool. Btw awesome video I am surpised that windbg allows you to inject your own assembly into a process that is running.
Yes, I just copied the files from my Windows XP virtual machine, I assume the other games would also work, but haven't tried yet - might in a future video :)
Nice, didn't know about CheatEngine, looks cool! From what I understand it is more specifically geared towards games as compared to windbg which is Microsoft's main general purpose Windows debugger
@nirlichtman That's correct xd CheatEngine has features to find memory addresses at runtime easier. So when I was about 14, I used to use it to get infinite lives or an insane amount of damage for fun in difficult games xd When I saw what you did in your video, that was the first thing that came to mind. And it seems just as fun as that.
Ah, yes. Just reverse one of the most complicated and feature-rich operating systems out there that was build over decades by hundreds of engineers. Could be done in a weekend.
@@mianaliahmed9886 What is too slow? Your PC perhaps. M3 Max is a slow CPU nowadays when compared to an AMD 7950X. The UI on the other hand you can get on some Linux distros.
