Part 1 - Reverse Engineering & Binary Augmentation / Modification (Patching) - Snipping Tool

Reverse engineering session - part 1 - Looking for a way to allow multiple instances of the Microsoft Snipping Tool to run at the same time. 2:22 How I picked Snipping Tool 4:29 What I will augment in the Snipping Tool 10:41 Using Detect-It-Easy to see how the Snipping Tool was compiled 12:44 How to copy the Snipping Tool - MUI file 14:37 Opening the Snipping Tool in IDA Free 25:08 How to determine the type of a return value from a function: BOOL vs HRESULT 26:58 I discovered the /CLIP command line parameter for the Snipping Tool. 28:08 Brief info about x64 calling convention on Windows. 40:15 Found the use of the CreateMutex API - possible place for a fix. 44:09 Found another interesting function: BringSnipperToFrontIfAlreadyRunning(int) 48:27 Checking what is inside the BringSnipperToFrontIfAlreadyRunning() function. 55:44 Setting return value from the BringSnipperToFrontIfAlreadyRunning() function to 0 in IDA as a test. 58:57 Thinking how to eliminate BringSnipperToFrontIfAlreadyRunning() function with a binary patch. 1:03:41 Applying the binary patch in HxD. 1:05:49 Testing our patch in IDA. Blog posts mentioned: "How to set up a virtual machine for your reverse engineering work on Windows." https://dennisbabkin.com/blog/?i=AAA11A00 "What do you need to become a software reverse engineer?" https://dennisbabkin.com/blog/?i=AAA11B00 You can download the binary files (patched and the original Snipping Tool) that were used in this video at: https://mega.nz/file/LTgm3ApT#Xl9l4-bZKxkhaGWoB40UJBVkGpkd75sOMaU2I5gVLAk #reverseengineering #x64 #windows #lowlevel