Part 2 - Reverse Engineering & Binary Augmentation / Modification (Patching) - Snipping Tool

Reverse engineering session - part 2 - Trying to remove the bottom banner from the Microsoft Snipping Tool's user interface. IMPORTANT: The solution presented here contains a bug - make sure to watch a correction video: https://youtu.be/r4nAJmVOxYo Time Codes: ----------------------------------- 1:58 Overview of what we will be doing in part 2. 4:31 Example of how to edit a Win32 dialog resource with Resource Hacker 7:21 Why Resource Hacker didn't work for the Snipping Tool patch 10:38 Opening the Snipping Tool in IDA to analyze how it creates its main window 11:58 How are Win32 windows created: CreateWindowExW 14:54 First debugging run, looking for the CreateWindowExW call 17:02 Internals of the CreateWindowExW function: CreateWindowInternal and why we need to put a breakpoint in the deepest level function 22:07 Setting the breakpoint on CreateWindowExW. What are window classes in Win32? 26:39 Example how to set up a breakpoint on a recursive function call (kinda fumbling with it, sorry) 57:48 Exploring the function MoveWindow to set window size 59:35 Exploring the function SetWindowPos to set window size 1:03:45 How to set a conditional breakpoint on the SetWindowPos function 1:06:07 Tracing where SetWindowPos is called for our main window 1:06:34 IDA bugs 1:10:50 Call Stack window in IDA 1:11:15 Analyzing CToolbar::DoLayout function 1:18:40 More details about the SetWindowPos function 1:20:22 Testing window height modification in memory 1:21:45 Tracing where the height location is filled in 1:24:41 Stepping through the CToolbar::DoLayout function 1:26:13 Figuring out the window message for the 0x421 code 1:38:07 Continuing to step through the CToolbar::DoLayout function 1:43:56 Found the CToolbar::CalcScreenSketchBannerHeight function - analyzing it 1:49:13 Deciphering the return and the input parameters for the CToolbar::CalcScreenSketchBannerHeight function 1:54:21 Testing the possible patch location - it works! 1:55:03 Deciding how to do the patch (following an erroneous logic - watch the correction video!) 2:12:18 Applying the binary patch to the Snipping Tool 2:14:54 Testing our binary patch in IDA. References: ----------------------------------- Part 1: https://youtu.be/q47TzHkz0SE "How to set up a virtual machine for your reverse engineering work on Windows." https://dennisbabkin.com/blog/?i=AAA11A00 "What do you need to become a software reverse engineer?" https://dennisbabkin.com/blog/?i=AAA11B00 You can download the binary files (patched and the original Snipping Tool) that were used in this video at: https://mega.nz/file/6Xx3lQJY#ayH0AW11rh7ekclSDVcRzIE0nWZGEb0J-VllChFleBw #reverseengineering #x64 #windows #lowlevel