Cheat Engine

ThereIsNoSpoon

Hey all,

I want to flex my reverse engineering skills, so I had a thought - writing your own small apps seem to be a perfect choice to get the basic knowledge of how the struff works. But not necessarily.

Every single application I try to wrote and analyze by IDA is full of crap and especially, its missing these esential parts of code I would like to analyze.

Lets assume I have an application, looking like this:

Zanzer · Posted: Sun Nov 01, 2015 4:17 pm Post subject:

I'm assuming you're compiling the code in a Debug Build instead of a Release Build? Fix that.

ThereIsNoSpoon · Posted: Mon Nov 02, 2015 12:07 am Post subject:

I am using Release Win32 settings to compile my stuff.

I've somewhat solved my problem by exporting functions and compiling into DLL's.

STN · Posted: Mon Nov 02, 2015 8:54 am Post subject:

These are VC libraries. Use windows API instead of console and your output should be similar to the crackmes you see.

When you generate in Debug mode, you can get a nice pdb file that Ollydbg can use and will tell you what each asm instruction stands for what code in C++. VC can debug itself if you include browse information from compiler settings.

This is indeed a great way to learn.

ThereIsNoSpoon · Posted: Mon Nov 02, 2015 1:52 pm Post subject:

Many thanks for your reply STN.

I did some research, searching for the most basic definition of windows API application and that is what came to my mind after reading all of the stuff.

WinMain.cpp

atom0s · Posted: Tue Nov 03, 2015 2:43 pm Post subject:

You are not going through and optimizing your projects settings to remove unneeded things from the file. Instead you are just using the default settings which make use of various things like exception handling and so on.

For example, set the project to Release mode then open the properties of the project.

Some things you will want to adjust to remove some of the basic garbage is:

C/C++ -> General
- Turn off Debug Information Format (Set to none.)
- Turn off SDL checks.

C/C++ -> Optimization
- Here you can play with things to get varying degrees of output from the compiler. If you want things to be as literal to what you coded as possible, turn optimizations off.

C/C++ -> Code Generation
- Enable String Pooling to help with multiple of the same strings.
- Disable C++ Exceptions
- Disable Security Check
- Disable Control Flow Guard
- Disable Function-Level Linking (As you will not need edit and continue.)

C/C++ -> Precompiled Headers
- You can just disable these as you will more then likely not use them.

Linker -> Debugging
- Disable Generate Debug Info

This will disable a handful of the junk that gets compiled into the application. Next, if you want to remove the CRT and just use the enforced entry point, you can "reseat" the entry point by going to:
Linker -> Advanced

And set the 'Entry Point' to the one you use in your project. For example:
- For console projects, enter: main
- For window projects, enter: WinMain
- For dll projects, enter: DllMain

This is reseat the entry point and bypass the CRT initialization. This will remove all CRT usage in your application though unless you manually initialize it during runtime! So keep that in mind if you do it.

When you reseat the entrypoint, this should remove literally everything from your program except your code.

ThereIsNoSpoon · Posted: Wed Nov 04, 2015 10:38 am Post subject:

Oh my god!
I owe you a big crate of beer or nice big bootle of good bourbon/whiskey as you wish.

Once again, in a matter of couple of days, you made my day once again!
This is exactly what I have been looking for, I am so pFkn* excited.

Even my girlfriend has already noticed that something is in the air. She does not understand what or why is going on yet, but she already know that I'll be gone for another couple of weeks, haha!

Just sitting there, apparently doing nothing, stearing at code, smiling to myself and trying to think out of the box! PRICELESS.

But honestly, I reallly appreciate what you are doing for me.
Thanks man.

btw. you are creating another small atom0s ]:>

I was about the send you PM but unfortunately, I am not allowed to do this.
Please check for what is hiding in my post Smile

Hey mate,

I really do appreciate what you have already done for me. This is no joke.

I am a graphic designer and graphic department manager at well know european company producing professional sportswearing clothes.

Do you ride a bike, jogging everyday morning, or doing any kind of stuff I can help you with getting top most quality clothes? Just let me know, please.
Or maybe you need help with some graphic design, leaflets, vouchers, anything

I'll be here, to help you.
And I'll be glad and happy to help you.