Cheat Engine

Cryoma

I want to make slight changes to it.

TsTg · Posted: Mon Dec 24, 2012 10:57 pm Post subject:

I guess you can go disassemble it with something like PE explorer or CFF explorer, but to decompile you have to know what language was it compiled with(C++,Delphi,.etc), then google through the decompiler you'll find them.

Cryoma · Posted: Mon Dec 24, 2012 11:21 pm Post subject:

Fairly certain it was cpp, anyone know a good decompiler or have a preference?

Fafaffy · Cheater Reputation: 65 Joined: 12 Dec 2007 Posts: 28

OllyDBG is a fairly good decompiler all the pr0 h4x3rs use.

PUSHEAX_PUSHEAX · Posted: Tue Dec 25, 2012 2:17 am Post subject:

^ Don't listen to him or anyone else who posted in this thread.

If it's C++ you should use OllyDBG which is a debugger and disassembler.
You aren't going to decompile it and see all the nicely formatted code so get that out of your head. Now open the DLL will Olly and now look at all the ASM that you don't know. Then that's where your dream ends.

Or (depending on what you want to do), maybe right click the assembly window and search for all referenced text strings and that might point you in the right direction.

But if you don't know ASM or don't really understand whats happening it would be better to give up now.

the the the · Posted: Tue Dec 25, 2012 2:19 am Post subject:

PUSHEAX_PUSHEAX · Posted: Tue Dec 25, 2012 2:23 am Post subject:

Cryoma · Posted: Tue Dec 25, 2012 2:34 am Post subject:

If I just wanted to edit some gui strings I could search for those right?
Or am I way off?

PUSHEAX_PUSHEAX · Posted: Tue Dec 25, 2012 2:50 am Post subject:

Yeah, unless the DLL is packed/obfusctaed that may make things a lot harder.
Also make sure to remember you can't overwrite the previous text string with a longer one because then you will be overwriting other bits of the program (breaking it).
Once you find your string, select the line and right click, follow in dump, highlight the words, right click them and binary->edit

Then you will need to patch your program.

atom0s · Posted: Tue Dec 25, 2012 3:14 am Post subject:

Clearing some things up in this thread:
- OllyDbg IS NOT a decompiler. It is a debugger. (And in a way, a disassembler.)
- C++ binaries cannot be decompiled.
- C++ can be disassembled, and the closest to decompiled is using a plugin like HexRays for IDA.

If you are just trying to change GUI strings, just use a hex editor. If you can fit the new string where the old was, you are fine, just make sure to terminate the string properly like the other strings are in their files. (Typically null terminator is all you need which is a single 0x00 byte. If it's unicode, use two 0x00's.)

If the file is packed, in most cases the strings will be compressed / encrypted. So you will need to unpack it first.

gogodr · Posted: Tue Dec 25, 2012 3:18 am Post subject:

what does that dll does that you need to change?
sometimes its easier to try and remake something than try to hack it in order to change it.

PUSHEAX_PUSHEAX · Posted: Tue Dec 25, 2012 3:20 am Post subject:

Slugsnack · Posted: Tue Dec 25, 2012 3:53 am Post subject:

potaters: what you are saying about strings is correct but you are lacking an understanding of why that is. In fact it is possible to overwrite longer strings.

Fafaffy · Cheater Reputation: 65 Joined: 12 Dec 2007 Posts: 28

I'm impressed actually, I would admit I was wrong in that it was a disassembler rather than a decompiler (was tired and wasn't thinking straight :\) but I'm still impressed anyone on the forums really knew anything like this.
and you too, slugsnack, you seem intelligent as well.

inb4crap