disassembled exe file contains much more code than source

Question

I'm trying to disassemble this file but i Keep getting tons of codes added to it. Visual C++

#include <stdio.h>
int main()
{
int x = 1;
int y = 2;
printf("\rStart me UP");
x = x+y;
y = y+x;
printf("\rX is %d, Y is %d",x,y);
return 0;
} 

stuff like this is included in my code(a lot of this) , i wouldn't be able to find my own programming source if it didn't had strings.

=============== S U B R O U T I N E =======================================
.text:0041101E
.text:0041101E ; Attributes: thunk
.text:0041101E
.text:0041101E sub_41101E      proc near               ; CODE XREF: .text:00415C46p
.text:0041101E                                         ; .text:00415C5Dp ...
.text:0041101E                 jmp     sub_41C7F2
.text:0041101E sub_41101E      endp
.text:0041101E
.text:00411023 ; ---------------------------------------------------------------------------
.text:00411023                 jmp     loc_414243
.text:00411028
.text:00411028 ; =============== S U B R O U T I N E =======================================
.text:00411028
.text:00411028 ; Attributes: thunk
.text:00411028
.text:00411028 sub_411028      proc near               ; CODE XREF: start_0-18Ap
.text:00411028                 jmp     sub_41672F
.text:00411028 sub_411028      endp

Disassembled with ida pro

1. i did find my program eventually because of the strings but what if some one makes a crackme with encrypted strings etc. how would i ever be able to find the start of the crackme itself?

2. i did view tutorials i saw there programs source code was at the top of IDA Pro (like where the disassembling begins. so i had no idea where to start when i looked the tutorial, because i saw a different result ( way more codes). , so how can the have only there programs source code. and not 10000 lines of code included.???

Answer 1

What you're seeing is compiler code (I was surprised at the amount when I first started reverse engineering). There will be a function (that IDA may or may not recognize) called WinMain. That is where the usercode will start. The newer versions of IDA are quite good at recognizing compiler code.

The truth is, the more you reverse programs, the more familiar you will get with compiler code. Soon enough you will be able to skip right past it and straight into WinMain. Keep it up and don't get too disheartened :)

Answer 2

What you see along you compiled code is the C runtime prologue and epilogue. That is some code which is executed before and after your program to open / close streams, prepare some structures and parameters (like the argc/argv main parameters) and so on.

You can see the source of these (that consist in both c and assembly code) e.g. in c:\Program Files\Microsoft Visual Studio 8\VC\crt\src\ (for MSVC2005). It may need to check the runtime source component at installation time of Visual Studio.

Answer 3

I asked a related question on a different architecture (Going through AVR assembler "hello world" code) to understand what was going on and to learn assembly.

Comments suggested that before a program starts there is a lot going on added by the compiler so that it works on different architectures. In my case it would zero the ram allocated and initialize interruptions and stuff like that. AVR is a microcontroller so there is much less in the initialization but I guess that more things have to be initialized for a C++ program running on windows.