flat assembler
Message board for the users of flat assembler.
Index
> Windows > A Tiny PE Goto page Previous 1, 2 |
Author |
|
iic2 02 Jun 2011, 03:06
Quote: I use AVG on my system and the Win7 box I tested on was running Norton. Neither of them complained. Hey-Hey, I think we got a Win-Win! Try the on-line VirusTotal to be sure. This may be proof; if you running XP it's a virus. If you running Windows-7, it's not a virus anymore. Now I see the light; I bet Dollar Bill told the AV people to leave FASM along or rain_storm really DID do his homework, big-time All I got to say is timing was perfect. As for XP, now it will never die like win95 ... goldenspider-PE will go down in FASM history. Win-8 will be rain_storm ready. The world will realize soon that XP is the last true Desktop. The future only holds brainless Web-Tops for the next generation. WebTops was suppose to comes from web-site applications for any look. The OS companies lost focus and don't care if you like it or not. Here is one of the starters who when from sugar to sh^t. I think thy are trying to beat win-8 to the punch. I Hope win-8 drop the idea or provide user-choise/roll-back to at lease XP, not Vista. If it not one thing, it's the other in the computing life and coding. http://www.theregister.co.uk/2011/04/11/gnome_3_review/ I own Vista, Win-7 (32) and (64) for years but I only use XP .. sp2 is smoother than sp3 in most cases. Now I'll re-insall them all again, forever, just for testing these PE's by tomorrow. Time to re-set my old PE lab: See Screenshot below:
|
|||||||||||
02 Jun 2011, 03:06 |
|
rain_storm 02 Jun 2011, 17:16
iic2 stop ranting and get back on topic.
goldenspider have you got a version of this without the import section and MessageBox code? Just the blank pe. |
|||
02 Jun 2011, 17:16 |
|
goldenspider 03 Jun 2011, 02:05
rain_storm wrote: Just the blank pe. Not yet. Otherwise will be very interesting. ^_^ |
|||
03 Jun 2011, 02:05 |
|
iic2 17 Jun 2011, 12:29
...
... Hey rain_storm, U don't tell ic2: Quote: iic2 stop ranting and get back on topic. Ranting: To speak or write in an angry or violent manner; rave. To utter or express with violence or extravagance: a dictator who ranted his vitriol onto a captive audience. It's the latest word on the INTERNET when you want to tell someone to shut-up than doom him to shame of his own personality. Neat trick. Here's a little more, I guest ... My words are usually to sell MYSELF a new project to get back into. The pass few years of C++, JAVA, etc classes did not cut the cake. Once a Asmer always a Asmer. People here usually just ignore me until I got something to work with or when I say something that makes a little since. But one thing I can assure you of, I am not a dictator. I'm a bounty-hunter and I can show you my credentials. You can bring your home-mie too. http://www.youtube.com/watch?v=awskKWzjlhk Be nice |
|||
17 Jun 2011, 12:29 |
|
rain_storm 18 Jun 2011, 12:13
goldenspider wrote: 252 bytes of MessageBox Does it break compatibility if those null bytes are stripped from the tail end of the image? Gets it down to 232 bytes. Code: format binary as 'exe' IMAGE_BASE equ 400000h use32 IMAGE_DOS_HEADER: .e_magic dw 'MZ' .e_cblp dw 0 IMAGE_NT_HEADERS: @@: .Signature dd 'PE' .Machine dw 014Ch .NumberOfSections dw 0001h MessageBoxA db 'MessageBoxA',0 ; Name .SizeOfOptionalHeader dw OptionalHeader_End - OptionalHeader .Characteristics dw 010Fh OptionalHeader: .Magic dw 010Bh .MajorLinkerVersion db 0 .MinorLinkerVersion db 0 .SizeOfCode dd Code_End - Code .SizeOfInitializedData dd 00000000h .SizeOfUninitializedData dd 00000000h .AddressOfEntryPoint dd Start .BaseOfCode dd 0 ;UNUSED .BaseOfData dd 0 ;UNUSED .ImageBase dd IMAGE_BASE .SectionAlignment dd 4 .FileAlignment dd 4 .MajorOperatingSystemVersion dw 4 .MinorOperatingSystemVersion dw 0 .MajorImageVersion dw 0000h .MinorImageVersion dw 0000h .MajorSubsystemVersion dw 4 .MinorSubsystemVersion dw 0 .Win32VersionValue dd 00000000h .SizeOfImage dd Code_End .SizeOfHeaders dd OptionalHeader_End .CheckSum dd 00000000h .Subsystem dw 2 .DllCharacteristics dw 0000h .SizeOfStackReserve dd 00001000h .SizeOfStackCommit dd 00001000h .SizeOfHeapReserve dd 00001000h Thunk_User32: Imp_MsgBox dd MessageBoxA-2 ; .SizeOfHeapCommit .LoaderFlags dd 00000000h Thunk_User32_End: .NumberOfRvaAndSizes dd 2 .ExportRva dd 00000000h .ExportSize dd 00000000h .ImportRva dd ImportDir .ImportSize dd 0 ;ImportDir_End - ImportDir UNUSED dd 00000000h dd 00000000h OptionalHeader_End: User32_DLL db 'User32',0,0 ;.SectionName UNUSED .VirtualSize dd Code_End - Code .VirtualAddress dd Code .SizeOfRawData dd Code_End - Code .PointerToRawData dd Code .PointerToRelocations dd 00000000h .PointerToLinenumbers dd 00000000h .NumberOfRelocations dw 0000h .NumberOfLinenumbers dw 0000h .Section_Characteristics dd 060000020h Code: Start: push dword 0 ; db 68h,0,0,0,0 ; ?? push 0 (6Ah,0 is error win7) push @B+IMAGE_BASE ;IMAGE_BASE + MessageBoxA push IMAGE_BASE + MessageBoxA ;dword [esp] push 0 ;dword 0 call [IMAGE_BASE + Imp_MsgBox] ret ImportDir: dd 0 ; OriginalFirstThunk dd 0 ; TimeDateStamp UNUSED dd 0 ; ForwarderChain UNUSED dd User32_DLL ; Name dd Thunk_User32 ; FirstThunk ;dd 0 ;UNUSED ;dd 0 ;UNUSED ;dd 0 ;UNUSED ;dd 00000000h ;dd 00000000h ImportDir_End: Code_End: |
|||
18 Jun 2011, 12:13 |
|
Wasikuss 06 Aug 2011, 21:01
OK, but if I want to run it on Win7 64bit?
I have reached 518 bytes (tinype port) and I'm working to make it smaller. Is it possible to decrease exe header without breaking file in win7 64bit? edit: sorry, i didn't saw attachments before login. Yes, the smallest exe file is 513 bytes. only with "ret" instruction. If you want to save bytes in exe use space in header as data container, eg: Code: db "MZ" db 58 dup 0 ;<- here dd 60h db 32 dup 0 ;<- here dd 'PE' ... ;in some obsolete fields and after header instead of zeros padding for me it's additional 141 bytes. |
|||
06 Aug 2011, 21:01 |
|
Goto page Previous 1, 2 < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.