flat assembler
Message board for the users of flat assembler.
Index
> Windows > How to combine import table and code section as one? |
Author |
|
revolution 09 Apr 2021, 18:11
There are already lots of minimal PE examples on this board.
|
|||
09 Apr 2021, 18:11 |
|
FlierMate 09 Apr 2021, 19:50
revolution wrote: There are already lots of minimal PE examples on this board. Thanks for your reminder. I saw you actually told the same thing to a forum member in 2011. bitRAKE's minimal PE example is impressive. I can only get 1536 bytes at minimum using macro without hardcoding the binary format manually. |
|||
09 Apr 2021, 19:50 |
|
Tomasz Grysztar 09 Apr 2021, 20:56
There used to be this simple example in the fasmw package, which assembles to 1024 bytes:
Code: ; Beer - example of tiny (one section) Win32 program format PE GUI 4.0 include 'win32a.inc' ; no section defined - fasm will automatically create .flat section for both ; code and data, and set entry point at the beginning of this section invoke MessageBoxA,0,_message,_caption,MB_ICONQUESTION+MB_YESNO cmp eax,IDYES jne exit invoke mciSendString,_cmd_open,0,0,0 invoke mciSendString,_cmd_eject,0,0,0 invoke mciSendString,_cmd_close,0,0,0 exit: invoke ExitProcess,0 _message db 'Do you need a place for the beer?',0 _caption db 'Desktop configuration',0 _cmd_open db 'open cdaudio',0 _cmd_eject db 'set cdaudio door open',0 _cmd_close db 'close cdaudio',0 ; import data in the same section data import library kernel32,'KERNEL32.DLL',\ user32,'USER32.DLL',\ winmm,'WINMM.DLL' import kernel32,\ ExitProcess,'ExitProcess' import user32,\ MessageBoxA,'MessageBoxA' import winmm,\ mciSendString,'mciSendStringA' end data |
|||
09 Apr 2021, 20:56 |
|
FlierMate 09 Apr 2021, 21:33
Tomasz Grysztar wrote: There used to be this simple example in the fasmw package, which assembles to 1024 bytes: Thank you, this is what I needed. And it actually opened my laptop CD tray if I click Yes. It still works, and Windows Defender does not complain anything.
|
||||||||||||||||||||||||||||
09 Apr 2021, 21:33 |
|
bitRAKE 10 Apr 2021, 15:09
IIRC, the 64-bit version of WinXP has a very relaxed loader - I could make under 400 byte EXEs. On Win10 the loader is more strict and security enforcing (especially with regard to subsystem 10 programs). fasm(g)'s DATA {type}/END DATA make it very easy to merge sections and just use the directory table. Sections are only needed for memory semantics/protections.
An alternate perspective, rather than aim for small PE, make as much of the file zero bytes as possible (to maximize compression). The entry address and image base can both be zero. It requires combination of many techniques. |
|||
10 Apr 2021, 15:09 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.