flat assembler
Message board for the users of flat assembler.
Index
> Windows > Smallest Win32 PE.. Goto page 1, 2 Next |
Author |
|
veach1 17 Oct 2005, 06:44
Some times ago there was russian MessageBox compo.
_________________ dream of mind creates a monster Last edited by veach1 on 17 Oct 2005, 10:33; edited 1 time in total |
|||||||||||
17 Oct 2005, 06:44 |
|
revolution 17 Oct 2005, 07:57
I wonder what would happen if you ran that in DOS?
|
|||
17 Oct 2005, 07:57 |
|
revolution 17 Oct 2005, 08:03
If anyone wants to run it on WinXP SP2 use this:
Code: LoadLibrary equ 0x7c801d77-image_base ;hardcoded address MessageBox equ 0x77d804ea-image_base ;hardcoded address |
|||
17 Oct 2005, 08:03 |
|
FrozenKnight 17 Oct 2005, 10:53
The reason this works the way you made it is because you told it that the PE start location is the MZ dos start location. since windoes has already set up the 32 bit memory segiment for the PE file the Addresses already in memory. since you've already pre loaded the Addresses windows doesnt have to look them up from the import table.
|
|||
17 Oct 2005, 10:53 |
|
Ancient One 18 Oct 2005, 03:02
Quote:
i think it just execute the contents of nt headers. how about the stack and heap (reserve/commit)?.. the info had been deleted from the above program. the last field of optional header is the subsystem..OllyDbg cannot load this program also. |
|||
18 Oct 2005, 03:02 |
|
Reverend 18 Oct 2005, 12:19
Ancient One wrote: how about the stack and heap (reserve/commit)?.. the info had been deleted from the above program. the last field of optional header is the subsystem..OllyDbg cannot load this program also. |
|||
18 Oct 2005, 12:19 |
|
RedGhost 18 Oct 2005, 23:22
hmm, my windows wont let a binary be compiled under 1kb, is there a trick to this??
i have windows XP home sp2, but i noticed the same on sp1 _________________ redghost.ca |
|||
18 Oct 2005, 23:22 |
|
Ancient One 19 Oct 2005, 03:00
Rev. yup.. i think this is the smallest working pe executable in the world ...
RedGhost, u need to build the headers manually by using compiler that can output flat binary like fasm. |
|||
19 Oct 2005, 03:00 |
|
shism2 19 Oct 2005, 03:54
You could probably make it even smaller ...... I think by using some hash routines......
|
|||
19 Oct 2005, 03:54 |
|
polygon7 19 Oct 2005, 12:57
shism2 wrote: You could probably make it even smaller ...... I think by using some hash routines...... I saw something similar (smallest PE exe) in Assembly Programming Journal (i think it was in vol 2). _________________ best regards p7 |
|||
19 Oct 2005, 12:57 |
|
r22 19 Oct 2005, 21:58
You can shave bytes off the code part by assuming eax will be 0 at start and setting up the stack before the calls.
Code: ;;same code minus the xor eax,eax push eax call @f db 'small',0 @@: call @f db 'hello fasm.',0 @@: push eax call @f db 'user32',0 @@: call LoadLibrary Call MessageBox ret doesn't shrink the resulting file size though o well |
|||
19 Oct 2005, 21:58 |
|
Ancient One 20 Oct 2005, 01:35
i don't think we can create any smaller file than this.. btw, anyone can try this on other Windows version (9x, etc)?? not sure whether it can be run on all version of Windows.
|
|||
20 Oct 2005, 01:35 |
|
Reverend 20 Oct 2005, 20:05
You can do the trick as intro-coders do. Write a program that will pack the whole exe with some strong compress algo (but small depacking routine needed) and write the result to the .com file. Given .com file would consist of the depacking routine and code that will run the program after decompression. But as the method is rather good (20kB to 4kB even) I don't know will the ratio be lower than 100% even after compression as the data is really small
Ancient One: It won't work under win9x. First: win9x loader works only on files >=1024 bytes. Second: Addresses here are hardcoded and they are different on nt-based and on 9x systems. Third: On win9x eax is equal to ImageBase at the beginning, and on nt-based it's equal zero (and this functionality, we have used to shrink the code even more). |
|||
20 Oct 2005, 20:05 |
|
Ancient One 21 Oct 2005, 02:31
rev, i dont think thats true. i remember testing a 300+ bytes pe long time ago and its work fine on win98. i know the hardcoded address must be changed on different windows version.. portability is not the goal here . i just want to create the smallest possible pe program that can be run...just for fun .
|
|||
21 Oct 2005, 02:31 |
|
Reverend 21 Oct 2005, 16:51
As far as I know win9x returns "Program is not correct Win32 Image" or something similar. It doesn't even load it to memory.
|
|||
21 Oct 2005, 16:51 |
|
RedGhost 22 Oct 2005, 02:37
if i extend one of the message box strings too far
i get the error "invalid value" on Code: rb 64-(sizeof.code)-2-4 would someone please explain to me why this is? _________________ redghost.ca |
|||
22 Oct 2005, 02:37 |
|
vbVeryBeginner 22 Oct 2005, 03:20
Quote:
if u got larger sizeof.code, the 64 - ur size would result negative value. |
|||
22 Oct 2005, 03:20 |
|
RedGhost 22 Oct 2005, 03:39
vbVeryBeginner wrote:
doh, that should be pretty obvious hmm, since i dont really understand the inner workings of a pe header, i simply tried to increment 64 to match the changes in the increase of bytes in the code, but that rendered the exe as invalid, it simply creates a console window then exists _________________ redghost.ca |
|||
22 Oct 2005, 03:39 |
|
Ancient One 23 Oct 2005, 00:19
RedGhost.. the dos header is a fixed sized structure.. exactly 0x40 bytes.. i put the Win32 code inside the dos header, between the first field ('MZ' signature) and the last field (offset to nt header).. so, we only have 0x40-2-4 bytes to work on.
Rev, i lost the code and i don't have win98 installed so i cannot put it here.. but i will try to recreate it later. |
|||
23 Oct 2005, 00:19 |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.