flat assembler
Message board for the users of flat assembler.

Index > Windows > A Tiny PE

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
iic2



Joined: 26 Jun 2008
Posts: 122
iic2 02 Jun 2011, 03:06
Quote:
I use AVG on my system and the Win7 box I tested on was running Norton. Neither of them complained.


Hey-Hey, I think we got a Win-Win!

Try the on-line VirusTotal to be sure.

This may be proof; if you running XP it's a virus. If you running Windows-7, it's not a virus anymore. Now I see the light; I bet Dollar Bill told the AV people to leave FASM along or rain_storm really DID do his homework, big-time Smile

All I got to say is timing was perfect. As for XP, now it will never die like win95 ... goldenspider-PE will go down in FASM history. Win-8 will be rain_storm ready.

The world will realize soon that XP is the last true Desktop. The future only holds brainless Web-Tops for the next generation. WebTops was suppose to comes from web-site applications for any look. The OS companies lost focus and don't care if you like it or not. Here is one of the starters who when from sugar to sh^t. I think thy are trying to beat win-8 to the punch. I Hope win-8 drop the idea or provide user-choise/roll-back to at lease XP, not Vista. If it not one thing, it's the other in the computing life and coding.

http://www.theregister.co.uk/2011/04/11/gnome_3_review/


I own Vista, Win-7 (32) and (64) for years but I only use XP .. sp2 is smoother than sp3 in most cases. Now I'll re-insall them all again, forever, just for testing these PE's by tomorrow.

Time to re-set my old PE lab:

See Screenshot below:


Description:
Download
Filename: 47b-test.zip
Filesize: 182.43 KB
Downloaded: 292 Time(s)

Post 02 Jun 2011, 03:06
View user's profile Send private message Reply with quote
goldenspider



Joined: 16 May 2011
Posts: 38
goldenspider 02 Jun 2011, 03:56
252 bytes of MessageBox program implementation on the windows7 x86 . WinXP is OK.
Virus Total Result: 3/ 42 (7.1%)


Code:
;
; MZ header
;
; The only two fields that matter are e_magic and e_lfanew

IMAGE_BASE equ 400000h

use32

IMAGE_DOS_HEADER:
.e_magic                     dw  'MZ'
.e_cblp                      dw  0
IMAGE_NT_HEADERS:
@@:
.Signature                   dd  'PE'
.Machine                     dw  014Ch  
.NumberOfSections            dw  0001h 
MessageBoxA                               db 'MessageBoxA',0   ; Name      
.SizeOfOptionalHeader        dw  OptionalHeader_End - OptionalHeader
.Characteristics             dw  010Fh  
OptionalHeader:
.Magic                       dw  010Bh  
.MajorLinkerVersion          db  0  
.MinorLinkerVersion          db  0  
.SizeOfCode                  dd  Code_End - Code                     
.SizeOfInitializedData       dd  00000000h 
.SizeOfUninitializedData     dd  00000000h 
.AddressOfEntryPoint         dd  Start                               
.BaseOfCode                  dd  0                               ;UNUSED                        
.BaseOfData                  dd  0                                   ;UNUSED                       
.ImageBase                   dd  IMAGE_BASE                            
.SectionAlignment            dd  4                            
.FileAlignment               dd  4                          
.MajorOperatingSystemVersion dw  4 
.MinorOperatingSystemVersion dw  0  
.MajorImageVersion           dw  0000h  
.MinorImageVersion           dw  0000h  
.MajorSubsystemVersion       dw  4  
.MinorSubsystemVersion       dw  0  
.Win32VersionValue           dd  00000000h 
.SizeOfImage                 dd  Code_End                           
.SizeOfHeaders               dd  OptionalHeader_End                  
.CheckSum                    dd  00000000h 
.Subsystem                   dw  2  
.DllCharacteristics          dw  0000h  
.SizeOfStackReserve          dd  00001000h 
.SizeOfStackCommit           dd  00001000h 
.SizeOfHeapReserve           dd  00001000h 

Thunk_User32:
Imp_MsgBox                   dd  MessageBoxA-2   ; .SizeOfHeapCommit
.LoaderFlags                 dd  00000000h 
Thunk_User32_End: 
  
.NumberOfRvaAndSizes         dd  2  
                         
.ExportRva                   dd  00000000h
.ExportSize                  dd  00000000h
.ImportRva                   dd  ImportDir                    
.ImportSize                  dd  0                             ;ImportDir_End - ImportDir UNUSED  
                                                  dd  00000000h
                                                       dd  00000000h
OptionalHeader_End:                        

User32_DLL                   db  'User32',0,0        ;.SectionName  UNUSED
.VirtualSize                 dd  Code_End - Code              
.VirtualAddress              dd  Code                          
.SizeOfRawData               dd  Code_End - Code              
.PointerToRawData            dd  Code
.PointerToRelocations        dd  00000000h
.PointerToLinenumbers        dd  00000000h
.NumberOfRelocations         dw  0000h
.NumberOfLinenumbers         dw  0000h
.Section_Characteristics     dd  060000020h


Code: 
Start:           
                                             push dword 0                ; db 68h,0,0,0,0                ; ?? push 0 (6Ah,0 is error win7)
                                               push @B+IMAGE_BASE  ;IMAGE_BASE + MessageBoxA
                                               push IMAGE_BASE + MessageBoxA ;dword [esp]
                                                  push 0                              ;dword 0        
                                                call [IMAGE_BASE + Imp_MsgBox]
                                              ret
ImportDir:                                                          
                            dd 0                 ; OriginalFirstThunk 
                                                       dd 0                            ; TimeDateStamp UNUSED
                            dd 0                      ; ForwarderChain UNUSED
                            dd User32_DLL       ; Name                                
                            dd Thunk_User32     ; FirstThunk

                            dd 0                               ;UNUSED
                            dd 0                             ;UNUSED
                            dd 0                             ;UNUSED
                            dd 00000000h
                            dd 00000000h
ImportDir_End:
    
Code_End:
    
Post 02 Jun 2011, 03:56
View user's profile Send private message Reply with quote
rain_storm



Joined: 05 Apr 2007
Posts: 67
Location: Ireland
rain_storm 02 Jun 2011, 17:16
iic2 stop ranting and get back on topic.

goldenspider have you got a version of this without the import section and MessageBox code? Just the blank pe.
Post 02 Jun 2011, 17:16
View user's profile Send private message Reply with quote
goldenspider



Joined: 16 May 2011
Posts: 38
goldenspider 03 Jun 2011, 02:05
rain_storm wrote:
Just the blank pe.

Not yet. Otherwise will be very interesting. ^_^
Post 03 Jun 2011, 02:05
View user's profile Send private message Reply with quote
iic2



Joined: 26 Jun 2008
Posts: 122
iic2 17 Jun 2011, 12:29
...
...
Hey rain_storm, U don't tell ic2:
Quote:
iic2 stop ranting and get back on topic.



Ranting:
To speak or write in an angry or violent manner; rave.
To utter or express with violence or extravagance: a dictator who ranted his vitriol onto a captive audience.


It's the latest word on the INTERNET when you want to tell someone to shut-up than doom him to shame of his own personality. Neat trick.

Here's a little more, I guest ... My words are usually to sell MYSELF a new project to get back into. The pass few years of C++, JAVA, etc classes did not cut the cake. Once a Asmer always a Asmer. People here usually just ignore me until I got something to work with or when I say something that makes a little since. But one thing I can assure you of, I am not a dictator. I'm a bounty-hunter and I can show you my credentials. You can bring your home-mie too.

http://www.youtube.com/watch?v=awskKWzjlhk

Be nice
Post 17 Jun 2011, 12:29
View user's profile Send private message Reply with quote
rain_storm



Joined: 05 Apr 2007
Posts: 67
Location: Ireland
rain_storm 18 Jun 2011, 12:13
goldenspider wrote:
252 bytes of MessageBox

Does it break compatibility if those null bytes are stripped from the tail end of the image? Gets it down to 232 bytes.

Code:
format binary as 'exe'

IMAGE_BASE equ 400000h

use32 

IMAGE_DOS_HEADER: 
.e_magic                     dw  'MZ' 
.e_cblp                      dw  0 
IMAGE_NT_HEADERS: 
@@: 
.Signature                   dd  'PE' 
.Machine                     dw  014Ch   
.NumberOfSections            dw  0001h  
MessageBoxA                              db 'MessageBoxA',0     ; Name       
.SizeOfOptionalHeader        dw  OptionalHeader_End - OptionalHeader 
.Characteristics             dw  010Fh   
OptionalHeader: 
.Magic                       dw  010Bh   
.MajorLinkerVersion          db  0   
.MinorLinkerVersion          db  0   
.SizeOfCode                  dd  Code_End - Code                      
.SizeOfInitializedData       dd  00000000h  
.SizeOfUninitializedData     dd  00000000h  
.AddressOfEntryPoint         dd  Start                                
.BaseOfCode                  dd  0                              ;UNUSED                         
.BaseOfData                  dd  0                              ;UNUSED                        
.ImageBase                   dd  IMAGE_BASE                             
.SectionAlignment            dd  4                             
.FileAlignment               dd  4                           
.MajorOperatingSystemVersion dw  4  
.MinorOperatingSystemVersion dw  0   
.MajorImageVersion           dw  0000h   
.MinorImageVersion           dw  0000h   
.MajorSubsystemVersion       dw  4   
.MinorSubsystemVersion       dw  0   
.Win32VersionValue           dd  00000000h  
.SizeOfImage                 dd  Code_End                            
.SizeOfHeaders               dd  OptionalHeader_End                   
.CheckSum                    dd  00000000h  
.Subsystem                   dw  2   
.DllCharacteristics          dw  0000h   
.SizeOfStackReserve          dd  00001000h  
.SizeOfStackCommit           dd  00001000h  
.SizeOfHeapReserve           dd  00001000h  

Thunk_User32: 
Imp_MsgBox                   dd  MessageBoxA-2  ; .SizeOfHeapCommit 
.LoaderFlags                 dd  00000000h  
Thunk_User32_End:  
   
.NumberOfRvaAndSizes         dd  2   
                          
.ExportRva                   dd  00000000h 
.ExportSize                  dd  00000000h 
.ImportRva                   dd  ImportDir                     
.ImportSize                  dd  0                              ;ImportDir_End - ImportDir UNUSED   
                                                         dd  00000000h 
                                                         dd  00000000h 
OptionalHeader_End:                         

User32_DLL                   db  'User32',0,0   ;.SectionName  UNUSED 
.VirtualSize                 dd  Code_End - Code               
.VirtualAddress              dd  Code                           
.SizeOfRawData               dd  Code_End - Code               
.PointerToRawData            dd  Code 
.PointerToRelocations        dd  00000000h 
.PointerToLinenumbers        dd  00000000h 
.NumberOfRelocations         dw  0000h 
.NumberOfLinenumbers         dw  0000h 
.Section_Characteristics     dd  060000020h 


Code:  
Start:      
                                                push dword 0                ; db 68h,0,0,0,0                ; ?? push 0 (6Ah,0 is error win7)
                                                push @B+IMAGE_BASE  ;IMAGE_BASE + MessageBoxA
                                                push IMAGE_BASE + MessageBoxA ;dword [esp]
                                                push 0                              ;dword 0
                                                call [IMAGE_BASE + Imp_MsgBox]
                                                ret
ImportDir:                                                          
                            dd 0                ; OriginalFirstThunk
                            dd 0                ; TimeDateStamp UNUSED
                            dd 0                ; ForwarderChain UNUSED
                            dd User32_DLL       ; Name                            
                            dd Thunk_User32     ; FirstThunk 
                            ;dd 0                ;UNUSED
                            ;dd 0                ;UNUSED
                            ;dd 0                ;UNUSED
                            ;dd 00000000h
                            ;dd 00000000h
ImportDir_End: 
Code_End:
    
Post 18 Jun 2011, 12:13
View user's profile Send private message Reply with quote
Wasikuss



Joined: 06 Aug 2011
Posts: 1
Wasikuss 06 Aug 2011, 21:01
OK, but if I want to run it on Win7 64bit?
I have reached 518 bytes (tinype port) and I'm working to make it smaller.
Is it possible to decrease exe header without breaking file in win7 64bit?


edit:
sorry, i didn't saw attachments before login.
Yes, the smallest exe file is 513 bytes. only with "ret" instruction.
If you want to save bytes in exe use space in header as data container, eg:

Code:
db "MZ"
db 58 dup 0 ;<- here
dd 60h
db 32 dup 0 ;<- here
dd 'PE'
...
;in some obsolete fields and after header instead of zeros padding
    


for me it's additional 141 bytes.
Post 06 Aug 2011, 21:01
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.