flat assembler
Message board for the users of flat assembler.

Index > Windows > Smallest PE for all Windows

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
Kazyaka



Joined: 10 Oct 2011
Posts: 62
Location: Earth
Kazyaka
I'm looking for smallest PE source code which works for Windows Xp - Windows 7, 32/64-bite with all service packs. I've found here 675B PE. I tested it on Win Xp (32) SP3 and Win 7 (64) and it runs correctly. Someone has simpler?


Last edited by Kazyaka on 05 Dec 2011, 07:38; edited 1 time in total
Post 04 Dec 2011, 23:01
View user's profile Send private message Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
You can shave off a few bytes by

* removing "PE " from string
* removing ".dll" from kernel32
* using register addressing for calls and pointers
* moving code into theader

But you won't get below the 513 byte limit on W7, as it doesn't like filealigns less than $200.
Post 05 Dec 2011, 04:32
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
Kazyaka



Joined: 10 Oct 2011
Posts: 62
Location: Earth
Kazyaka
This advice is so useful for me.
Quote:
* removing "PE " from string
* removing ".dll" from kernel32
It's easy to do. Now I can remove '.dll' from every library name.
Quote:
* using register addressing for calls and pointers
I don't understand it. Can you explain me, please?
Quote:
* moving code into theader
I think it was about 'header'. But how can I do it?

Here's my program (526B):
Code:
 ; 
 ;      manual PE 
 ; 
        image_base      equ 0x400000 
        alignment       equ 0x4 
        stack_reserve   equ 0x1000 
        stack_commit    equ 0x1000 
        heap_reserve    equ 0x1000 
        heap_commit     equ 0x1000 
 ; 
 ;      dos header 
 ;      pe header 
 ;      optional header 
 ;      directory entries 
 ;      import header 
 ;      code directory 
 ;      import directory 
 ;
 format binary as "exe"
        use32 
         
        dos_header: 
         
                dw 'MZ'                 ; DOS signature 
                db 0x3A dup(0)          ; unused 
                dd 0x40                 ; PE header address 
         
        pe_header: 
         
                db 'PE',0,0             ; PE signature 
                dw 0x014C               ; cpu (386) 
                dw 1                    ; number of sections 
                dd 0                    ; timestamp 
                dd 0                    ; symbol table address 
                dd 0                    ; number of symbols 
                dw sizeof.header        ; size of optional header 
                dw 0x010F               ; characteristics 
                 
        optional_header: 
                 
                dw 0x010B               ; magic 
                dw 0                    ; linker version 
                dd 0                    ; size of code section 
                dd 0                    ; size of initialised data 
                dd 0                    ; size of uninitialise data 
                dd code_directory       ; entry point address 
                dd 0                    ; base of code 
                dd 0                    ; base of data 
                dd image_base           ; base of image 
                dd alignment            ; section alignment 
                dd alignment            ; file alignment 
                dw 0                    ; os version major 
                dw 0                    ; os version minor 
                dw 0                    ; image version major 
                dw 0                    ; image version minor 
                dw 4                    ; subsystem version major 
                dw 0                    ; subsystem version minor 
                dd 0                    ; win32 version (reserved) 
                dd sizeof.image         ; image size 
                dd code_directory       ; header size 
                dd 0                    ; checksum 
                dw 0x0002               ; subsystem (GUI) 
                dw 0                    ; dll characteristics 
                dd stack_reserve        ; stack reserve size 
                dd stack_commit         ; stack commit size 
                dd heap_reserve         ; heap reserve size 
                dd heap_commit          ; heap commit size 
                dd 0                    ; loader flags (obsolete) 
                dd 16                   ; number of directory entries 
                 
        directory_entries: 
                 
                dq 0                    ; export 
                dd import_directory     ; import section rva 
                dd sizeof.import        ; import section size 
                dq 14 dup(0)            ; the rest 
                 
        import_header: 
                 
                dq '.import'            ; name 
                dd sizeof.import        ; virtual size 
                dd code_directory       ; rva 
                dd sizeof.import        ; raw size 
                dd code_directory       ; raw pointer to data 
                dd 0                    ; pointer to relocations 
                dd 0                    ; pointer to line numbers 
                dw 0                    ; number of relocations 
                dw 0                    ; number of line numbers 
                dd 0x0E0000020          ; characteristics 
                align alignment
                 
        code_directory: 
                 
                push 0 
                push title+image_base 
                push message+image_base 
                push 0 
                call[MessageBox+image_base] 
                push 0 
                call[ExitProcess+image_base] 
                title: db 'Title',0
                message: db 'Hello world',0
                 
        import_directory: 
                 
                dd 0,0,0,kernel_name,kernel_table 
                dd 0,0,0,user_name,user_table 
                dd 0,0,0,0,0 
                kernel_name db 'KERNEL32.DLL',0 
                user_name db 'USER32.DLL', 0 
                kernel_table: 
                ExitProcess dd _ExitProcess 
                dd 0 
                user_table: 
                MessageBox dd _MessageBox+0000h 
                dd 0 
                _MessageBox db 0, 0, 'MessageBoxA', 0 
                _ExitProcess db 0,0,'ExitProcess',0 
                 
        file_end: 
                 
                sizeof.import = file_end-import_directory 
                sizeof.header = import_header-optional_header 
                sizeof.image = file_end 
    

It runs correctly for Win XP (34b). But why it doesn't work for Win 7 (64b)?
The size is over 512 bytes.
Post 05 Dec 2011, 14:54
View user's profile Send private message Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
Quote:
I don't understand it. Can you explain me, please?


something like

Code:
mov ebp,imports
call [ebp+ExitProcess.offset]    


Quote:
I think it was about 'header'. But how can I do it?


Isn't that what you have just done?


Quote:
It runs correctly for Win XP (34b). But why it doesn't work for Win 7 (64b)?
The size is over 512 bytes.


Probably because you have entrypoint outside of a section.

_________________
This is a block of text that can be added to posts you make.
Post 05 Dec 2011, 15:15
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
Kazyaka



Joined: 10 Oct 2011
Posts: 62
Location: Earth
Kazyaka
Now everything is clear for me. I need only to fix entry point adress. I tried a lot of places and they don't work for me.
What should I do?
Post 05 Dec 2011, 16:19
View user's profile Send private message Reply with quote
khatch



Joined: 24 Oct 2011
Posts: 68
khatch
Hi!
"mindcooler" wrote :
Quote:

removing "PE " from string

iI do not understood this ;
did you mean
Quote:

db 'PE',0,0 ; PE signature


I don`t think so !!!!
can you explain it for me , please .
Post 06 Dec 2011, 01:49
View user's profile Send private message Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
Kazyaka wrote:
Now everything is clear for me. I need only to fix entry point adress. I tried a lot of places and they don't work for me.
What should I do?


Try putting your .import section at $200.

_________________
This is a block of text that can be added to posts you make.
Post 06 Dec 2011, 03:36
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
Quote:
I don`t think so !!!!
can you explain it for me , please .


hello: db 'Hello, PE World!'

|
v

hello: db 'Hello, World!'

_________________
This is a block of text that can be added to posts you make.
Post 06 Dec 2011, 03:38
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
Kazyaka



Joined: 10 Oct 2011
Posts: 62
Location: Earth
Kazyaka
@mincooler
I did as you said and it works only for XP (32b).

My code:
Code:
 ; 
 ;      manual PE 
 ; 
        image_base      equ 0x400000 
        alignment       equ 0x4 
        stack_reserve   equ 0x1000 
        stack_commit    equ 0x1000 
        heap_reserve    equ 0x1000 
        heap_commit     equ 0x1000 
 ; 
 ;      dos header 
 ;      pe header 
 ;      optional header 
 ;      directory entries 
 ;      import header 
 ;      code directory 
 ;      import directory 
 ;
 format binary as "exe"
        use32 
         
        dos_header: 
         
                dw 'MZ'                 ; DOS signature
                db 0x3A dup(0)          ; unused 
                dd 0x40                 ; PE header address 
         
        pe_header: 
         
                db 'PE',0,0             ; PE signature

                dw 0x014C               ; cpu (386) 
                dw 1                    ; number of sections 
                dd 0                    ; timestamp 
                dd 0                    ; symbol table address 
                dd 0                    ; number of symbols 
                dw sizeof.header        ; size of optional header 
                dw 0x010F               ; characteristics 
                 
        optional_header: 
                 
                dw 0x010B               ; magic 
                dw 0                    ; linker version 
                dd 0                    ; size of code section 
                dd 0                    ; size of initialised data 
                dd 0                    ; size of uninitialise data 
                dd code_directory       ; entry point address 
                dd 0                    ; base of code 
                dd 0                    ; base of data 
                dd image_base           ; base of image 
                dd alignment            ; section alignment 
                dd alignment            ; file alignment 
                dw 0                    ; os version major 
                dw 0                    ; os version minor 
                dw 0                    ; image version major 
                dw 0                    ; image version minor 
                dw 4                    ; subsystem version major 
                dw 0                    ; subsystem version minor 
                dd 0                    ; win32 version (reserved) 
                dd sizeof.image         ; image size 
                dd code_directory       ; header size 
                dd 0                    ; checksum 
                dw 0x0002               ; subsystem (GUI) 
                dw 0                    ; dll characteristics 
                dd stack_reserve        ; stack reserve size 
                dd stack_commit         ; stack commit size 
                dd heap_reserve         ; heap reserve size 
                dd heap_commit          ; heap commit size 
                dd 0                    ; loader flags (obsolete) 
                dd 16                   ; number of directory entries 
                 
        directory_entries: 
                 
                dq 0                    ; export 
                dd import_directory     ; import section rva 
                dd sizeof.import        ; import section size 
                dq 39 dup(0)            ; the rest
                 
        import_header: 
                 
                dq '.import'            ; name 
                dd sizeof.import        ; virtual size 
                dd code_directory       ; rva 
                dd sizeof.import        ; raw size 
                dd code_directory       ; raw pointer to data 
                dd 0                    ; pointer to relocations 
                dd 0                    ; pointer to line numbers 
                dw 0                    ; number of relocations 
                dw 0                    ; number of line numbers 
                dd 0x0E0000020          ; characteristics 
                align alignment
                 
        code_directory: 
                 
                push 0 
                push title+image_base 
                push message+image_base 
                push 0 
                call[MessageBox+image_base] 
                push 0 
                call[ExitProcess+image_base] 
                title: db 'Ramzes',0
                message: db 'Hello world',0
                 
        import_directory: 
                 
                dd 0,0,0,kernel_name,kernel_table 
                dd 0,0,0,user_name,user_table 
                dd 0,0,0,0,0 
                kernel_name db 'KERNEL32',0
                user_name db 'USER32', 0
                kernel_table: 
                ExitProcess dd _ExitProcess 
                dd 0 
                user_table: 
                MessageBox dd _MessageBox+0000h 
                dd 0 
                _MessageBox db 0, 0, 'MessageBoxA', 0 
                _ExitProcess db 0,0,'ExitProcess',0 
                 
        file_end: 
                 
                sizeof.import = file_end-import_directory 
                sizeof.header = import_header-optional_header 
                sizeof.image = file_end 
    


Last edited by Kazyaka on 01 Jul 2012, 09:07; edited 1 time in total
Post 06 Dec 2011, 17:07
View user's profile Send private message Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
You can't have section alignment under $1000.



Code:
        alignment       equ 0x1000     

_________________
This is a block of text that can be added to posts you make.
Post 06 Dec 2011, 17:29
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
Kazyaka



Joined: 10 Oct 2011
Posts: 62
Location: Earth
Kazyaka
OK. But now size of file is 4 271 bytes!
Post 06 Dec 2011, 19:05
View user's profile Send private message Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
Instead of aligning the section to $1000, align it to $200 and org to $1000. Note that you need to keep track of the raw addresses of items after the org and adjust accordingly.
Post 07 Dec 2011, 01:32
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
Kazyaka



Joined: 10 Oct 2011
Posts: 62
Location: Earth
Kazyaka
It crashes.
Code:
 ;  
 ;      manual PE  
 ;  
        image_base      equ 0x400000  
        alignment       equ 0x200
        stack_reserve   equ 0x1000  
        stack_commit    equ 0x1000  
        heap_reserve    equ 0x1000  
        heap_commit     equ 0x1000  
 ;  
 ;      dos header  
 ;      pe header  
 ;      optional header  
 ;      directory entries  
 ;      import header  
 ;      code directory  
 ;      import directory  
 ; 
 format binary as "exe" 
        use32  
          
        dos_header:  
          
                dw 'MZ'                 ; DOS signature 
                db 0x3A dup(0)          ; unused  
                dd 0x40                 ; PE header address  
          
        pe_header:  
          
                db 'PE',0,0             ; PE signature 

                dw 0x014C               ; cpu (386)  
                dw 1                    ; number of sections  
                dd 0                    ; timestamp  
                dd 0                    ; symbol table address  
                dd 0                    ; number of symbols  
                dw sizeof.header        ; size of optional header  
                dw 0x010F               ; characteristics  
                  
        optional_header:  
                  
                dw 0x010B               ; magic  
                dw 0                    ; linker version  
                dd 0                    ; size of code section  
                dd 0                    ; size of initialised data  
                dd 0                    ; size of uninitialise data  
                dd code_directory       ; entry point address  
                dd 0                    ; base of code  
                dd 0                    ; base of data  
                dd image_base           ; base of image  
                dd alignment            ; section alignment  
                dd alignment            ; file alignment  
                dw 0                    ; os version major  
                dw 0                    ; os version minor  
                dw 0                    ; image version major  
                dw 0                    ; image version minor  
                dw 4                    ; subsystem version major  
                dw 0                    ; subsystem version minor  
                dd 0                    ; win32 version (reserved)  
                dd sizeof.image         ; image size  
                dd code_directory       ; header size  
                dd 0                    ; checksum  
                dw 0x0002               ; subsystem (GUI)  
                dw 0                    ; dll characteristics  
                dd stack_reserve        ; stack reserve size  
                dd stack_commit         ; stack commit size  
                dd heap_reserve         ; heap reserve size  
                dd heap_commit          ; heap commit size  
                dd 0                    ; loader flags (obsolete)  
                dd 16                   ; number of directory entries  
                  
        directory_entries:  
                  
                dq 0                    ; export  
                dd import_directory     ; import section rva  
                dd sizeof.import        ; import section size  
                dq 39 dup(0)            ; the rest 
                  
        import_header:  

                dq '.import'            ; name  
                dd sizeof.import        ; virtual size  
                dd code_directory       ; rva  
                dd sizeof.import        ; raw size  
                dd code_directory       ; raw pointer to data  
                dd 0                    ; pointer to relocations  
                dd 0                    ; pointer to line numbers  
                dw 0                    ; number of relocations  
                dw 0                    ; number of line numbers  
                dd 0x0E0000020          ; characteristics
               align alignment
               org 0x1000
                  
        code_directory:  
                  
                push 0  
                push title+image_base  
                push message+image_base  
                push 0  
                call[MessageBox+image_base]  
                push 0  
                call[ExitProcess+image_base]  
                title: db 'Ramzes',0 
                message: db 'Hello world',0 
                  
        import_directory:  
                  
                dd 0,0,0,kernel_name,kernel_table  
                dd 0,0,0,user_name,user_table  
                dd 0,0,0,0,0  
                kernel_name db 'KERNEL32',0 
                user_name db 'USER32', 0 
                kernel_table:  
                ExitProcess dd _ExitProcess  
                dd 0  
                user_table:  
                MessageBox dd _MessageBox+0000h  
                dd 0  
                _MessageBox db 0, 0, 'MessageBoxA', 0  
                _ExitProcess db 0,0,'ExitProcess',0  
                  
        file_end:  
                  
                sizeof.import = file_end-import_directory  
                sizeof.header = import_header-optional_header  
                sizeof.image = file_end  
    
Post 07 Dec 2011, 14:50
View user's profile Send private message Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
Code:
dd alignment            ; section alignment    


You have a $200 section alignment again, it can't be less than $1000. And you are not adjusting raw addresses, e.g.

Code:
dd code_directory       ; raw pointer to data    

_________________
This is a block of text that can be added to posts you make.
Post 08 Dec 2011, 02:12
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
Kazyaka



Joined: 10 Oct 2011
Posts: 62
Location: Earth
Kazyaka
But with section alignment $1000 file has size above 4kB.
Code:
 ;   
 ;      manual PE   
 ;   
        image_base      equ 0x400000   
        alignment       equ 0x1000
        stack_reserve   equ 0x1000   
        stack_commit    equ 0x1000   
        heap_reserve    equ 0x1000   
        heap_commit     equ 0x1000   
 ;   
 ;      dos header   
 ;      pe header   
 ;      optional header   
 ;      directory entries   
 ;      import header   
 ;      code directory   
 ;      import directory   
 ;  
 format binary as "exe"  
        use32   
           
        dos_header:   
           
                dw 'MZ'                 ; DOS signature  
                db 0x3A dup(0)          ; unused   
                dd 0x40                 ; PE header address   
           
        pe_header:   
           
                db 'PE',0,0             ; PE signature  

                dw 0x014C               ; cpu (386)   
                dw 1                    ; number of sections   
                dd 0                    ; timestamp   
                dd 0                    ; symbol table address   
                dd 0                    ; number of symbols   
                dw sizeof.header        ; size of optional header   
                dw 0x010F               ; characteristics   
                   
        optional_header:   
                   
                dw 0x010B               ; magic   
                dw 0                    ; linker version   
                dd 0                    ; size of code section   
                dd 0                    ; size of initialised data   
                dd 0                    ; size of uninitialise data   
                dd code_directory       ; entry point address   
                dd 0                    ; base of code   
                dd 0                    ; base of data   
                dd image_base           ; base of image   
                dd alignment            ; section alignment   
                dd alignment            ; file alignment   
                dw 0                    ; os version major   
                dw 0                    ; os version minor   
                dw 0                    ; image version major   
                dw 0                    ; image version minor   
                dw 4                    ; subsystem version major   
                dw 0                    ; subsystem version minor   
                dd 0                    ; win32 version (reserved)   
                dd sizeof.image         ; image size   
                dd code_directory       ; header size   
                dd 0                    ; checksum   
                dw 0x0002               ; subsystem (GUI)   
                dw 0                    ; dll characteristics   
                dd stack_reserve        ; stack reserve size   
                dd stack_commit         ; stack commit size   
                dd heap_reserve         ; heap reserve size   
                dd heap_commit          ; heap commit size   
                dd 0                    ; loader flags (obsolete)   
                dd 16                   ; number of directory entries   
                   
        directory_entries:   
                   
                dq 0                    ; export   
                dd import_directory     ; import section rva   
                dd sizeof.import        ; import section size   
                dq 39 dup(0)            ; the rest  
                   
        import_header:   

                dq '.import'            ; name   
                dd sizeof.import        ; virtual size   
                dd code_directory       ; rva   
                dd sizeof.import        ; raw size   
                dd code_directory       ; raw pointer to data   
                dd 0                    ; pointer to relocations   
                dd 0                    ; pointer to line numbers   
                dw 0                    ; number of relocations   
                dw 0                    ; number of line numbers   
                dd 0x0E0000020          ; characteristics 
               align alignment 
               org 0x1000 
                   
        code_directory:   
                   
                push 0   
                push title+image_base   
                push message+image_base   
                push 0   
                call[MessageBox+image_base]   
                push 0   
                call[ExitProcess+image_base]   
                title: db 'Title',0  
                message: db 'Hello world',0  
                   
        import_directory:   
                   
                dd 0,0,0,kernel_name,kernel_table   
                dd 0,0,0,user_name,user_table   
                dd 0,0,0,0,0   
                kernel_name db 'KERNEL32',0  
                user_name db 'USER32', 0  
                kernel_table:   
                ExitProcess dd _ExitProcess   
                dd 0   
                user_table:   
                MessageBox dd _MessageBox+0000h   
                dd 0   
                _MessageBox db 0, 0, 'MessageBoxA', 0   
                _ExitProcess db 0,0,'ExitProcess',0   
                   
        file_end:   
                   
                sizeof.import = file_end-import_directory   
                sizeof.header = import_header-optional_header   
                sizeof.image = file_end   
    


I give up.
Post 09 Dec 2011, 12:42
View user's profile Send private message Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
Now you have section alignment and file alignment equal again.

I think you are confusing section alignment, file alignment and your section's raw and rva. Set file alignment to $200, and your .import section starts at raw $200 rva $1000 instead of raw $1000 rva $1000.
Post 09 Dec 2011, 21:25
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
Kazyaka



Joined: 10 Oct 2011
Posts: 62
Location: Earth
Kazyaka
I think easier is using your code. How can I remove console from program?
Post 11 Dec 2011, 17:56
View user's profile Send private message Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1901
DOS386
> How can I remove console from program?

Set subsystem to GUY Very Happy

> You can shave off a few bytes by

* optimizing the imports, see http://board.flatassembler.net/topic.php?t=11170 "DeLL HeLL"

Code:
; WARNING this is unnecessary bloated
  _MessageBox db 0, 0, 'MessageBoxA', 0
  _ExitProcess db 0,0,'ExitProcess',0
    


> But with section alignment $1000 file has size above 4kB.

Then you did something wrong because my file has also section alignment $1000 but the bloat is only 1 KiB Wink

PS: my examples are supposed to run on any Windaube from 7 (lowest and oldest) to 95 (highest and newest) as well as with HX, ReactorOS, and Wine&Beer. Let me know if they don't.
Post 12 Dec 2011, 02:11
View user's profile Send private message Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
Kazyaka wrote:
I think easier is using your code.


If you are going to use my code, why not take a look at something more recent:

http://files.sys5.se/hellogui.zip

Kazyaka wrote:
How can I remove console from program?


Subsystem = IMAGE_SUBSYSTEM_WINDOWS_GUI

_________________
This is a block of text that can be added to posts you make.
Post 12 Dec 2011, 15:49
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
Kazyaka



Joined: 10 Oct 2011
Posts: 62
Location: Earth
Kazyaka
Thank you for advices!

DOS386 wrote:
Then you did something wrong because my file has also section alignment $1000 but the bloat is only 1 KiB Wink


Wrong? But what? Can you show your code, please?
Post 15 Dec 2011, 21:31
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.