flat assembler
Message board for the users of flat assembler.
Index
> Windows > Smallest PE for all Windows Goto page 1, 2 Next |
Author |
|
Kazyaka 04 Dec 2011, 23:01
I'm looking for smallest PE source code which works for Windows Xp - Windows 7, 32/64-bite with all service packs. I've found here 675B PE. I tested it on Win Xp (32) SP3 and Win 7 (64) and it runs correctly. Someone has simpler?
Last edited by Kazyaka on 05 Dec 2011, 07:38; edited 1 time in total |
|||
04 Dec 2011, 23:01 |
|
Kazyaka 05 Dec 2011, 14:54
This advice is so useful for me.
Quote: * removing "PE " from string Quote: * using register addressing for calls and pointers Quote: * moving code into theader Here's my program (526B): Code: ; ; manual PE ; image_base equ 0x400000 alignment equ 0x4 stack_reserve equ 0x1000 stack_commit equ 0x1000 heap_reserve equ 0x1000 heap_commit equ 0x1000 ; ; dos header ; pe header ; optional header ; directory entries ; import header ; code directory ; import directory ; format binary as "exe" use32 dos_header: dw 'MZ' ; DOS signature db 0x3A dup(0) ; unused dd 0x40 ; PE header address pe_header: db 'PE',0,0 ; PE signature dw 0x014C ; cpu (386) dw 1 ; number of sections dd 0 ; timestamp dd 0 ; symbol table address dd 0 ; number of symbols dw sizeof.header ; size of optional header dw 0x010F ; characteristics optional_header: dw 0x010B ; magic dw 0 ; linker version dd 0 ; size of code section dd 0 ; size of initialised data dd 0 ; size of uninitialise data dd code_directory ; entry point address dd 0 ; base of code dd 0 ; base of data dd image_base ; base of image dd alignment ; section alignment dd alignment ; file alignment dw 0 ; os version major dw 0 ; os version minor dw 0 ; image version major dw 0 ; image version minor dw 4 ; subsystem version major dw 0 ; subsystem version minor dd 0 ; win32 version (reserved) dd sizeof.image ; image size dd code_directory ; header size dd 0 ; checksum dw 0x0002 ; subsystem (GUI) dw 0 ; dll characteristics dd stack_reserve ; stack reserve size dd stack_commit ; stack commit size dd heap_reserve ; heap reserve size dd heap_commit ; heap commit size dd 0 ; loader flags (obsolete) dd 16 ; number of directory entries directory_entries: dq 0 ; export dd import_directory ; import section rva dd sizeof.import ; import section size dq 14 dup(0) ; the rest import_header: dq '.import' ; name dd sizeof.import ; virtual size dd code_directory ; rva dd sizeof.import ; raw size dd code_directory ; raw pointer to data dd 0 ; pointer to relocations dd 0 ; pointer to line numbers dw 0 ; number of relocations dw 0 ; number of line numbers dd 0x0E0000020 ; characteristics align alignment code_directory: push 0 push title+image_base push message+image_base push 0 call[MessageBox+image_base] push 0 call[ExitProcess+image_base] title: db 'Title',0 message: db 'Hello world',0 import_directory: dd 0,0,0,kernel_name,kernel_table dd 0,0,0,user_name,user_table dd 0,0,0,0,0 kernel_name db 'KERNEL32.DLL',0 user_name db 'USER32.DLL', 0 kernel_table: ExitProcess dd _ExitProcess dd 0 user_table: MessageBox dd _MessageBox+0000h dd 0 _MessageBox db 0, 0, 'MessageBoxA', 0 _ExitProcess db 0,0,'ExitProcess',0 file_end: sizeof.import = file_end-import_directory sizeof.header = import_header-optional_header sizeof.image = file_end It runs correctly for Win XP (34b). But why it doesn't work for Win 7 (64b)? The size is over 512 bytes. |
|||
05 Dec 2011, 14:54 |
|
mindcooler 05 Dec 2011, 15:15
Quote: I don't understand it. Can you explain me, please? something like Code: mov ebp,imports call [ebp+ExitProcess.offset] Quote: I think it was about 'header'. But how can I do it? Isn't that what you have just done? Quote: It runs correctly for Win XP (34b). But why it doesn't work for Win 7 (64b)? Probably because you have entrypoint outside of a section. _________________ This is a block of text that can be added to posts you make. |
|||
05 Dec 2011, 15:15 |
|
Kazyaka 05 Dec 2011, 16:19
Now everything is clear for me. I need only to fix entry point adress. I tried a lot of places and they don't work for me.
What should I do? |
|||
05 Dec 2011, 16:19 |
|
khatch 06 Dec 2011, 01:49
Hi!
"mindcooler" wrote : Quote:
iI do not understood this ; did you mean Quote:
I don`t think so !!!! can you explain it for me , please . |
|||
06 Dec 2011, 01:49 |
|
mindcooler 06 Dec 2011, 03:36
Kazyaka wrote: Now everything is clear for me. I need only to fix entry point adress. I tried a lot of places and they don't work for me. Try putting your .import section at $200. _________________ This is a block of text that can be added to posts you make. |
|||
06 Dec 2011, 03:36 |
|
mindcooler 06 Dec 2011, 03:38
Quote: I don`t think so !!!! hello: db 'Hello, PE World!' | v hello: db 'Hello, World!' _________________ This is a block of text that can be added to posts you make. |
|||
06 Dec 2011, 03:38 |
|
Kazyaka 06 Dec 2011, 17:07
@mincooler
I did as you said and it works only for XP (32b). My code: Code: ; ; manual PE ; image_base equ 0x400000 alignment equ 0x4 stack_reserve equ 0x1000 stack_commit equ 0x1000 heap_reserve equ 0x1000 heap_commit equ 0x1000 ; ; dos header ; pe header ; optional header ; directory entries ; import header ; code directory ; import directory ; format binary as "exe" use32 dos_header: dw 'MZ' ; DOS signature db 0x3A dup(0) ; unused dd 0x40 ; PE header address pe_header: db 'PE',0,0 ; PE signature dw 0x014C ; cpu (386) dw 1 ; number of sections dd 0 ; timestamp dd 0 ; symbol table address dd 0 ; number of symbols dw sizeof.header ; size of optional header dw 0x010F ; characteristics optional_header: dw 0x010B ; magic dw 0 ; linker version dd 0 ; size of code section dd 0 ; size of initialised data dd 0 ; size of uninitialise data dd code_directory ; entry point address dd 0 ; base of code dd 0 ; base of data dd image_base ; base of image dd alignment ; section alignment dd alignment ; file alignment dw 0 ; os version major dw 0 ; os version minor dw 0 ; image version major dw 0 ; image version minor dw 4 ; subsystem version major dw 0 ; subsystem version minor dd 0 ; win32 version (reserved) dd sizeof.image ; image size dd code_directory ; header size dd 0 ; checksum dw 0x0002 ; subsystem (GUI) dw 0 ; dll characteristics dd stack_reserve ; stack reserve size dd stack_commit ; stack commit size dd heap_reserve ; heap reserve size dd heap_commit ; heap commit size dd 0 ; loader flags (obsolete) dd 16 ; number of directory entries directory_entries: dq 0 ; export dd import_directory ; import section rva dd sizeof.import ; import section size dq 39 dup(0) ; the rest import_header: dq '.import' ; name dd sizeof.import ; virtual size dd code_directory ; rva dd sizeof.import ; raw size dd code_directory ; raw pointer to data dd 0 ; pointer to relocations dd 0 ; pointer to line numbers dw 0 ; number of relocations dw 0 ; number of line numbers dd 0x0E0000020 ; characteristics align alignment code_directory: push 0 push title+image_base push message+image_base push 0 call[MessageBox+image_base] push 0 call[ExitProcess+image_base] title: db 'Ramzes',0 message: db 'Hello world',0 import_directory: dd 0,0,0,kernel_name,kernel_table dd 0,0,0,user_name,user_table dd 0,0,0,0,0 kernel_name db 'KERNEL32',0 user_name db 'USER32', 0 kernel_table: ExitProcess dd _ExitProcess dd 0 user_table: MessageBox dd _MessageBox+0000h dd 0 _MessageBox db 0, 0, 'MessageBoxA', 0 _ExitProcess db 0,0,'ExitProcess',0 file_end: sizeof.import = file_end-import_directory sizeof.header = import_header-optional_header sizeof.image = file_end Last edited by Kazyaka on 01 Jul 2012, 09:07; edited 1 time in total |
|||
06 Dec 2011, 17:07 |
|
mindcooler 06 Dec 2011, 17:29
You can't have section alignment under $1000.
Code: alignment equ 0x1000 _________________ This is a block of text that can be added to posts you make. |
|||
06 Dec 2011, 17:29 |
|
Kazyaka 06 Dec 2011, 19:05
OK. But now size of file is 4 271 bytes!
|
|||
06 Dec 2011, 19:05 |
|
mindcooler 07 Dec 2011, 01:32
Instead of aligning the section to $1000, align it to $200 and org to $1000. Note that you need to keep track of the raw addresses of items after the org and adjust accordingly.
|
|||
07 Dec 2011, 01:32 |
|
Kazyaka 07 Dec 2011, 14:50
It crashes.
Code: ; ; manual PE ; image_base equ 0x400000 alignment equ 0x200 stack_reserve equ 0x1000 stack_commit equ 0x1000 heap_reserve equ 0x1000 heap_commit equ 0x1000 ; ; dos header ; pe header ; optional header ; directory entries ; import header ; code directory ; import directory ; format binary as "exe" use32 dos_header: dw 'MZ' ; DOS signature db 0x3A dup(0) ; unused dd 0x40 ; PE header address pe_header: db 'PE',0,0 ; PE signature dw 0x014C ; cpu (386) dw 1 ; number of sections dd 0 ; timestamp dd 0 ; symbol table address dd 0 ; number of symbols dw sizeof.header ; size of optional header dw 0x010F ; characteristics optional_header: dw 0x010B ; magic dw 0 ; linker version dd 0 ; size of code section dd 0 ; size of initialised data dd 0 ; size of uninitialise data dd code_directory ; entry point address dd 0 ; base of code dd 0 ; base of data dd image_base ; base of image dd alignment ; section alignment dd alignment ; file alignment dw 0 ; os version major dw 0 ; os version minor dw 0 ; image version major dw 0 ; image version minor dw 4 ; subsystem version major dw 0 ; subsystem version minor dd 0 ; win32 version (reserved) dd sizeof.image ; image size dd code_directory ; header size dd 0 ; checksum dw 0x0002 ; subsystem (GUI) dw 0 ; dll characteristics dd stack_reserve ; stack reserve size dd stack_commit ; stack commit size dd heap_reserve ; heap reserve size dd heap_commit ; heap commit size dd 0 ; loader flags (obsolete) dd 16 ; number of directory entries directory_entries: dq 0 ; export dd import_directory ; import section rva dd sizeof.import ; import section size dq 39 dup(0) ; the rest import_header: dq '.import' ; name dd sizeof.import ; virtual size dd code_directory ; rva dd sizeof.import ; raw size dd code_directory ; raw pointer to data dd 0 ; pointer to relocations dd 0 ; pointer to line numbers dw 0 ; number of relocations dw 0 ; number of line numbers dd 0x0E0000020 ; characteristics align alignment org 0x1000 code_directory: push 0 push title+image_base push message+image_base push 0 call[MessageBox+image_base] push 0 call[ExitProcess+image_base] title: db 'Ramzes',0 message: db 'Hello world',0 import_directory: dd 0,0,0,kernel_name,kernel_table dd 0,0,0,user_name,user_table dd 0,0,0,0,0 kernel_name db 'KERNEL32',0 user_name db 'USER32', 0 kernel_table: ExitProcess dd _ExitProcess dd 0 user_table: MessageBox dd _MessageBox+0000h dd 0 _MessageBox db 0, 0, 'MessageBoxA', 0 _ExitProcess db 0,0,'ExitProcess',0 file_end: sizeof.import = file_end-import_directory sizeof.header = import_header-optional_header sizeof.image = file_end |
|||
07 Dec 2011, 14:50 |
|
mindcooler 08 Dec 2011, 02:12
Code: dd alignment ; section alignment You have a $200 section alignment again, it can't be less than $1000. And you are not adjusting raw addresses, e.g. Code: dd code_directory ; raw pointer to data _________________ This is a block of text that can be added to posts you make. |
|||
08 Dec 2011, 02:12 |
|
Kazyaka 09 Dec 2011, 12:42
But with section alignment $1000 file has size above 4kB.
Code: ; ; manual PE ; image_base equ 0x400000 alignment equ 0x1000 stack_reserve equ 0x1000 stack_commit equ 0x1000 heap_reserve equ 0x1000 heap_commit equ 0x1000 ; ; dos header ; pe header ; optional header ; directory entries ; import header ; code directory ; import directory ; format binary as "exe" use32 dos_header: dw 'MZ' ; DOS signature db 0x3A dup(0) ; unused dd 0x40 ; PE header address pe_header: db 'PE',0,0 ; PE signature dw 0x014C ; cpu (386) dw 1 ; number of sections dd 0 ; timestamp dd 0 ; symbol table address dd 0 ; number of symbols dw sizeof.header ; size of optional header dw 0x010F ; characteristics optional_header: dw 0x010B ; magic dw 0 ; linker version dd 0 ; size of code section dd 0 ; size of initialised data dd 0 ; size of uninitialise data dd code_directory ; entry point address dd 0 ; base of code dd 0 ; base of data dd image_base ; base of image dd alignment ; section alignment dd alignment ; file alignment dw 0 ; os version major dw 0 ; os version minor dw 0 ; image version major dw 0 ; image version minor dw 4 ; subsystem version major dw 0 ; subsystem version minor dd 0 ; win32 version (reserved) dd sizeof.image ; image size dd code_directory ; header size dd 0 ; checksum dw 0x0002 ; subsystem (GUI) dw 0 ; dll characteristics dd stack_reserve ; stack reserve size dd stack_commit ; stack commit size dd heap_reserve ; heap reserve size dd heap_commit ; heap commit size dd 0 ; loader flags (obsolete) dd 16 ; number of directory entries directory_entries: dq 0 ; export dd import_directory ; import section rva dd sizeof.import ; import section size dq 39 dup(0) ; the rest import_header: dq '.import' ; name dd sizeof.import ; virtual size dd code_directory ; rva dd sizeof.import ; raw size dd code_directory ; raw pointer to data dd 0 ; pointer to relocations dd 0 ; pointer to line numbers dw 0 ; number of relocations dw 0 ; number of line numbers dd 0x0E0000020 ; characteristics align alignment org 0x1000 code_directory: push 0 push title+image_base push message+image_base push 0 call[MessageBox+image_base] push 0 call[ExitProcess+image_base] title: db 'Title',0 message: db 'Hello world',0 import_directory: dd 0,0,0,kernel_name,kernel_table dd 0,0,0,user_name,user_table dd 0,0,0,0,0 kernel_name db 'KERNEL32',0 user_name db 'USER32', 0 kernel_table: ExitProcess dd _ExitProcess dd 0 user_table: MessageBox dd _MessageBox+0000h dd 0 _MessageBox db 0, 0, 'MessageBoxA', 0 _ExitProcess db 0,0,'ExitProcess',0 file_end: sizeof.import = file_end-import_directory sizeof.header = import_header-optional_header sizeof.image = file_end I give up. |
|||
09 Dec 2011, 12:42 |
|
mindcooler 09 Dec 2011, 21:25
Now you have section alignment and file alignment equal again.
I think you are confusing section alignment, file alignment and your section's raw and rva. Set file alignment to $200, and your .import section starts at raw $200 rva $1000 instead of raw $1000 rva $1000. |
|||
09 Dec 2011, 21:25 |
|
Kazyaka 11 Dec 2011, 17:56
I think easier is using your code. How can I remove console from program?
|
|||
11 Dec 2011, 17:56 |
|
DOS386 12 Dec 2011, 02:11
> How can I remove console from program?
Set subsystem to GUY > You can shave off a few bytes by * optimizing the imports, see http://board.flatassembler.net/topic.php?t=11170 "DeLL HeLL" Code: ; WARNING this is unnecessary bloated _MessageBox db 0, 0, 'MessageBoxA', 0 _ExitProcess db 0,0,'ExitProcess',0 > But with section alignment $1000 file has size above 4kB. Then you did something wrong because my file has also section alignment $1000 but the bloat is only 1 KiB PS: my examples are supposed to run on any Windaube from 7 (lowest and oldest) to 95 (highest and newest) as well as with HX, ReactorOS, and Wine&Beer. Let me know if they don't. |
|||
12 Dec 2011, 02:11 |
|
mindcooler 12 Dec 2011, 15:49
Kazyaka wrote: I think easier is using your code. If you are going to use my code, why not take a look at something more recent: http://files.sys5.se/hellogui.zip Kazyaka wrote: How can I remove console from program? Subsystem = IMAGE_SUBSYSTEM_WINDOWS_GUI _________________ This is a block of text that can be added to posts you make. |
|||
12 Dec 2011, 15:49 |
|
Kazyaka 15 Dec 2011, 21:31
Thank you for advices!
DOS386 wrote: Then you did something wrong because my file has also section alignment $1000 but the bloat is only 1 KiB Wrong? But what? Can you show your code, please? |
|||
15 Dec 2011, 21:31 |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.