flat assembler
Message board for the users of flat assembler.

Index > Windows > Tiny PE in win64

Goto page Previous  1, 2, 3
Author
Thread Post new topic Reply to topic
MatQuasar



Joined: 25 Oct 2023
Posts: 102
MatQuasar 19 Apr 2024, 14:22
jochenvnltn wrote:
What about a self replicating 64bit EXE ?


You can, either submit a pull request (late entry will be accepted) or use your tiny PE and wait for BGGP 2024 (begin in June).

I was the winner of PE category (@fliermate) with 1024 bytes.
But my late entry is a 528-byte 32-bit PE, as demonstrated in the second last post in page 1 of this thread. (Or you can click link: https://board.flatassembler.net/topic.php?p=237311#237311 )

With your 309-byte tiny PE, I think you can easily beat mine 528-byte PE (and 1KB PE).
Post 19 Apr 2024, 14:22
View user's profile Send private message Reply with quote
jochenvnltn



Joined: 15 Jul 2011
Posts: 96
jochenvnltn 19 Apr 2024, 17:02
MatQuasar wrote:
jochenvnltn wrote:
What about a self replicating 64bit EXE ?


You can, either submit a pull request (late entry will be accepted) or use your tiny PE and wait for BGGP 2024 (begin in June).

I was the winner of PE category (@fliermate) with 1024 bytes.
But my late entry is a 528-byte 32-bit PE, as demonstrated in the second last post in page 1 of this thread. (Or you can click link: https://board.flatassembler.net/topic.php?p=237311#237311 )

With your 309-byte tiny PE, I think you can easily beat mine 528-byte PE (and 1KB PE).


I now got a working x64 PE, with an import table that shows a MessageBox to

277bytes Smile
Post 19 Apr 2024, 17:02
View user's profile Send private message MSN Messenger Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 3946
Location: vpcmipstrm
bitRAKE 22 Apr 2024, 07:13
jochenvnltn wrote:
Ill delete my post sorry !
Nothing to be sorry about. If you say you did a thing that is enough for me - I don't need proof. Of course, if you did something novel we could all learn from then a code snippet would be most generous.

Here is a related article, perhaps of interest ...
https://secret.club/2023/06/05/spoof-pe-sections.html
(FYI, this technique still works in Win11.)

One of the beautiful things about such an advanced assembler, is that we can write code to verify what we know about the loader!
Code:
; verify some known rules of loader:

load e_lfanew:4 from $$+3Ch ; Offset to the NT header
assert e_lfanew < ($-$$-4) ; can't be larger than file
load PE_Sig:4 from $$+e_lfanew
assert PE_Sig = 'PE'    
... this way we can try complex overlapping windows and other tricks and assemble-time code verifies we haven't broken something simple. Put this verifier in another file to be included at the end, and it'll save a lot of time. Find ways to add all the discoveries you make.

_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup
Post 22 Apr 2024, 07:13
View user's profile Send private message Visit poster's website Reply with quote
jochenvnltn



Joined: 15 Jul 2011
Posts: 96
jochenvnltn 23 Apr 2024, 17:21
I found this : https://github.com/ayaka14732/TinyPE-on-Win10
Not sure if i want to just take what he did and put it into FASM code.
He got to this result by his own effort and i don't want to replicate his project..
A PE file that's 277 bytes and works with Win10 & 11 isn't that bad Smile
Post 23 Apr 2024, 17:21
View user's profile Send private message MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.