General > The Laboratory

Looking for the smallest possible .EXE

(1/10) > >>


I have been able to see 32-bit .exes with around 100 bytes, however they don't launch on a 64-bit operating system.

This is as small as I could go for a 32-bit .exe on 64-bit OS - 515 bytes (I could reduce it to 513 bytes leaving only the ret).

It was based on a sample in the Jwasm\Uasm Samples directory:

--- Code: ---
;--- assemble: UASM -bin -Fo tiny.exe tiny.ASM

    option casemap:none

    include   ;Use the simplified from Sample folder of UASM.

IMAGEBASE equ 400000h

PEHDR segment dword FLAT
start_header label near

;--- simplified DOS "MZ" header
IMAGE_DOS_HEADER <"ZM", 0, 0, 0,0,0,0,0,0,0,0,0,0,0,<0>,0,0,<0>,IMAGEREL PEHdr>

;--- define the Win32 "PE" header
PEHdr label byte
    db "PE",0,0
    IMAGE_FILE_HEADER <IMAGE_FILE_MACHINE_I386, num_sections, 0, 0, 0, sizeof IMAGE_OPTIONAL_HEADER32,\

    IMAGE_OPTIONAL_HEADER32 { 10Bh, ;magic
        6,0,                        ;linker major, minor
        0,0,0,              ;sizeof code, initialized data, uninitialized data
        IMAGEREL main,    ;entry point
        0, 0,  ;baseof code, data
        400000h,    ;imagebase
        1000h,200h,   ;section alignment, file alignment
        5,0,          ;OS major, minor
        0,0,          ;Image major, minor
        5,0,          ;Subsys major, minor
        0,            ;win32 version
        2000h,        ;sizeof image
        1000h,        ;sizeof header
        0,            ;checksum
        0,            ;dll characteristics
        100000h,1000h,;stack res,com
        100000h,1000h,;heap res, com
        0,            ;loader flags
        16,           ;number of directories
  16 dup (<0,0>)}
;--- define the section table

sectiontable label byte
    IMAGE_SECTION_HEADER <".text", <sizeof_text>, IMAGEREL start_text, sizeof_text,\
        200h, 0, 0, 0, 0, 060000020h >
num_sections equ ( $ -  sectiontable ) / sizeof IMAGE_SECTION_HEADER

    ORG IMAGEBASE+200h   ;forces physical size of header to 200h and sets VA to 400200h

PEHDR ends

_TEXT segment dword public FLAT 'CODE'
ORG 0E00h   ; change pc to RVA 1000h, section alignment and file alignment are different
start_text label near

;--- entry
main proc c
xor eax, eax
main endp

sizeof_text equ $ - start_text

_TEXT ends


--- End code ---

Note: Most of the PE fields are not used at all by the launcher, so you may be surprised to find them zeroed here.

I attach a 32-bit .exe with 358 bytes, but it will only run on a 32-bit Operating System.
This is probably as short as we can go without using the ultra "dirty" tricks elaborated here:

In the attachment I include a batch file to confirm that the .Exe actually works (it should echo the returned value which in this case is 33).

Eight bytes should be enough to print "hello world" ;)


You guys must be bored.  :P


--- Quote from: jj2007 on October 06, 2017, 06:39:05 PM ---Eight bytes should be enough to print "hello world" ;)

--- End quote ---
Yes, I miss as well those days where .com were not top level domains.  :(

--- Quote ---You guys must be bored.  :P

--- End quote ---
sights.  :(


[0] Message Index

[#] Next page

Go to full version