General > The Laboratory

Looking for the smallest possible .EXE

(1/10) > >>

aw27:
 :biggrin:

I have been able to see 32-bit .exes with around 100 bytes, however they don't launch on a 64-bit operating system.

This is as small as I could go for a 32-bit .exe on 64-bit OS - 515 bytes (I could reduce it to 513 bytes leaving only the ret).

It was based on a sample in the Jwasm\Uasm Samples directory:


--- Code: ---
;--- assemble: UASM -bin -Fo tiny.exe tiny.ASM

    .386
    option casemap:none

    include winnt.inc   ;Use the simplified winnt.inc from Sample folder of UASM.

IMAGEBASE equ 400000h

PEHDR segment dword FLAT
    ORG IMAGEBASE
start_header label near

;--- simplified DOS "MZ" header
IMAGE_DOS_HEADER <"ZM", 0, 0, 0,0,0,0,0,0,0,0,0,0,0,<0>,0,0,<0>,IMAGEREL PEHdr>

;--- define the Win32 "PE" header
PEHdr label byte
    db "PE",0,0
    IMAGE_FILE_HEADER <IMAGE_FILE_MACHINE_I386, num_sections, 0, 0, 0, sizeof IMAGE_OPTIONAL_HEADER32,\
        IMAGE_FILE_RELOCS_STRIPPED or IMAGE_FILE_EXECUTABLE_IMAGE or IMAGE_FILE_32BIT_MACHINE or IMAGE_FILE_LOCAL_SYMS_STRIPPED>

    IMAGE_OPTIONAL_HEADER32 { 10Bh, ;magic
        6,0,                        ;linker major, minor
        0,0,0,              ;sizeof code, initialized data, uninitialized data
        IMAGEREL main,    ;entry point
        0, 0,  ;baseof code, data
        400000h,    ;imagebase
        1000h,200h,   ;section alignment, file alignment
        5,0,          ;OS major, minor
        0,0,          ;Image major, minor
        5,0,          ;Subsys major, minor
        0,            ;win32 version
        2000h,        ;sizeof image
        1000h,        ;sizeof header
        0,            ;checksum
        IMAGE_SUBSYSTEM_WINDOWS_CUI,
        0,            ;dll characteristics
        100000h,1000h,;stack res,com
        100000h,1000h,;heap res, com
        0,            ;loader flags
        16,           ;number of directories
  16 dup (<0,0>)}
;--- define the section table

sectiontable label byte
    IMAGE_SECTION_HEADER <".text", <sizeof_text>, IMAGEREL start_text, sizeof_text,\
        200h, 0, 0, 0, 0, 060000020h >
num_sections equ ( $ -  sectiontable ) / sizeof IMAGE_SECTION_HEADER

    ORG IMAGEBASE+200h   ;forces physical size of header to 200h and sets VA to 400200h

PEHDR ends


_TEXT segment dword public FLAT 'CODE'
ORG 0E00h   ; change pc to RVA 1000h, section alignment and file alignment are different
start_text label near

;--- entry
main proc c
xor eax, eax
ret
main endp

sizeof_text equ $ - start_text

_TEXT ends

    END

--- End code ---

Note: Most of the PE fields are not used at all by the launcher, so you may be surprised to find them zeroed here.

aw27:
I attach a 32-bit .exe with 358 bytes, but it will only run on a 32-bit Operating System.
This is probably as short as we can go without using the ultra "dirty" tricks elaborated here:
http://www.phreedom.org/research/tinype/

In the attachment I include a batch file to confirm that the .Exe actually works (it should echo the returned value which in this case is 33).

jj2007:
Eight bytes should be enough to print "hello world" ;)

hutch--:
 :biggrin:

You guys must be bored.  :P

aw27:

--- Quote from: jj2007 on October 06, 2017, 06:39:05 PM ---Eight bytes should be enough to print "hello world" ;)

--- End quote ---
Yes, I miss as well those days where .com were not top level domains.  :(


--- Quote ---You guys must be bored.  :P

--- End quote ---
sights.  :(

Navigation

[0] Message Index

[#] Next page

Go to full version