Stripped down a bare 64 bit Window, set the PE file alignment to 64 and ended up with a working EXE file of 1920 bytes. If I remembered how to write a DOS stub, you could get it down a little further but I have not done one for years. Only 3 crapheap AV scanners did not like it but no garrantee it will work on all 64 bit Windows versions.
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
include \masm64\include64\masm64rt.inc
.code
classname db "Win64",0
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
entry_point proc
call main
.exit
entry_point endp
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
main proc
LOCAL wc :WNDCLASSEX
LOCAL hInstance :QWORD
mov hInstance,rvcall(GetModuleHandle,0)
mov wc.cbSize, SIZEOF WNDCLASSEX
mov wc.style, CS_BYTEALIGNCLIENT or CS_BYTEALIGNWINDOW
mov wc.lpfnWndProc, ptr$(WndProc)
mov wc.cbClsExtra, 0
mov wc.cbWndExtra, 0
mrm wc.hInstance, hInstance
mov wc.hIcon, 0
mov wc.hCursor, rvcall(LoadCursor,0,IDC_ARROW)
mrm wc.hbrBackground, 0
mov wc.lpszMenuName, 0
mov wc.lpszClassName, ptr$(classname)
mov wc.hIconSm, 0
rcall RegisterClassEx,ptr$(wc)
lea r11, classname
invoke CreateWindowEx,WS_EX_LEFT or WS_EX_ACCEPTFILES, \
r11, r11, \
WS_OVERLAPPEDWINDOW or WS_VISIBLE,\
250,150,800,600,0,0,hInstance,0
call msgloop
ret
main endp
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
msgloop proc
LOCAL msg :MSG
LOCAL pmsg :QWORD
mov pmsg, ptr$(msg) ; get the msg structure address
jmp gmsg ; jump directly to GetMessage()
mloop:
; rcall TranslateMessage,pmsg ; not needed here
rcall DispatchMessage,pmsg
gmsg:
xor r11, r11
test rax, rvcall(GetMessage,pmsg,r11,r11,r11) ; loop until GetMessage returns zero
jnz mloop
ret
msgloop endp
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
WndProc proc hWin:QWORD,uMsg:QWORD,wParam:QWORD,lParam:QWORD
LOCAL hDC :QWORD
LOCAL ps :PAINTSTRUCT
LOCAL rct :RECT
.switch uMsg
.case WM_CREATE
xor rax, rax
ret
.case WM_PAINT
rcall BeginPaint,hWin,ptr$(ps)
mov hDC, rvcall(GetDC,hWin)
mov rct.left, 25
mov rct.top, 25
mov rct.right, 100
mov rct.bottom, 50
invoke DrawText,hDC,"How D",-1,ptr$(rct),DT_SINGLELINE
rcall ReleaseDC,hWin,hDC
rcall EndPaint,hWin,ptr$(ps)
.case WM_CLOSE
rcall PostQuitMessage,NULL
.endsw
rcall DefWindowProc,hWin,uMsg,wParam,lParam
ret
WndProc endp
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
end
comment #
--------------------------------------
3 x crapheap AV scanners on VirusTotal
--------------------------------------
Cylance Unsafe
SecureAge Malicious
Trapmine Malicious.moderate.ml.score
#
/MERGE:.data=.rdata /MERGE:.rdata=.text /stub:Hello16.obj
Saves 40h bytes :cool:
Plus the trick with the global wndclassex, which is good for another 40h bytes, see attachment.
Quote4 security vendors and no sandboxes flagged this file as malicious (https://www.virustotal.com/gui/file/33440bd10425586bdce97b2d7d89cacfde7d493222c8d3945d683df1009246b0?nocache=1)
Quote from: jj2007 on January 11, 2023, 12:40:59 AM
Saves 40h bytes :cool:
Plus the trick with the global wndclassex, which is good for another 40h bytes, see attachment.
Saved some more bytes by trimming the zeros (101 to be exact) at the end of file. :tongue:
1,755 bytes ...
Pretty sure this version will get flagged as it is more unorthodox than even your version, jj.
great :thumbsup:
1755 bytes gives plenty of space to code a 4096 byte(4k) demo
Quote from: zedd151 on January 11, 2023, 02:40:09 AM
1,755 bytes ...
1728 bytes, and no foul tricks :biggrin:
Quote from: jj2007 on January 11, 2023, 03:40:30 AM
1728 bytes, and no foul tricks :biggrin:
bravo! But how does it fare against AV software?
And does it run under Windows 10/11?
later ... Runs okay Windows 10.
Quote from: zedd151 on January 11, 2023, 05:20:39 AMBut how does it fare against AV software?
Excellent (https://www.virustotal.com/gui/file/0ef2f606f320caf2d0343f98b62d7b3f1d0efbd10e7a4cf33d927739d02e3720?nocache=1)
Quote from: jj2007 on January 11, 2023, 05:52:16 AM
Excellent (https://www.virustotal.com/gui/file/0ef2f606f320caf2d0343f98b62d7b3f1d0efbd10e7a4cf33d927739d02e3720?nocache=1)
:thumbsup:
Quote from: daydreamer on January 11, 2023, 03:21:08 AMgreat :thumbsup: 1755 bytes gives plenty of space to code a 4096 byte(4k) demo
Great! Post an example ... :biggrin:
Quote from: zedd151 on January 11, 2023, 06:06:06 AM
Quote from: jj2007 on January 11, 2023, 05:52:16 AM
Excellent (https://www.virustotal.com/gui/file/0ef2f606f320caf2d0343f98b62d7b3f1d0efbd10e7a4cf33d927739d02e3720?nocache=1)
:thumbsup:
Quote from: daydreamer on January 11, 2023, 03:21:08 AMgreat :thumbsup: 1755 bytes gives plenty of space to code a 4096 byte(4k) demo
Great! Post an example ... :biggrin:
Havent made 64bit demo or ported 32bit to 64bit yet
[urlhttp://masm32.com/board/index.php?topic=6731.0[/url]
Havent even reached 4096bytes,two 3072bytes exe and one 3.5kb
jj,
> /MERGE:.data=.rdata /MERGE:.rdata=.text /stub:Hello16.obj
I know how to USE a dos stub but I forget how to make them. Could be done with a hex editor but I had little motivation to do so. :tongue:
http://masm32.com/board/index.php?topic=7608.msg83097#msg83097
Here is a fascinating lecture (http://www.phreedom.org/research/tinype/).
With my limited knowledge, I can't push it below 1456 bytes :sad:
Quote from: hutch-- on January 11, 2023, 08:18:10 AM
jj,
> /MERGE:.data=.rdata /MERGE:.rdata=.text /stub:Hello16.obj
I know how to USE a dos stub but I forget how to make them. Could be done with a hex editor but I had little motivation to do so. :tongue:
You should ask this guy for instructions:
QuoteHere is the dos stub ... written as REAL men do in HEX. :) (http://www.asmcommunity.net/forums/topic/?id=4191)
Quote from: jj2007 on January 11, 2023, 11:40:51 AMYou should ask this guy for instructions:
QuoteHere is the dos stub ... written as REAL men do in HEX. :) (http://www.asmcommunity.net/forums/topic/?id=4191)
:tongue: Old memories fade fast.
Quote from: you may know whoHere is the dos stub for my tiny editor TheGun.exe, written as REAL men do in HEX. :)
Well it was over 20 years ago after all.
I can barely remember what I did
yesterday sometimes. :tongue:
:biggrin:
You would be surprised how much code I have written in the last 20 years, I would like to blame it on senile decay but its a ratio of quantity. I only remember most of it, the useful stuff. :skrewy:
Quote from: hutch-- on January 11, 2023, 01:08:26 PM
... I would like to blame it on senile decay but its a ratio of quantity. ...
Can I steal that line for the next time anyone says I'm going senile, or am getting Alzheimers? :biggrin:
zedd151,
Quote from: zedd151 on January 11, 2023, 01:25:01 PM
Can I steal that line for the next time anyone says I'm going senile, or am getting Alzheimers? :biggrin:
give credit where credit is due. :cool:
:biggrin:
There is an inverse logic in claiming senile decay, if you can claim it, you are not senile (yet) but if you can't or don't remember, you may have already gone down that path. :eusa_boohoo:
Now for those who share the modesty of being infallible, optional senility allows you to say "I have never made a mistake" and while no-one will believe you, its a case of who cares. :tongue:
Quote from: Gunther on January 11, 2023, 02:30:19 PM give credit where credit is due. :cool:
But of course. :biggrin:
Quote from: hutch-- on January 11, 2023, 03:07:03 PM... and while no-one will believe you, its a case of who cares.
:tongue:
Here I heard usage of "I got alzheimers lite", when someone forgot something :greenclp:
Isn't minimum 64bit program just the opcode ret
Like in 32bit?
Or postquitmessage?
One phrase
-"I forgot to take my pill against senile decay"
Quote from: daydreamer on January 12, 2023, 08:28:08 PM
Isn't minimum 64bit program just the opcode ret
I doubt it :biggrin:
Anyway, the specs for my 1456 byte proggie (http://masm32.com/board/index.php?topic=10602.msg117480#msg117480) were "a window with a WM_PAINT handler" :cool:
I got what I was after with the test piece, running a 64 byte section alignment, runs on Win10 and only a few of the donkey AV scanners (he haw he haw) spat the dummy on it.
Tiny .ico files helps for both 64bit and 32bit
92 bytes .ico files as main program icon Little extreme
But smaller .ico file double as program icon and invoke drawiconex or to put in button can save space
Sounds like interesting stuff Magnus but I am not into 4k demos, I am into apps and tools.