News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Win64 Size Test

Started by hutch--, January 10, 2023, 10:29:58 PM

Previous topic - Next topic

hutch--

Stripped down a bare 64 bit Window, set the PE file alignment to 64 and ended up with a working EXE file of 1920 bytes. If I remembered how to write a DOS stub, you could get it down a little further but I have not done one for years. Only 3 crapheap AV scanners did not like it but no garrantee it will work on all 64 bit Windows versions.

; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    include \masm64\include64\masm64rt.inc

    .code
      classname db "Win64",0

; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

entry_point proc

    call main
    .exit

entry_point endp

; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

main proc

    LOCAL wc        :WNDCLASSEX
    LOCAL hInstance :QWORD

    mov hInstance,rvcall(GetModuleHandle,0)

    mov wc.cbSize,         SIZEOF WNDCLASSEX
    mov wc.style,          CS_BYTEALIGNCLIENT or CS_BYTEALIGNWINDOW
    mov wc.lpfnWndProc,    ptr$(WndProc)
    mov wc.cbClsExtra,     0
    mov wc.cbWndExtra,     0
    mrm wc.hInstance,      hInstance
    mov wc.hIcon,          0
    mov wc.hCursor,        rvcall(LoadCursor,0,IDC_ARROW)
    mrm wc.hbrBackground,  0
    mov wc.lpszMenuName,   0
    mov wc.lpszClassName,  ptr$(classname)
    mov wc.hIconSm,        0

    rcall RegisterClassEx,ptr$(wc)

    lea r11, classname

    invoke CreateWindowEx,WS_EX_LEFT or WS_EX_ACCEPTFILES, \
                          r11, r11, \
                          WS_OVERLAPPEDWINDOW or WS_VISIBLE,\
                          250,150,800,600,0,0,hInstance,0
    call msgloop

    ret

main endp

; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

msgloop proc

    LOCAL msg    :MSG
    LOCAL pmsg   :QWORD

    mov pmsg, ptr$(msg)                     ; get the msg structure address
    jmp gmsg                                ; jump directly to GetMessage()

  mloop:
    ; rcall TranslateMessage,pmsg           ; not needed here
    rcall DispatchMessage,pmsg
  gmsg:
    xor r11, r11
    test rax, rvcall(GetMessage,pmsg,r11,r11,r11) ; loop until GetMessage returns zero
    jnz mloop

    ret

msgloop endp

; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

WndProc proc hWin:QWORD,uMsg:QWORD,wParam:QWORD,lParam:QWORD

    LOCAL hDC :QWORD
    LOCAL ps  :PAINTSTRUCT
    LOCAL rct :RECT

    .switch uMsg
      .case WM_CREATE
        xor rax, rax
        ret

      .case WM_PAINT
        rcall BeginPaint,hWin,ptr$(ps)
        mov hDC, rvcall(GetDC,hWin)

        mov rct.left, 25
        mov rct.top, 25
        mov rct.right, 100
        mov rct.bottom, 50

        invoke DrawText,hDC,"How D",-1,ptr$(rct),DT_SINGLELINE

        rcall ReleaseDC,hWin,hDC
        rcall EndPaint,hWin,ptr$(ps)

      .case WM_CLOSE
        rcall PostQuitMessage,NULL

    .endsw

    rcall DefWindowProc,hWin,uMsg,wParam,lParam

    ret

WndProc endp

; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    end

comment #
    --------------------------------------
    3 x crapheap AV scanners on VirusTotal
    --------------------------------------
    Cylance Unsafe
    SecureAge Malicious
    Trapmine Malicious.moderate.ml.score
#

jj2007

/MERGE:.data=.rdata /MERGE:.rdata=.text /stub:Hello16.obj

Saves 40h bytes :cool:

Plus the trick with the global wndclassex, which is good for another 40h bytes, see attachment.

Quote4 security vendors and no sandboxes flagged this file as malicious

zedd151

#2
Quote from: jj2007 on January 11, 2023, 12:40:59 AM
Saves 40h bytes :cool:
Plus the trick with the global wndclassex, which is good for another 40h bytes, see attachment.
Saved some more bytes by trimming the zeros (101 to be exact) at the end of file.  :tongue: 
1,755 bytes ...
Pretty sure this version will get flagged as it is more unorthodox than even your version, jj.

daydreamer

great :thumbsup:
1755 bytes gives plenty of space to code a 4096 byte(4k) demo
my none asm creations
https://masm32.com/board/index.php?topic=6937.msg74303#msg74303
I am an Invoker
"An Invoker is a mage who specializes in the manipulation of raw and elemental energies."
Like SIMD coding

jj2007


zedd151

#5
Quote from: jj2007 on January 11, 2023, 03:40:30 AM
1728 bytes, and no foul tricks :biggrin:
bravo! But how does it fare against AV software?
And does it run under Windows 10/11?


later ... Runs okay Windows 10.

jj2007


zedd151


daydreamer

Quote from: zedd151 on January 11, 2023, 06:06:06 AM
Quote from: jj2007 on January 11, 2023, 05:52:16 AM
Excellent
  :thumbsup:
Quote from: daydreamer on January 11, 2023, 03:21:08 AMgreat :thumbsup: 1755 bytes gives plenty of space to code a 4096 byte(4k) demo
Great! Post an example ...  :biggrin:
Havent made 64bit demo or ported 32bit to 64bit yet
[urlhttp://masm32.com/board/index.php?topic=6731.0[/url]
Havent even reached 4096bytes,two 3072bytes exe and one 3.5kb
my none asm creations
https://masm32.com/board/index.php?topic=6937.msg74303#msg74303
I am an Invoker
"An Invoker is a mage who specializes in the manipulation of raw and elemental energies."
Like SIMD coding

hutch--

jj,

> /MERGE:.data=.rdata /MERGE:.rdata=.text /stub:Hello16.obj

I know how to USE a dos stub but I forget how to make them. Could be done with a hex editor but I had little motivation to do so.  :tongue:

TimoVJL

http://masm32.com/board/index.php?topic=7608.msg83097#msg83097
May the source be with you

jj2007

Here is a fascinating lecture.

With my limited knowledge, I can't push it below 1456 bytes :sad:

jj2007

Quote from: hutch-- on January 11, 2023, 08:18:10 AM
jj,

> /MERGE:.data=.rdata /MERGE:.rdata=.text /stub:Hello16.obj

I know how to USE a dos stub but I forget how to make them. Could be done with a hex editor but I had little motivation to do so.  :tongue:

You should ask this guy for instructions:

QuoteHere is the dos stub ... written as REAL men do in HEX. :)

zedd151

#13
Quote from: jj2007 on January 11, 2023, 11:40:51 AMYou should ask this guy for instructions:
QuoteHere is the dos stub ... written as REAL men do in HEX. :)

:tongue:  Old memories fade fast.
Quote from: you may know whoHere is the dos stub for my tiny editor TheGun.exe, written as REAL men do in HEX. :)
Well it was over 20 years ago after all. I can barely remember what I did yesterday sometimes.  :tongue: 

hutch--

 :biggrin:

You would be surprised how much code I have written in  the last 20 years, I would like to blame it on senile decay but its a ratio of quantity. I only remember most of it, the useful stuff.  :skrewy: