Condividi tramite


Stupid PE File Tricks

If you're an aficionado of all things PE file related, you'll get a kick of this article:

https://www.phreedom.org/solar/code/tinype/

It shows all the wild twists and contortions to make a legal 97 byte Win32 PE file.

I think the smallest Win32 binary I ever created was 1KB, but that was just by playing tricks with the linker and my tinycrt library. I never tooks steps like locating code bytes in unused fields in the PE header.

Comments

  • Anonymous
    November 07, 2006
    Okay, that is just darn cool - but the (ab)uses are scary!

  • Anonymous
    November 07, 2006
    The comment has been removed

  • Anonymous
    November 08, 2006
    The comment has been removed

  • Anonymous
    November 09, 2006
    Another interesting observation when running the smallest 97-byte program is noting all that Windows brings to the party that is not even needed by the program.  For example, KERNEL32 is loaded eventhough it is not referenced by the program with or without an import table; the loader needs it.  Also, for some reason the "program" gets 3 heaps eventhough there is no memory allocation done.  There is a TEB and PEB as well.  Fascinating!

  • Anonymous
    November 09, 2006
    The comment has been removed