until recently i tought that .exe file must have at least about 1.5kb in size.... actualy 1536 bytes have the less .exe that can be maded acording to 1. lession in icz tut
that program does absolutely nothing, just starts and exits..
(i am talking about windows .exe files)

today i found a exe file in about 66 bytes!!!!
that can be run under windows and it will open dos console and output
an string....if i sub the string lenght from .exe lenght i get about 45 bytes of pure code
so 2 questions
1. how did he did that???????!!!!!!!!!!!
2. anyone can beat this record? ;)
Posted on 2001-11-19 16:22:32 by Mikky
about 1.5kb could have the smallest *PE* .exe file which can run in 9X/2K/XP
u are confusing windows .exe with dos .exe
a windows PE file in 66bytes? NO WAY.
a dos .exe, sure...but dos is dead for most of us.
Posted on 2001-11-19 16:49:33 by DZA
You said it Mikky: It opens a dos console.
I have been looking for small exe files in my system and I found in Windows\Command the file xcopy.exe. It is 4 KB size and it is not a program that only shows a string. I think it is possible to create a DOS exe file of 66 bytes, but of course, it wont be so useful.
With a .com file you can create small files as you want. Have a look to this one.
Note that i could have make it also more small by putting a smaller word like: "Hi".

If you are too lazy to disassemble:

a
jmp 108
db "Hello" "$"
mov dx,0102
mov ah,09
int 21
int 20

See you.
Posted on 2001-11-19 17:31:31 by CodeLover
The smallest legal PE file is 1k.

66 byte file is run under DOS emulation automatically by windows. Upon detecting that the code being executed is for a legacy system (ie. DOS) Windows provides an emulation of the standard DOS functionality (because Windows runs in protected mode), and executes it in a DOS box.

A standard PE file can be only 1k big rather than the 1.5k you've seen because you can eliminate the data section.
If you need read-only data you can go straight off, and embed the data in the code section, if you need to write to it too you need to link with special commands to set the code section as read/write.
Best place to put your data is before the entry point, or after the exit (ie. Somewhere that'll never get hit in normal code, otherwise the processor will try and decode and execute it, which would be "bad")!


.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib

.code
MyText db "Hello!", 0

start:
invoke MessageBox, NULL, ADDR MyText, NULL, MB_OK
invoke ExitProcess, NULL
end start


It avoids a data section with the text, and so avoids the .5k that each section must take up as a minimum (alignment that windows demands). You can shrink it further, but it may not work on any given Windows OS. You can go really low, create your own PE header using HEX (hutch'll tell you how if you ask nice) and make the text smaller (the one that says "Buy Windows for an extremely high price to run this software" or something like that :P ). But then if you REALLY want to do that, you've probably not taken the pills the doctor gave you....

Mirno
Posted on 2001-11-19 18:20:36 by Mirno
Mikky,

Mirno is right, the smallest PE file you can make
that IS a PE file is 1024 bytes which is 2 * 512 byte sections.

The only files that come in at under 100 bytes are dos COM files which are pure memory images loaded by the DOS subsystem.

A PE file by specification has a DOS stub and while you can reduce its size easily enough, it stops being a PE file and will not run on all versions of windows.

dosvidjenja

hutch@movsd.com
Posted on 2001-11-19 19:04:26 by hutch--
The smallest .exe I have seen on DOS is 512bytes (the size of the header) and thats by using a trick

The smallest .com you can make (that works, but does nothing but return) is 1byte.



;
;ret.asm
;
.model tiny
.code
org 100h
start:
ret


then using the 16 bit linker (wich I renamed link16):



ml -c ret.asm
link16 /tiny ret.obj,ret.exe,,,,

you get a one byte ret.exe (wich is really a .com file), than runs on windows (but not on real DOS, since its really a .com file).

I suspect that the .exe you seen its really a .com file

smallest .com = 1byte
smallest (real) DOS .exe = 512 bytes
smallest Win32 .exe = 1024 bytes
Posted on 2001-11-20 07:33:05 by dxantos
You can get PE smaller than 1k, but they're only legal on win2k as far as I test. Probably WinNT as well :confused:
Posted on 2001-11-20 07:36:32 by Eóin
or 148 dwords, as you prefer...

and still have 156 bytes for readonly data in the pe header, and 20 bytes for variables in the null dll import entry

tested in w98 only

ancev
Posted on 2001-11-20 08:21:57 by ancev
Tested on WinNT, Not a valid application.

I'll test Win2k when I get home. Unless someone beats me to to it. :grin:
Posted on 2001-11-20 08:50:59 by Eóin
Win2k says:

---------------------------
C:\tinype\TINY_PE.EXE
---------------------------
C:\tinype\TINY_PE.EXE is not a valid Win32 application.
---------------------------
OK
---------------------------



(the ctrl+c feature of messageboxes is fun ;).
Posted on 2001-11-20 09:21:02 by f0dder
dxantos,

The smaller .com file i could do is of 2 bytes.

With debugger code is:
;
a
int 20
;
This needs at least two bytes.
Posted on 2001-11-20 14:25:54 by CodeLover
I made a com file consisting only of "ret", and it worked fine :).
Posted on 2001-11-20 14:42:26 by f0dder
Yes, single "ret" will work as a ".com" program, because DOS puts word 0 on the stack before starting program, and at address cs:0 begins PSP, and (finally) first two bytes of PSP are 0CDh 020h = "int 20h" :grin:
Posted on 2001-11-20 15:00:31 by Tomasz Grysztar
Nice to see that there's people around who know why =). (I did too, lalala).
Posted on 2001-11-20 15:18:05 by f0dder
Yes, Privalov, single ret works fine. You are definitely right.
Posted on 2001-11-20 18:37:45 by CodeLover
If you are really interested in size, why don't you try the Hugi Size Optimizing Competition!? A small program that doesn't do anything is academic, but a small program that does something is fun! :)

Posted on 2001-11-20 18:57:13 by bitRAKE
Nice to see that there's people around who know why =). (I did too, lalala).


Yeah, you surely did fodder...heh

There is one APJ issue which deals with some sort of 'smalles PE competition' and it's good to read the dirty little tricks some guys did to reduce the exe's size..

APJ = _mammon's Assembler Programming Journal


Latigo
Posted on 2001-11-21 09:09:13 by latigo

(the ctrl+c feature of messageboxes is fun ;).


I never knew about that. This really is quite fun. Thanks ;)
Posted on 2001-11-27 21:44:02 by PuffCool
People that know why, on an ASM forum? Na, never happen... :grin: :grin: :grin:
Posted on 2001-11-27 22:18:43 by S/390
what does org 100h do?
does that force the code to start at address 100 in the program's segment?
Posted on 2001-11-28 15:53:39 by LOLTH