I'm trying to write a program in assembly and make the resulting executable as small as possible. Some of what I'm doing requires windows API calls to functions such as WriteProcessMemory. I've had some success with calling these functions, but after compiling and linking, my program comes out in the range of 14-15 KB. (From a source of less than 1 KB) I was hoping for much, much less than that.
我正在尝试在汇编中编写程序,并使得到的可执行文件尽可能小。我正在做的一些事情需要对函数(如WriteProcessMemory)进行Windows API调用。我在调用这些函数方面取得了一些成功,但在编译和链接之后,我的程序出现在14-15 KB的范围内。 (来自不到1 KB的来源)我希望得到更多,远不止于此。
I'm very new to doing low level things like this so I don't really know what would need to be done to make the program smaller. I understand that the exe format itself takes up quite a bit of space. Can anything be done to minimize that?
我很擅长做这样的低级别的事情,所以我真的不知道为了让程序变小需要做些什么。我知道exe格式本身占用了相当多的空间。可以做些什么来减少这个?
I should mention that I'm using NASM and GCC but I can easily change if that would help.
我应该提一下,我正在使用NASM和GCC,但如果能有所帮助,我可以很容易地改变。
5 个解决方案
#1
See Tiny PE for a bunch of tips and tricks you can use to reduce the final size of your executable. Be warned that some of the later techniques in that article are extremely fragile.
有关可用于减少可执行文件最终大小的一系列提示和技巧,请参阅Tiny PE。请注意,该文章中的某些后续技术极其脆弱。
#2
The default section alignment for most PE files is 4K to align with the natural system memory layout. If you have a .data, .text and .resource section - that's 12K already. Most of it will be 0's and a waste of space.
大多数PE文件的默认部分对齐方式是4K,以与自然系统内存布局对齐。如果你有一个.data,.text和.resource部分 - 那已经是12K了。其中大部分都是0,浪费空间。
There are a few things you can do to minimize this waste. First, reduce the section alignment to 512 bytes (don't know the options needed for nasm/gcc). Second, merge the sections so that you only have a single .text section. This can be a problem though for modern machines with the NX bit turned on. This security feature prevents modification of executable sections of code from things like viruses.
您可以采取一些措施来减少浪费。首先,将节对齐减少到512字节(不知道nasm / gcc所需的选项)。其次,合并这些部分,以便您只有一个.text部分。对于打开NX位的现代机器,这可能是一个问题。此安全功能可防止从病毒等内容修改代码的可执行部分。
There are also a slew of PE compression tools out there that will compact your PE and decompress it when executed.
还有一些PE压缩工具可以压缩你的PE并在执行时解压缩它。
#3
I suggest using the DumpBin utility (or GNU's objdump) to determine what takes the most space. It may be resource files, huge global variables or something like that.
我建议使用DumpBin实用程序(或GNU的objdump)来确定占用空间最多的内容。它可能是资源文件,巨大的全局变量或类似的东西。
#4
FWIW, the smallest programs I can assemble using ML or ML64 are on the order of 3kb. (That's just saying hello world and exiting.)
FWIW,我可以使用ML或ML64组装的最小程序大约3kb。 (那只是说你好世界并退出。)
#5
Give me a small C program (not C++), and I'll show you how to make a 1 ko .exe with it. The smallest size of executable I recommend is 1K, because it will fail to run on some Windows if it's not at least this size.
给我一个小的C程序(不是C ++),我将告诉你如何使用它制作一个1 ko .exe。我建议的最小可执行文件大小是1K,因为如果它不是至少这个大小,它将无法在某些Windows上运行。
You merely have to play with linker switches to make it happen! A good linker to do this is polink.
您只需要使用链接器开关来实现它!一个很好的链接器就是polink。
And if you do everything in Assembly, it's even easier. Just go to the MASM32 forum and you'll see plenty of programs like this.
如果你在Assembly中做所有事情,那就更容易了。只需访问MASM32论坛,您就会看到很多像这样的程序。
#1
See Tiny PE for a bunch of tips and tricks you can use to reduce the final size of your executable. Be warned that some of the later techniques in that article are extremely fragile.
有关可用于减少可执行文件最终大小的一系列提示和技巧,请参阅Tiny PE。请注意,该文章中的某些后续技术极其脆弱。
#2
The default section alignment for most PE files is 4K to align with the natural system memory layout. If you have a .data, .text and .resource section - that's 12K already. Most of it will be 0's and a waste of space.
大多数PE文件的默认部分对齐方式是4K,以与自然系统内存布局对齐。如果你有一个.data,.text和.resource部分 - 那已经是12K了。其中大部分都是0,浪费空间。
There are a few things you can do to minimize this waste. First, reduce the section alignment to 512 bytes (don't know the options needed for nasm/gcc). Second, merge the sections so that you only have a single .text section. This can be a problem though for modern machines with the NX bit turned on. This security feature prevents modification of executable sections of code from things like viruses.
您可以采取一些措施来减少浪费。首先,将节对齐减少到512字节(不知道nasm / gcc所需的选项)。其次,合并这些部分,以便您只有一个.text部分。对于打开NX位的现代机器,这可能是一个问题。此安全功能可防止从病毒等内容修改代码的可执行部分。
There are also a slew of PE compression tools out there that will compact your PE and decompress it when executed.
还有一些PE压缩工具可以压缩你的PE并在执行时解压缩它。
#3
I suggest using the DumpBin utility (or GNU's objdump) to determine what takes the most space. It may be resource files, huge global variables or something like that.
我建议使用DumpBin实用程序(或GNU的objdump)来确定占用空间最多的内容。它可能是资源文件,巨大的全局变量或类似的东西。
#4
FWIW, the smallest programs I can assemble using ML or ML64 are on the order of 3kb. (That's just saying hello world and exiting.)
FWIW,我可以使用ML或ML64组装的最小程序大约3kb。 (那只是说你好世界并退出。)
#5
Give me a small C program (not C++), and I'll show you how to make a 1 ko .exe with it. The smallest size of executable I recommend is 1K, because it will fail to run on some Windows if it's not at least this size.
给我一个小的C程序(不是C ++),我将告诉你如何使用它制作一个1 ko .exe。我建议的最小可执行文件大小是1K,因为如果它不是至少这个大小,它将无法在某些Windows上运行。
You merely have to play with linker switches to make it happen! A good linker to do this is polink.
您只需要使用链接器开关来实现它!一个很好的链接器就是polink。
And if you do everything in Assembly, it's even easier. Just go to the MASM32 forum and you'll see plenty of programs like this.
如果你在Assembly中做所有事情,那就更容易了。只需访问MASM32论坛,您就会看到很多像这样的程序。