Smallest PE?
Well, the question is, whats the smallest pe have you found?
In my case, I found an 97 bytes exe generator. This is the smallest functionally exe I have seen. The code of the generator of the small exe is there:
Code:
#include <windows.h>
#include "creape.h"
int WINAPI WinMain(HINSTANCE hI, HINSTANCE hPI, LPSTR lpCL, int nCS)
{
HANDLE hOut; HINSTANCE hLib; long int a, i;
DeleteFile("microPE.eXe");
hOut=CreateFile("microPE.eXe",GENERIC_WRITE, FILE_SHARE_WRITE,
NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
hLib=LoadLibrary("KERNEL32.DLL");
if (hLib!=0)
a=(long int) GetProcAddress(hLib,"GetStdHandle");
else goto fine;
for (i=0x0f; i<0x13;i++) {buff[i]=a&0xff; a>>=8;}
if (hLib!=0)
a=(long int) GetProcAddress(hLib,"WriteFile" );
else goto fine;
for (i=0x31; i<0x35;i++) {buff[i]=a&0xff; a>>=8;}
if (hLib!=0)
a=(long int) GetProcAddress(hLib,"ExitProcess" );
else goto fine;
for (i=0x51; i<0x55;i++) {buff[i]=a&0xff; a>>=8;}
WriteFile(hOut, buff, 97, (unsigned long int*) &i, NULL);
fine:FreeLibrary(hLib); CloseHandle(hOut);
return 0;
}
Code:
/* creape.h */
unsigned char buff[]={
0x4D, 0x5A, 0xEB, 0x08, 0x50, 0x45, 0x00, 0x00, 0x4C, 0x01,
0x01, 0x00, 0x6A, 0xF5, 0xB8, 0x00, 0x00, 0x00, 0x00, 0xFF,
0xD0, 0xEB, 0x07, 0x00, 0xE0, 0x00, 0x0F, 0x01, 0x0B, 0x01,
0x6A, 0x00, 0xBF, 0x58, 0x00, 0x40, 0x00, 0x54, 0x6A, 0x03,
0x57, 0x50, 0xEB, 0x04, 0x02, 0x00, 0x00, 0x00, 0xB8, 0x00,
0x00, 0x00, 0x00, 0xEB, 0x0D, 0x00, 0x00, 0x00, 0x40, 0x00,
0x04, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0xFF, 0xD0,
0x6A, 0x00, 0xEB, 0x06, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
0xB8, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xD0, 0x00, 0x55, 0x49,
0x43, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03
};
The author of that mine is Fantoibed
Post here the smallest PE have you found! ;)
Byez |
