-
Notifications
You must be signed in to change notification settings - Fork 2
/
DPE64small.asm
323 lines (258 loc) · 4.79 KB
/
DPE64small.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
; DPE64small.asm Aug 05, 2017 (c) DrakoPensulo
; A smallest PE32+ executable (x64) - every byte executed
;
; Features:
; - Windows Vista/7/8/10/11 compatible
; - Size: 268 bytes (an executable file on x64 Windows cannot be smaller)
; - Every byte executed
; - No sections
; - No Data Directories (in particular no imports and no TLS callbacks)
; - Null Entrypoint
; - Exits with code 0x2a (this executable does nothing else than that)
;
;
; Compile using FASM (https://flatassembler.net) command line: fasm.exe DPE64small.asm
;
;
;
; GitHub: https://github.com/DrakoPensulo/DPE64small
; Blog post: https://drakopensulo.wordpress.com/2017/08/06/smallest-pe-executable-x64-with-every-byte-executed/
;
; Update Aug 17, 2018
; Update Aug 18, 2018
; Update Aug 03, 2022 Windows 11 compatibility added.
format binary as 'exe'
use64
EntryPoint:
db 'MZ' ; pop r10 ; r10 <- Address from stack, return to BaseThreadInitThunk which calls RtlExitUserThread
; mov rax, 0001866400004550h
dw 0B848h ; mov rax
dd 00004550h ; Signature PE\0\0
dw 8664h ; Machine
dw 0001h ; NumberOfSections
nop
nop
nop
nop ; TimeDateStamp
nop
nop
nop
nop ; PointerToSymbolTable
nop
nop
nop
nop ; NumberOfSymbols
nop
db 05h ; SizeOfOptionalHeader ; must be multiple of 8 not too large not too small
; add eax, 20B002F ; zeros the high dword of rax
dw 002fh ; Characteristics ; must be bit 1=1 bit 13=0
dw 020Bh ; PE32+ Magic
nop ; MajorLinkerVersion
nop ; MinorLinkerVersion
nop
nop
nop
nop ; SizeOfCode
nop
nop
nop
nop ; SizeOfInitializedData
nop
nop
nop ; SizeOfUninitializedData
db 5h
; add eax, 0 ; zeros the high dword of rax
dd 0 ; AddressOfEntryPoint
nop
nop
dw 0B848h ; BaseOfCode
; mov rax, 0000000100000000h ; rax <- EntryPoint
dq 0000000100000000h ; ImageBase ; must be multiple of 64k
; add al, 0
; add byte ptr ds:[rax],al
dd 4 ; SectionAlignment and e_lfanew ; PE header offset in file
; add al, 0
; add byte ptr ds:[rax],al
dd 4 ; FileAlignment
nop
nop ; MajorOperatingSystemVersiom
nop
nop ; MinorOperatingSystemVersion
nop
nop ; MajorImageVersion
nop
nop ; MinorImageVersion
; add eax, 0 ; this instruction zeros high dword of rax
dw 5 ; MajorSubsystemVersion ; >3.1 or 4
dw 0h ; MinorSubsystemVersion
db 0
nop
nop
nop ; Win32VersionValue
nop
nop
db 0ebh ; jmp 0
db 0 ; SizeOfImage ; MSB has to be small
nop
nop
db 4h ; add al,0
db 0 ; SizeOfHeaders ; SizeOfHeaders has to be < ImageOfImage
nop
nop
nop
db 05h ; CheckSum
; add eax, 2
dw 0002h ; Subsystem 2-GUI 3-CUI
dw 0 ; DllCharacteristics
nop
nop
nop
db 05h ; add eax, 0
dd 0 ; SizeOfStackReserve dq 05909090h ; upper dword has to be 0, MSB of lower dword has to be small
nop
nop
nop
db 05h ; add eax, 0
dd 0 ; SizeOfStackCommit dq 05909090h ; upper dword has to be 0, MSB of lower dword has to be small
nop
nop
nop
db 05h ; add eax, 0
dd 0 ; SizeOfHeapReserve dq 05909090h ; upper dword has to be 0, MSB of lower dword has to be small
nop
nop
nop
db 05h ; add eax, 0
dd 0 ; SizeOfHeapCommit dq 05909090h ; upper dword has to be 0, MSB of lower dword has to be small
nop
nop
nop
db 05h ; LoaderFlags
; add eax, 0
dd 0 ; NumberofRvaAndSizes
nop
nop
nop
nop
nop
nop
nop
nop ; Export Directory Address and Size
nop
nop
nop
nop
nop
nop
nop
nop ; Import Directory Address and Size
nop
nop
nop
nop
nop
nop
nop
nop ; Resource Directory Address and Size
nop
nop
nop
nop
nop
nop
nop
nop ; Exception Directory Address and Size
nop
nop
nop
nop
nop
nop
nop
nop ; Security Directory Address and Size
nop
nop
nop
nop
nop
nop
nop
nop ; Base Relocation Table Address and Size
nop
nop
nop
nop
nop
nop
nop
nop ; Debug Directory Address and Size
nop
nop
nop
nop
nop
nop
nop
nop ; Architecture Specific Data Address and Size
nop
nop
nop
nop
nop
nop
nop
nop ; RVA of GlobalPtr Directory Address and Size
nop
nop
nop
nop
nop
nop
nop
nop ; TLS Directory Address and Size
nop
nop
nop
nop
nop
nop
nop
nop ; Load Configuration Directory Address and Size
nop
nop
nop
nop
nop
nop
nop
nop ; Bound Import Directory Address and Size
nop
nop
nop
nop
nop
nop
nop
nop ; Import Address Table Address and Size
nop
nop
nop
nop
nop
nop
nop
nop ; Delay Load Import Descriptors Address and Size
nop
nop
nop
nop
nop
nop
nop
nop ; COM runtime Descriptors Address and Size
nop
nop
push r10
push 2ah
pop rax ; rax <- Exit code
ret ; Reserved Descriptor ;This instruction terminates the main thread (and therefore the whole process if there is no unterminated thread)