[Code-Crunchers] Tiny PE: now 274 bytes

[Peter Ferrie]

If we ignore Windows 9x completely, then we can shave off more bytes from the main part.  However, apart from the 2 extra bytes in the header, I haven't found anything else that's safe to use.
If someone can crunch the header further, I'd really like to know how that was done.
 

________________________________

From: Brett Moore [mailto:brett.moore at security-assessment.com]
Sent: Sun 10/22/2006 7:00 PM
To: code-crunchers at whitestar.linuxbox.org
Subject: Re: [Code-Crunchers] Tiny PE: now 274 bytes



I saw that someone has got it smaller but not made public yet, so
they might already be doing this. Anyway, how about instead of
using winexec, just reuse loadlibrary() to run a downloaded .dll

If DAV/SMB sharing is to be considered then just loadlibrary() the
remote dll to do a download and exec in one call.

Brett
-----Original Message-----
From: Arkon [mailto:arkon at ragestorm.net]
Sent: Sunday, 22 October 2006 8:13 p.m.
To: Brett Moore; code-crunchers at whitestar.linuxbox.org
Subject: RE: [Code-Crunchers] Tiny PE: now 274 bytes

Well, you do got the source, although in binary form...
Peter, you expect people do OCR on your BMP? :)

> -----Original Message-----
> From: Brett Moore [mailto:brett.moore at security-assessment.com]
> Sent: Sunday, October 22, 2006 7:05 AM
> To: code-crunchers at whitestar.linuxbox.org
> Subject: [Code-Crunchers] Tiny PE: now 274 bytes
>
> Heya..
>
> Is there any source or more details on the makeup of your current .exe
> for us to play
> with, or are we meant to write our own?
> Cheers
>
> Brett
> _______________________________________________
> Code-Crunchers mailing list
> Code-Crunchers at whitestar.linuxbox.org
> http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers

_______________________________________________
Code-Crunchers mailing list
Code-Crunchers at whitestar.linuxbox.org
http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers