[Code-Crunchers] TinyPE Yet Again
Peter Ferrie
pferrie at symantec.com
Mon Jan 21 17:30:33 CST 2008
>Same old rules:
>http://www.ragestorm.net/blogs/?p=47 <http://www.ragestorm.net/blogs/?p=47>
>
>Peter, I owed you that one ;)
Importing a forwarded export from your own export table. That's a very cool trick.
I see that you're still using WinExec. No need for that if the downloaded file is a DLL. Just use LoadLibrary() on it instead.
You can also rename the file from ".exe" to 'f' or something, and save more bytes.
It doesn't break the rules. ;-) That's how I got to 232. I'm sure that you can do better with your new version.
More information about the Code-Crunchers
mailing list