标题: 可能是最小的 pe 程序 -- 我手工构造了一个 pe 程序, 只 305 个字节, 可正确执行(Win9x).
内容:
世界最小的 pe 程序
我手工构造了一个 pe 程序, 只 305 个字节,可以在我的中文 windows
98 第一版下正确运行. 是不是够得上陆麟大侠所说的"世界最小的 pe 程序",我
也不能确定. 传上来, 大家看着玩玩吧. 用手工构造,没用任何编译软件.可能对大
家理解 pe 文件格式有用. 要知道, pe 程序格式可是 "瘟都死" 操作系统的主要
程序文件格式呀.
如果有哪位高人能给我减少几个字节,我将向他学习.
以下就是软件的全部字节: 共 305 个字节. 用 ultraedit 等十六进制
编辑软件新建一个十六进制文件,全填 00 ,大小 305 个字节,再按照以下内容修
改好,存盘,改名为 minipe.exe 即可. 每行的 ":" 号及前面的数字是十六进制
地址,每行的后面是文本显示,不是软件内容,不应写入软件,我想大家应该明白.
如果此贴较乱,把您的查看器的字体设小一点就行了.
以下是软件全部内容:
00000000: 4D 5A 50 00-02 00 00 00-04 00 0F 00-50 45 00 00 MZP
PE
00000010: 4C 01 01 00-00 00 00 00-00 00 00 00-00 00 00 00 L
00000020: E0 00 8E 81-0B 01 00 00-C0 50 00 00-00 00 00 00 ?巵
繮
00000030: 00 00 00 00-30 11 00 00-00 10 00 00-0C 00 00 00
0
00000040: 00 00 40 00-00 10 00 00-30 01 00 00-01 00 00 00
@ 0
00000050: 00 00 00 00-04 00 00 00-00 00 00 00-00 60 00 00
`
00000060: 30 01 00 00-3D CE 00 00-02 00 00 00-00 00 01 00 0
=?
00000070: 00 20 00 00-00 00 01 00-00 10 00 00-00 00 00 00
00000080: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00000090: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
000000A0: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
000000B0: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
000000C0: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
000000D0: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
000000E0: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
000000F0: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00000100: 00 00 00 00-43 4F 44 45-00 00 00 00-00 50 00 00
CODE P
00000110: 00 10 00 00-01 00 00 00-30 01 00 00-00 00 00 00
0
00000120: 00 00 00 00-00 00 00 00-20 00 00 E0-00 00 00 00
?
00000130: C3
以下是软件内部各个项目的详细信息,供大家研究时参考:
minipe.exe
(hex) (dec)
.EXE size (bytes)
250 592
Minimum load size (bytes) 300
768
Overlay number
0 0
Initial CS:IP
0000:0000
Initial SS:SP
0000:014C 332
Minimum allocation (para) F
15
Maximum allocation (para) 4550
17744
Header size (para)
4 4
Relocation table offset
0 0
Relocation entries
0 0
Portable Executable starts at
c
Signature
00004550 (PE)
Machine
014C (Intel 386)
Sections
0001
Time Date Stamp
00000000 Wed Dec 31 19:00:00 1969
Symbol Table
00000000
Number of Symbols
00000000
Optional header size
00E0
Characteristics
818E
Executable Image
Line numbers stripped
Local symbols stripped
Bytes of machine word are reversed
32 bit word machine
Bytes of machine word are reversed
Magic
010B
Linker Version
0.00
Size of Code
000050C0
Size of Initialized Data
00000000
Size of Uninitialized Data 00000000
Address of Entry Point
00001130
Base of Code
00001000
Base of Data
0000000C
Image Base
00400000
Section Alignment
00001000
File Alignment
00000130
Operating System Version
1.00
Image Version
0.00
Subsystem Version
4.00
reserved
00000000
Image Size
00006000
Header Size
00000130
Checksum
0000CE3D
Subsystem
0002 (Windows)
DLL Characteristics
0000
Size Of Stack Reserve
00010000
Size Of Stack Commit
00002000
Size Of Heap Reserve
00010000
Size Of Heap Commit
00001000
Loader Flags
00000000
Number of Directories
00000000
Directory Name
VirtAddr VirtSize
-------------------------------------- -------- --------
Section Table
-------------
01 CODE Virtual Address
00001000
Virtual Size
00005000
Raw Data Offset 00000130
Raw Data Size
00000001
Relocation Offset 00000000
Relocation Count 0000
Line Number Offset 00000000
Line Number Count 0000
Characteristics E0000020
Code
Executable
Readable
Writeable
Disassembly
00401000 C3
ret
- 标 题:可能是最小的 pe 程序 -- 我手工构造了一个 pe 程序, 只 305 个字节, 可正确执行(Win9x). .. (5千字)
- 作 者:王涛1234
- 时 间:2002-3-2 20:06:17
- 链 接:http://bbs.pediy.com