可能是最小的 pe 程式 -- 我手工構造了一個 pe 程式, 只 305 個位元組, 可正確執行（Win9x). .. (5千字)

標題: 可能是最小的 pe 程式 -- 我手工構造了一個 pe 程式, 只 305 個位元組, 可正確執行（Win9x).

內容:

世界最小的 pe 程式

我手工構造了一個 pe 程式, 只 305 個位元組,可以在我的中文 windows
98 第一版下正確執行. 是不是夠得上陸麟大俠所說的"世界最小的 pe 程式",我
也不能確定. 傳上來, 大家看著玩玩吧. 用手工構造,沒用任何編譯軟體.可能對大
家理解 pe 檔案格式有用. 要知道, pe 程式格式可是 "瘟都死" 作業系統的主要
程式檔案格式呀.
如果有哪位高人能給我減少幾個位元組,我將向他學習.
以下就是軟體的全部位元組: 共 305 個位元組. 用 ultraedit 等十六進位制
編輯軟體新建一個十六進位制檔案,全填 00 ,大小 305 個位元組,再按照以下內容修
改好,存檔,改名為 minipe.exe 即可. 每行的 ":" 號及前面的數字是十六進位制
地址,每行的後面是文字顯示,不是軟體內容,不應寫入軟體,我想大家應該明白.
如果此貼較亂,把您的檢視器的字型設小一點就行了.

以下是軟體全部內容:

00000000: 4D 5A 50 00-02 00 00 00-04 00 0F 00-50 45 00 00 MZP PE
00000010: 4C 01 01 00-00 00 00 00-00 00 00 00-00 00 00 00 L
00000020: E0 00 8E 81-0B 01 00 00-C0 50 00 00-00 00 00 00 ? P
00000030: 00 00 00 00-30 11 00 00-00 10 00 00-0C 00 00 00 0
00000040: 00 00 40 00-00 10 00 00-30 01 00 00-01 00 00 00 @ 0
00000050: 00 00 00 00-04 00 00 00-00 00 00 00-00 60 00 00 `
00000060: 30 01 00 00-3D CE 00 00-02 00 00 00-00 00 01 00 0 =?
00000070: 00 20 00 00-00 00 01 00-00 10 00 00-00 00 00 00
00000080: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00000090: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
000000A0: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
000000B0: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
000000C0: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
000000D0: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
000000E0: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
000000F0: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 00
00000100: 00 00 00 00-43 4F 44 45-00 00 00 00-00 50 00 00 CODE P
00000110: 00 10 00 00-01 00 00 00-30 01 00 00-00 00 00 00 0
00000120: 00 00 00 00-00 00 00 00-20 00 00 E0-00 00 00 00 ?
00000130: C3

以下是軟體內部各個專案的詳細資訊,供大家研究時參考:

minipe.exe (hex) (dec)

.EXE size (bytes) 250 592
Minimum load size (bytes) 300 768
Overlay number 0 0
Initial CS:IP 0000:0000
Initial SS:SP 0000:014C 332
Minimum allocation (para) F 15
Maximum allocation (para) 4550 17744
Header size (para) 4 4
Relocation table offset 0 0
Relocation entries 0 0

Portable Executable starts at c
Signature 00004550 (PE)
Machine 014C (Intel 386)
Sections 0001
Time Date Stamp 00000000 Wed Dec 31 19:00:00 1969
Symbol Table 00000000
Number of Symbols 00000000
Optional header size 00E0
Characteristics 818E
Executable Image
Line numbers stripped
Local symbols stripped
Bytes of machine word are reversed
32 bit word machine
Bytes of machine word are reversed
Magic 010B
Linker Version 0.00
Size of Code 000050C0
Size of Initialized Data 00000000
Size of Uninitialized Data 00000000
Address of Entry Point 00001130
Base of Code 00001000
Base of Data 0000000C
Image Base 00400000
Section Alignment 00001000
File Alignment 00000130
Operating System Version 1.00
Image Version 0.00
Subsystem Version 4.00
reserved 00000000
Image Size 00006000
Header Size 00000130
Checksum 0000CE3D
Subsystem 0002 (Windows)
DLL Characteristics 0000
Size Of Stack Reserve 00010000
Size Of Stack Commit 00002000
Size Of Heap Reserve 00010000
Size Of Heap Commit 00001000
Loader Flags 00000000
Number of Directories 00000000

Directory Name VirtAddr VirtSize
-------------------------------------- -------- --------

Section Table
-------------
01 CODE Virtual Address 00001000
Virtual Size 00005000
Raw Data Offset 00000130
Raw Data Size 00000001
Relocation Offset 00000000
Relocation Count 0000
Line Number Offset 00000000
Line Number Count 0000
Characteristics E0000020
Code
Executable
Readable
Writeable

Disassembly

00401000 C3 ret

可能是最小的 pe 程式 -- 我手工構造了一個 pe 程式, 只 305 個位元組, 可正確執行（Win9x). .. (5千字)

相關文章