Recent

Author Topic: Smallest Hidden Program - Not malware I'll explain  (Read 5924 times)

seier

  • New Member
  • *
  • Posts: 11
Smallest Hidden Program - Not malware I'll explain
« on: June 28, 2018, 10:07:17 pm »
Hi Guys,

I would like to write the smallest/fastest hidden program possible with the focus on the latter.  I have successfully written the code to check if a particular domain user has outlook setup on their profile (if one or more files matches %LOCALAPPDATA%\Microsoft\Outlook\*.ost) and then I start outlook by detecting that path from the registry.  If the domain user doesn't have outlook installed then they're just a visitor on that machine and we don't want to annoy them by starting Outlook.  Do I have to make a GUI program with a hidden form?  What is least number of uses I need to create?

Thanks,
Christian Blackburn
Touro University California

taazz

  • Hero Member
  • *****
  • Posts: 5368
Re: Smallest Hidden Program - Not malware I'll explain
« Reply #1 on: June 29, 2018, 12:22:29 am »
Sorry I do not understand the problem, a couple of random thoughts might help
1) when is this program suppose to run?
2) adding it to the user's startup folder is acceptable?
3) if using the user's startup folder is acceptable,, why not start outlook directly?
4) Even if the user is a guest he clearly has access and some settings do you plan to support roaming accounts?
5) Why not use Active directory and its abilities to set up everything?

well those are the major questions running through my head for now.
Good judgement is the result of experience … Experience is the result of bad judgement.

OS : Windows 7 64 bit
Laz: Lazarus 1.4.4 FPC 2.6.4 i386-win32-win32/win64

jex

  • New Member
  • *
  • Posts: 31
Re: Smallest Hidden Program - Not malware I'll explain
« Reply #2 on: June 29, 2018, 05:27:29 am »
How small is your 'smallest'?
For both extremely small and fast executable, I'd recommend using C and write it as a console app for the sake of easiness, will be only a few kb exe, depends on the compiler you use, but if it's just as simple as you mentioned, my guess that it would be less than 70kb.

Lazarus will produce a fast, native, no-dependency, executable, but of a size of more than 1MB, depends on your code/libs.
If a ~1-2MB executable isn't an issue, then lazarus seems ok here.
« Last Edit: June 29, 2018, 05:30:43 am by jex »

Leledumbo

  • Hero Member
  • *****
  • Posts: 8746
  • Programming + Glam Metal + Tae Kwon Do = Me
Re: Smallest Hidden Program - Not malware I'll explain
« Reply #3 on: June 29, 2018, 11:22:01 am »
No form required, you can access the registry and start a program from a command line program that doesn't even have a console ({$apptype gui} on windows).

Thaddy

  • Hero Member
  • *****
  • Posts: 14201
  • Probably until I exterminate Putin.
Re: Smallest Hidden Program - Not malware I'll explain
« Reply #4 on: June 29, 2018, 11:54:54 am »
How small is your 'smallest'?
For both extremely small and fast executable, I'd recommend using C
Why? Why not use assembler... :P
Quote
my guess that it would be less than 70kb.
Yes. perfectly possible with FPC.. below 40Kb
Quote
Lazarus will produce a fast, native, no-dependency, executable, but of a size of more than 1MB, depends on your code/libs.
If a ~1-2MB executable isn't an issue, then lazarus seems ok here.
Only for an application with a graphical interface. But this one must not show, right? The actual size I just tested is 25880 bytes. (On ARM linux)
That's all the overhead of the rtl, so 25Kb.
With a tweaked system file (based on I386 embedded) I can get as low as ~4 Kb (as I remember) but that's for experts.
I am quite sure real hackers can even get lower to produce an FPC mimimal executable that will run on windows.
I am not really in the mood today.
« Last Edit: June 29, 2018, 12:08:58 pm by Thaddy »
Specialize a type, not a var.

turrican

  • Full Member
  • ***
  • Posts: 133
  • Pascal is my life.
    • Homepage
Re: Smallest Hidden Program - Not malware I'll explain
« Reply #5 on: June 29, 2018, 12:09:36 pm »
Quote
my guess that it would be less than 70kb.
Yes. perfectly possible with FPC.. below 40Kb

Indeed! And also you can pack the PE.

balazsszekely

  • Guest
Re: Smallest Hidden Program - Not malware I'll explain
« Reply #6 on: June 29, 2018, 02:04:05 pm »
Quote
I would like to write the smallest/fastest hidden program possible with the focus on the latter.
The following code is written in Fasm(1.73.04), you can extended according to your needs. The exe is small(2kb) and fast.
Code: Pascal  [Select][+][-]
  1. ;small exe
  2. format PE GUI 4.0
  3.  
  4. include 'win32wx.inc'
  5.  
  6. section '.code' code readable executable
  7.  
  8.   invoke ShellExecute, NULL, NULL, 'calc.exe', NULL, NULL, SW_NORMAL
  9.   invoke ExitProcess, 0
  10.  
  11.  
  12. section '.idata' import data readable writeable
  13.  
  14.   library kernel,'KERNEL32.DLL',\
  15.           shell, 'Shell32.DLL'
  16.   import shell,\
  17.          ShellExecute,'ShellExecuteW'
  18.   import kernel,\
  19.          ExitProcess,'ExitProcess'
  20.  

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 11383
  • FPC developer.
Re: Smallest Hidden Program - Not malware I'll explain
« Reply #7 on: June 29, 2018, 02:32:27 pm »
How small is your 'smallest'?
For both extremely small and fast executable, I'd recommend using C and write it as a console app for the sake of easiness, will be only a few kb exe, depends on the compiler you use, but if it's just as simple as you mentioned, my guess that it would be less than 70kb.

People start rambling quickly about extreme cases, like coding in assembler, and use the most minimalistic linking system.  But is it all worth it, or is a straightforward 100kb console apps more than enough, and doesn't it really matter if it is 20 or 100?

Fairly small win32 console apps with FPC are also possible. 

The larger size of full lazarus LCL apps comes from the LCL. Directly using win32 for GUI makes smaller binaries too (180kb for the small notepad aline in the demoes)


balazsszekely

  • Guest
Re: Smallest Hidden Program - Not malware I'll explain
« Reply #8 on: June 29, 2018, 02:40:21 pm »
@marcov
Quote
or is a straightforward 100kb console apps more than enough, and doesn't it really matter if it is 20 or 100?
To be honest a 5-20 MB executable is also perfectly acceptable. The size was relevant in the '90 when download speed was extremely slow. Downloading a 10 MB file with a dial-up connection(4.8 kbit/s) was a time consuming process. Nowadays it takes 1-2 secs with a decent connection.

Phemtik

  • New Member
  • *
  • Posts: 19
Re: Smallest Hidden Program - Not malware I'll explain
« Reply #9 on: June 29, 2018, 04:13:43 pm »
The size is sometimes one thing I wonder about. (It is nothing I care specifically for)
Doesn't the compiler / linker know what it have and need?
Normally it can remove every function/ unit / code that it doesn't need and never get executed, or is that to insecure or risky.

I mean, if you add SysUtils to uses but don't use any function from it, the compiler / linker could remove it from the executable.
It could even remove code from classes.
If you use 1/3 of the class, the compiler/ linker doesn't need the other 2/3 in the final executable.
Intel i7-3610QM
Fedora 28

Thaddy

  • Hero Member
  • *****
  • Posts: 14201
  • Probably until I exterminate Putin.
Re: Smallest Hidden Program - Not malware I'll explain
« Reply #10 on: June 29, 2018, 04:19:57 pm »
The size is sometimes one thing I wonder about. (It is nothing I care specifically for)
Doesn't the compiler / linker know what it have and need?
Normally it can remove every function/ unit / code that it doesn't need and never get executed, or is that to insecure or risky.

I mean, if you add SysUtils to uses but don't use any function from it, the compiler / linker could remove it from the executable.
It could even remove code from classes.
If you use 1/3 of the class, the compiler/ linker doesn't need the other 2/3 in the final executable.
But FPC CAN do just that. It is called WPO or whole program optimization. Not easy first time, but not hard either.
And it requires multiple compiles. The compiler is built using WPO.
« Last Edit: June 29, 2018, 04:22:17 pm by Thaddy »
Specialize a type, not a var.

engkin

  • Hero Member
  • *****
  • Posts: 3112
Re: Smallest Hidden Program - Not malware I'll explain
« Reply #11 on: June 29, 2018, 04:47:18 pm »
How small is your 'smallest'?

How about this answer.

440bx

  • Hero Member
  • *****
  • Posts: 3944
Re: Smallest Hidden Program - Not malware I'll explain
« Reply #12 on: July 05, 2018, 05:34:54 am »
How small is your 'smallest'?

How about this answer.

Before anything, I'm an FPC newbie and checked out the minrtl example you referred to.  I tried compiling it but got the following error from the compiler:

system.pas(13,3) Fatal: Cannot find system type "TEXTREC". Check if you use the correct run time library.

I unzipped all the files in a directory and simply tried to build test.pas using fpc 32 bit, windows 32bit target. 

What should I do to get that example to compile (and run too) successfully ?

Thank you for your help. %)
« Last Edit: July 05, 2018, 05:37:10 am by 440bx »
(FPC v3.0.4 and Lazarus 1.8.2) or (FPC v3.2.2 and Lazarus v3.2) on Windows 7 SP1 64bit.

engkin

  • Hero Member
  • *****
  • Posts: 3112
Re: Smallest Hidden Program - Not malware I'll explain
« Reply #13 on: July 05, 2018, 06:36:21 am »
What should I do to get that example to compile (and run too) successfully ?
  • Expand the attached archive somewhere.
  • Copy fpc.exe and ppc386.exe from your Laz1.8.2\fpc\3.0.4\bin\i386-win32\ to the same folder where you expanded the archive.
  • Run the batch file a.bat in a terminal window in that folder.

It should produce an executable test.exe

440bx

  • Hero Member
  • *****
  • Posts: 3944
Re: Smallest Hidden Program - Not malware I'll explain
« Reply #14 on: July 05, 2018, 08:11:33 am »

It should produce an executable test.exe

It compiled like a charm :D produced a 3584 bytes standalone executable  :D.  That is GREAT !!  An early Christmas present :)  Thank you!

Seeing this is quite satisfying after experiencing the disappointment that Visual C/C++ makes it a Dantesque chore to create a standalone executable and, getting the exe size to be less than 100K in C/C++, is a task better suited to Jenny Craig than a programmer.  And, as if all that wasn't bad enough, that thing doesn't allow 64bit inline assembly.   I guess MS thinks that programmers want to have a headache today, that's about the only thing their Visual thing delivers now.

Again, thank you!






(FPC v3.0.4 and Lazarus 1.8.2) or (FPC v3.2.2 and Lazarus v3.2) on Windows 7 SP1 64bit.

 

TinyPortal © 2005-2018