- Forgot to mention that you can also pass the /O1 option to the compiler to optimize for size, but for such a small program this will have little effect - It is possible to make an even smaller executable with methods not covered in this video
btw small correction, dont write "Windows.h" but "windows.h", as its actaully small, and this causes errors on a cross compile from linux, which is case-sensitive
Yooo NIR bro u going places I'm happy you grow channel organically only bro I watch ur assembly vid and loved the part when u said add wax 1 bro keep it up super super super hacker!
A bit more precision about the end : Every NT executable has a small DOS program at the beginning just to print "This program cannot be run in DOS mode." We can see this by opening the executable in an hex editor. The DOS program starts with the letters "MZ" (the beginning of the header for a DOS program), then a bit after that, the actual program starts with the letters "PE" followed by two NULL bytes (0x50 0x45 0x00 0x00 in hex). Windows versions running on the NT kernel will just skip over the DOS program and start directly on the NT program part, but DOS based operating systems (Every MS-DOS version + Windows 1 -> Windows ME) will start at the beginning of the file and just execute the DOS program, saying "This program cannot be run in DOS mode." This was added back at the time when NT and DOS were both used to make sure NT programs weren't run on DOS operating systems.
Just a small correction - Also Windows Executables for Windows versions based on DOS (Windows 1 until Windows ME) start with a small MZ dos program and NE/PE afterwards - NE is an older predecessor for PE en.wikipedia.org/wiki/New_Executable
So just removing anything before the pe header won't interfere with the executable or is there any system within nt/windows that expects the DOS header? Maybe something like defender?
Even funner fact: the DOS stub for the older NE executables actually said: "This program requires Microsoft Windows.", if I remember correctly. Technically you can change this string, or even replace the entire DOS stub with a legit useful DOS program, creating a so-called hybrid executable, but I haven't actually seen any linker that has this option. I'm also not sure if these strings are standardized, or just became adopted by all linkers because official MS tools use this exact text. UEFI applications are also PE executables, so they also need to have a DOS stub. The stub uses INT 21h/AH=09h to display the string and then quits with INT 21h/AH=4Ch (these are essentially DOS API calls).
@@robinweiland7533 I once tried to remove the MZ stub just to see what happens, so my executable started with PE directly. Windows XP then refused to start the program, as it didn't recognize it as valid executable. So yeah, NT expects the DOS stub to be present (besides, I may have fucked up the offsets present in the header anyway by just brutally stripping the MZ stub). But even DOS would refuse to start an ill-formatted executable, unless it has the .COM extension, because then it would load and start it as a flat binary, which would lead to nonsensical results, likely leading to the computer hanging.
It is just so cool. It feels fresh in the realm of the frameworks and libraries. People forgot how it felt having snappy programs. There is whole generation of developers does not care about any memory or size management.
That is what happens when you have a lot more memory and processing power and storage space than back in the day, people will prioritize safety and/or readability over performance or use higher level languages so they can just focus on writing the program which I'd say makes sense even though I don't think things like electron make sense for many of the applications that use it
@@masterchief5589 i did some digging and it looks like it is from deus ex, and a youtuber named maximillianmus was saying that subscribe to everyone who uses this pfp
Sounds like an opportunity for someone to stuff DOOM for DOS into a modern PE executable. So if you run "chrome.exe" on Windows 10 you get Chrome, but if you run it in dosbox you get doom
@@harleyspeedthrust4013 I tried to do that with both Doom and Wolf3D. - In the case of Doom, there was a Dos4GW failure - In the case of Wolf3D, DOSBox just crashed But when I tried to stuff in a custom small program, it worked.
On the DOS thing, I actually had to update BIOS firmware on a Linux machine once, and only a Windows style .exe was availiable on the manufacturer's website. After reading around a bit, I found that I could rename and run that exec from a FreeDOS USB stick and successfully updated BIOS that way. It blew my mind a little bit, for that kind of hybrid executable to be possible.
@@mikeyjohnson5888 No, it blew my mind that you can have a single installer executable which can be run from DOS and at the same time provide a graphical install wizard on modern Windows.
Really pragmatic approach to the concepts I used to read in textbooks. You really did the practical even if it was a small demo, would love to see more videos like this one. You earned one subscriber. Thanks for making this.
What a great tutorial! I’m a web developer, I’ve written in C only a little and never programmed for Windows, but this video is super clear and interesting.
For example, the SETUP executable in Windows 3.1 worked that way. It could be run under DOS to change the configuration of Windows, but also under Windows itself.
The part of the application that says, "This program cannot be run in DOS mode." is referred to as the program stub, a program within a program if you will, you can modify this executable or even include a DOS version of your application inside of it by changing some compiler options.
Very cool. Short and to the point, while still explaining everything you're doing fairly thoroughly. Thank you for the video!
6 หลายเดือนก่อน +1
This is such an interesting concept. I always heard about the c runtime but this is the first time it was actually demonstrated to me. Great tutorial! I wish you continue on this small executable concept and demonstrate further means of making the executable even smaller. I saw some discussions in the comments about removing DOS headers, and executable compression etc. They are beyond my skill level. :-) From demoscene I also heard about 4K executables that can run OpenGL, I looked at those projects but couldn't understand what's going on. Thank you!
Man, cutter is neat. Thanks for that recommendation. I'm trying to build a z80 based computer at the moment, and I've been having difficulty debugging my software.
This is actually VERY handy!!! Will be experimenting with this, when I can FINALLY stop playing with C# so that I can get back to the REAL programming language of C 😊
To add to crinkler, which replaces your link.exe, there are also kkrunchy and squishy; which both take an existing exe and produce a smaller one. Like UPX (iirc) and crinkler they compress your program section and the exe itself is a decompressor that takes the rest of the binary and decompresses it in memory to then execute it. In a way this does make the exe smaller but does not truly reduce instruction count, and it can trigger antivirus protection becausd it means executing arbitrary memory as code that could not be statically checked for malware while it was compressed. Also unsure about how linking additional dlls, and compiling compressed dlls, would work there but statically linking should. Sorry for the info dump, they are fun tools to explore so check them out if you are going in a compression adventure :)
How does it deal with the stack after returning from main? If you bypass the start routine on Linux like so _start: ret it will crash with a sigsegv, because there is no valid address to return to at this point. In this case, you have to issue the _exit syscall. On Windows, that would correspond to ExitProcess.
Thanks! Just a small question - what are the downsides of using this flag? I suspect things such as losing Canary protection and buffer overflow detection. Is that correct?
How would one make a hybrid executable that would work in DOS and Windows For instance a calculator When run in dos it would ask u questions, while ran in windows it would use winapi to display calculator
Based on someone else’s comment, Windows skips over the first few bytes that displays the DOS message, while DOS does not. So I imagine in theory if you could replace the message with a jump statement to a point in your application that deals with DOS specifically, and have your default main be the Windows entry point. This is just speculation, I’m not sure if it would work or not.
@@CoderDBF I mean if someone thought its a good idea for every program to also work in dos, even if it only displays a message then maybe people thought that at least in transition phaze you could have one executable Then there has to be a compiler that can produce hybrid executable I mean why would win32 apps have a separate WinMain entry point WinMain for windows main for dos
@@jakedeschamps4454 I use Arch and go all out in Assembly. The gcc switches/settings are nostartfiles, nostdlib, static, fno-ident, nmagic and build-id is none
Good video. I grew up in the era of 80s/90s computing where everything was expected to fit on a 5 1/4" or 3 1/2" floppy disk or set and I miss the days of having smaller (and portable) EXEs. I would be nice to take cl and compare/contrast with gcc, lcc, etc.
I complie this simple function with gcc and clang with -e flag, set to my main funciton, and output still contains std lib stuff, for both compilers. What other flags should I use?
So, if I understand the difference is linking c standard library (either statically (first example) or dynamically) vs not linking it at all, and only using Windows (win32) library?
I still don't get it... why that much of code when it can be done with 2kB? What is the purpose of all the removed code? Is it to slow down PCs because they become faster?
@@conrad42 thanks, and do you have any idea how the shell codes are being produced bc they are so small yet for example they can establish connections l wonder also how they are working
@@kaankarakoc7680 shell code is a script language, which needs another executable (interpreter) to be run. Shell scripts mostly just orchestrate other executables. C is a compiled language and you get a standalone executable. Is this understandable?
Changing the entry point not only omits the startup code, but the whole C standard library, only leaving you with the parts of the Win32 API you explicitly link with. You may want to link to the UCRT (included since Windows 10, an update to the classic MSVCRT) instead of the Visual Studio runtime for a smaller C program.
This video has been done like 900 times before. But I've seen at least 800 of them so I think the algorithm knows me. AFIK dave the plumber has the high score for smallest win32 program.
You forogt to strip the symbols from the binary, that's the reason why a hello world is comparatively huge. Excluding the C standard library is not a good idea IMHO, because you won't have printf for debigging, exit codes for your main function and basic convenience methods like string to int conversion. Thanks though for sharing Cutter, it seems like a very nice piece of software
The binary in the video does not contain symbols (you can see in the functions list in cutter it does not pick up any symbols). Unlike Unix systems, on Windows symbols are not saved in the main binary but they are saved aside in a .pdb file. By default, when compiling with Visual Studio Build Tools, cl works in release mode and thus no symbols and debugging information is generated unless a special flag is passed. There exist many Windows API functions which can come in place of C lib functions, for example instead of printf, WriteConsole can be used. And for string to int there exists RtlCharToInteger learn.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-rtlchartointeger Indeed, in most cases it is useful to also use the C lib for the convenience, but in some cases, it can be useful for example for very simple programs to only use Windows API if desired, it can also be a good learning experience.
Isnt WriteConsole just a file write to stdout? And I also think that Windows have the api wsprintf which combined with WriteConsole would be a complete printf
@@nirlichtman Thanks for sharing! Yeah, I was wrong... I just tested the /link /entry:main option and it shrinks the binary from 86kB to 1.5kB on my machine. And even the exit code is working just fine. Turns out, Windows is wildy different than Linux. But it's important to realize that stressing about 86k of library binary size isn't helpful for most developers. Though I personally do not like the Windows API and find its documentation very hard to understand, I agree it can be a great learning experience to use only Windows API functions instead of the C runtime. Your videos are very nicely produced, keep up the good work!
I'm a little rusty on msvc++, but in mingw, things you can do, other than omitting the crt init code, include enabling optimization, and stripping symbols.
There's nothing wrong with using Windows, nowadays even if you feel the need to use linux for something, WSL makes up for it so it isn't much of a big deal. Besides, if I were to be this knowledgeable about windows and its various APIs, I sure as hell would prefer it lol
The DOS header thing reminds me of the Cosmopolitan C library project by Justine Tunney. Have you seen it? I think analyzing programs written in it with cutter would be a cool video. I couldn't understand it well from the write-up, maybe you can explain its secrets better.
Nice video! Can you do a sort-of tutorial video on how to properly install Windows 10 with debloating tips / removing all the stuff that you don't need? You might just use the Home/Pro edition of Win10. Few people also suggest installing the 2021 LTSC version that has no bloat - but it isn't legit because many circument the activation with an external script (bc it's expensive if you do it the legitimate way). Many people are using an unofficial ISO downloaded from the internet that guarantee speed, reliability bla bla... but those ISOs can't really be trusted. Maybe you could also throw in some open-source applications that are alternatives for system apps (like the old Files app you have).
Yah I recently started using winfile and it's very nice (it's the original file manager from Windows 3.1, Microsoft open sourced it and it's maintained on Github) The debloating Win10 is a good idea for a future video, I will add to my list
nice to see the assembly code. I am learning assembly, and the book I use has chapters to work on linux. being a giant C program, Linux programs (at least from late 90s) uses stack based parameters passing. Here, message box function does not use stack. instead it uses registers. I now wonder if it is because of 64bits, or it is the way windows differs from linux. (though it still increases/decreases stack pointer rsp)
The parameters are passed according to the calling convention, in this case the registers are used instead of the stack because of the x64 calling convention used.
2KB is still quite big for a program that does literally nothing. The smallest exe I ever saw, was on my Amiga. It was only 56 bytes large and was called "reboot". It does simply reboot the Amiga straight away without any prompt. And it wasn't a batch file or anything. Opening it in a hex editor really showed hex codes like a real exe file.
No, the program written isn't running in DOS mode, just a bit of boiler plate to let you know. Just like the "Non-bootable disk" boot sector messages of days of yore: obviously it booted to a message, but it isn't doing what the user was trying to do. So both are correct messages.
hi, could you please make some longer video on creating kernel modules/drivers under linux? or could you please create some C videos on some 'hacky' way to use it?
Cutter works with many different binary file executable formats and is agnostic to the higher level programming language (or assembly) that they were originally written in.
This reminds me of situations like when people are like: "I wonder why my Python program takes so long to load, it's only a few lines of code" The few lines: "import xawerfuaefrhiwethiwerragbesgbsrebgerbgiesgersbgsergerg... do simple thing, return x"
It runs the DOS stub section of the NT .exe, which in most cases is a simple DOS program that prints a message saying that it cant run on DOS (as demonstrated in the end of the video)
@@nirlichtman let me rephrase, since it got misunderstood. What happens if you remove the stub and correct the exe to not run into errors, then attempt to run in DOS?
Isn't this program malformed? You may omit the whole C standard library including the default startup code, but you need at least one call to ExitProcess (same as _exit on Linux) to cleanly exit the program without crashing.
Apparently this works because the entry point function returns into the function for spawning threads (BaseThreadInitThunk in kernel32) which exits the thread that it was started on, and a process will exit if it has no more threads.
@@GeorgeTsiros Unlike the main function, which is usually called by the startup code of the C library, an entry point function is not guaranteed to have a valid return address on the stack. But because threads are meant to return a status code and the main thread on Windows is started the exact same way as additional ones, it still works.
@@GeorgeTsiros As I said, that happens to be the case here, you only have to explicitly exit the process if you can't make sure there are no other threads. In comparison, ELF-based Unix directly resumes execution from the execve() call at the entry point in the replaced process, with a specific stack layout. If you return from the entry point function, you end up executing the first argument (i.e. the program name) as code… which crashes, especially if the stack is marked not for execution.
Wow, this is incredible! I wonder if there's an equivalent to this on MacOS/Linux? Just with a return 0 empty main function, compiling that on MacOS 14.4.1, Arm64 (M2) with CMake via Unix Makefiles gave me 16,848 B in Release mode! And a whopping 35,568 B if using -G Xcode instead of Unix Makefiles. I tried on Zorin Ubuntu Linux 16.3, Intel64, and I got down to 14,328 B with `strip --strip-all [TARGET_FILE]` I tried on Raspberry Pi (Debian-based Linux), Arm64, and got down to 6,160 B, But still nowhere near this neat trick of yours on Windows! I tried myself and got down to just 2,560 B, for comparison.
woow Nir, this is great!!!!! How do you find out about that knowledge? Do you read any specific C books? You are a genious!!! Nirk please, a video to use JSON in C where we can see how to process it and how to generate it. Thanks for sharing and please more videos like this!
I watched mostly because I have always had a question I've never bothered to answer for myself 😅 Unfortunately, the video didn't cover it: does WIN32_LEAN_AND_MEAN change the binary size? Perhaps one of these years I'll bother to find out 😹
considering that that is checked only at one exact #ifndef in the windows' SDK (line 193 in windows.h), which is not #included in this example, i can say "not at all"
Maining C# and learning about the unsafe keyword, pointers and then span. I learn more and more how absolutely vital memory allocation and use is. Especially in networking managing buffers and byte sizes. It's not just sending over as little as possible but managing the size of the buffer sent. It's a whole class subject's worth of study on it's own.
- Forgot to mention that you can also pass the /O1 option to the compiler to optimize for size, but for such a small program this will have little effect
- It is possible to make an even smaller executable with methods not covered in this video
btw small correction, dont write "Windows.h" but "windows.h", as its actaully small, and this causes errors on a cross compile from linux, which is case-sensitive
Yooo NIR bro u going places I'm happy you grow channel organically only bro I watch ur assembly vid and loved the part when u said add wax 1 bro keep it up super super super hacker!
For those wondering about how to make things even smaller, Dave Plumber makes a really small Windows executable to fit in a QR code.
@@Name_cannot_be_blank but the file is called "Windoes.h"?
I don't know if anyone noticed, but the dialog box's title shows Error (5:51), so was the MB_OK parameter for the button to show OK?
A bit more precision about the end :
Every NT executable has a small DOS program at the beginning just to print "This program cannot be run in DOS mode." We can see this by opening the executable in an hex editor. The DOS program starts with the letters "MZ" (the beginning of the header for a DOS program), then a bit after that, the actual program starts with the letters "PE" followed by two NULL bytes (0x50 0x45 0x00 0x00 in hex). Windows versions running on the NT kernel will just skip over the DOS program and start directly on the NT program part, but DOS based operating systems (Every MS-DOS version + Windows 1 -> Windows ME) will start at the beginning of the file and just execute the DOS program, saying "This program cannot be run in DOS mode."
This was added back at the time when NT and DOS were both used to make sure NT programs weren't run on DOS operating systems.
Just a small correction - Also Windows Executables for Windows versions based on DOS (Windows 1 until Windows ME) start with a small MZ dos program and NE/PE afterwards - NE is an older predecessor for PE en.wikipedia.org/wiki/New_Executable
So just removing anything before the pe header won't interfere with the executable or is there any system within nt/windows that expects the DOS header? Maybe something like defender?
Even funner fact: the DOS stub for the older NE executables actually said: "This program requires Microsoft Windows.", if I remember correctly. Technically you can change this string, or even replace the entire DOS stub with a legit useful DOS program, creating a so-called hybrid executable, but I haven't actually seen any linker that has this option. I'm also not sure if these strings are standardized, or just became adopted by all linkers because official MS tools use this exact text. UEFI applications are also PE executables, so they also need to have a DOS stub. The stub uses INT 21h/AH=09h to display the string and then quits with INT 21h/AH=4Ch (these are essentially DOS API calls).
@@robinweiland7533 I once tried to remove the MZ stub just to see what happens, so my executable started with PE directly. Windows XP then refused to start the program, as it didn't recognize it as valid executable. So yeah, NT expects the DOS stub to be present (besides, I may have fucked up the offsets present in the header anyway by just brutally stripping the MZ stub). But even DOS would refuse to start an ill-formatted executable, unless it has the .COM extension, because then it would load and start it as a flat binary, which would lead to nonsensical results, likely leading to the computer hanging.
Windows 2000 is NT 5 -- you're likely thinking 95/98/98SE
It is just so cool. It feels fresh in the realm of the frameworks and libraries.
People forgot how it felt having snappy programs. There is whole generation of developers does not care about any memory or size management.
Snappy? Either way it’s snappy. It’s less than a megabyte
@@tweetyguy7347 100Kb can still be too big for some applications, like embedded
That is what happens when you have a lot more memory and processing power and storage space than back in the day, people will prioritize safety and/or readability over performance or use higher level languages so they can just focus on writing the program which I'd say makes sense even though I don't think things like electron make sense for many of the applications that use it
Just say you don't feel like buying 16 gigs of RAM 💀
@@vlc-cosplayer you don't need 16 gigs of RAM unless you're playing a big game that's going to use that RAM... Not very many do
It's not tiny , it's appropriately sized and it gets the job done , that's all that matters.
i'm sure that it has a great personality too
Thats what she said
what is that pfp man i am seeing that everywhere
@@fizipcfx Isn't that matrix?
@@masterchief5589 i did some digging and it looks like it is from deus ex, and a youtuber named maximillianmus was saying that subscribe to everyone who uses this pfp
A while ago i noticed that my C programs always are around 16KB, even though the contents in them differ a lot, and that video explain it perfectly
Fun fact: The MS linker has a /stub option, which lets you supply a custom DOS program.
Sounds like an opportunity for someone to stuff DOOM for DOS into a modern PE executable. So if you run "chrome.exe" on Windows 10 you get Chrome, but if you run it in dosbox you get doom
@@harleyspeedthrust4013 I tried to do that with both Doom and Wolf3D.
- In the case of Doom, there was a Dos4GW failure
- In the case of Wolf3D, DOSBox just crashed
But when I tried to stuff in a custom small program, it worked.
On the DOS thing, I actually had to update BIOS firmware on a Linux machine once, and only a Windows style .exe was availiable on the manufacturer's website.
After reading around a bit, I found that I could rename and run that exec from a FreeDOS USB stick and successfully updated BIOS that way. It blew my mind a little bit, for that kind of hybrid executable to be possible.
It blew your mind to be able to run DOS software on a DOS derivative?
@@mikeyjohnson5888 No, it blew my mind that you can have a single installer executable which can be run from DOS and at the same time provide a graphical install wizard on modern Windows.
hybrid executables are nothing new or uncommon
Backward compatibility isn't always granted
what is this? binaries for ants??
I read this in Boris' voice
I understood that refference
Really pragmatic approach to the concepts I used to read in textbooks. You really did the practical even if it was a small demo, would love to see more videos like this one. You earned one subscriber. Thanks for making this.
What a great tutorial! I’m a web developer, I’ve written in C only a little and never programmed for Windows, but this video is super clear and interesting.
The "This program cannot be run in DOS mode." gave me an idea. One could probably create a dual-mode program. That will run in DOS and Windows.
For example, the SETUP executable in Windows 3.1 worked that way. It could be run under DOS to change the configuration of Windows, but also under Windows itself.
DOS, Windows, Linux, MacOS in one quad mode executable?😂
You could hide an easter egg there
@@maxmuster7003 Now we're talking!
@@maxmuster7003 This project already exists and is called "cosmopolitan"
The way you explain how stuff works is incredible, I really enjoyed watching the video and learning something new. You just earned a new subscriber!
Straight to the point.
No chit chat
No self glorification
❤
I've not done C for a LOOOOONG time and your explanation was excellent.
The part of the application that says, "This program cannot be run in DOS mode." is referred to as the program stub, a program within a program if you will, you can modify this executable or even include a DOS version of your application inside of it by changing some compiler options.
Very cool. Short and to the point, while still explaining everything you're doing fairly thoroughly. Thank you for the video!
This is such an interesting concept. I always heard about the c runtime but this is the first time it was actually demonstrated to me. Great tutorial! I wish you continue on this small executable concept and demonstrate further means of making the executable even smaller. I saw some discussions in the comments about removing DOS headers, and executable compression etc. They are beyond my skill level. :-) From demoscene I also heard about 4K executables that can run OpenGL, I looked at those projects but couldn't understand what's going on. Thank you!
love it. never seen this minimalist approach on windows before. very rare. thanks for posting
Explained in such a simple way. I learned something today.
I feel bad watching your videos. I feel like such a leech... So much great knowledge in such a great format.
The question I wanted to know a few weeks ago
Man, cutter is neat. Thanks for that recommendation. I'm trying to build a z80 based computer at the moment, and I've been having difficulty debugging my software.
Given that the entry is now main, what's going to happen to bss segment and pre-assigned ram variables?
This is actually VERY handy!!! Will be experimenting with this, when I can FINALLY stop playing with C# so that I can get back to the REAL programming language of C 😊
To make it even smaller, don't forget about the awesome UPX exectuable compressor :)
And after put in 7z SFX archive 😅
upx has a 64kb limit
for windows it's best to use crinkler and kkrunchy instead
Never heard of Krinkler before. Thanks for the info! :)
To add to crinkler, which replaces your link.exe, there are also kkrunchy and squishy; which both take an existing exe and produce a smaller one. Like UPX (iirc) and crinkler they compress your program section and the exe itself is a decompressor that takes the rest of the binary and decompresses it in memory to then execute it. In a way this does make the exe smaller but does not truly reduce instruction count, and it can trigger antivirus protection becausd it means executing arbitrary memory as code that could not be statically checked for malware while it was compressed. Also unsure about how linking additional dlls, and compiling compressed dlls, would work there but statically linking should. Sorry for the info dump, they are fun tools to explore so check them out if you are going in a compression adventure :)
@@tropicaltrevor i somehow merged kkrunchy and crinkler together lmao. i mostly write demoscene stuff on linux my bad
Great Video! Really enjoyed watching it - very insightful
love how You explain everything so easily and clearly :)
This tiny explanation is amazing !
How does it deal with the stack after returning from main? If you bypass the start routine on Linux like so
_start:
ret
it will crash with a sigsegv, because there is no valid address to return to at this point. In this case, you have to issue the _exit syscall. On Windows, that would correspond to ExitProcess.
good question! imma install hidra and look into it, will update as soon as done
@@ItsCOMMANDer_ the exact same way. it even accepts the return value from the entry point.
I didn't know about this cutter tool, super cool.
Do you use the same "tiling window manager" you made for windows in an earlier video, or a different one?
Yes, I use LightWM which is based upon the TWM I made in an earlier vid.
Thanks! Just a small question - what are the downsides of using this flag? I suspect things such as losing Canary protection and buffer overflow detection. Is that correct?
How would one make a hybrid executable that would work in DOS and Windows
For instance a calculator
When run in dos it would ask u questions, while ran in windows it would use winapi to display calculator
Based on someone else’s comment, Windows skips over the first few bytes that displays the DOS message, while DOS does not.
So I imagine in theory if you could replace the message with a jump statement to a point in your application that deals with DOS specifically, and have your default main be the Windows entry point.
This is just speculation, I’m not sure if it would work or not.
@@CoderDBF I mean if someone thought its a good idea for every program to also work in dos, even if it only displays a message then maybe people thought that at least in transition phaze you could have one executable
Then there has to be a compiler that can produce hybrid executable
I mean why would win32 apps have a separate WinMain entry point
WinMain for windows
main for dos
You are very good at navigating windows…
The smallest executable I can make with gcc is 652 bytes and that's it, can't go any lower than that.
Impressive!
I'm curious what you did to achieve that. What compiler settings, and platform did you use?
@@jakedeschamps4454 cl min.c -link -align:16 -entry:main, 688 bytes. Didn't try any harder
@@jakedeschamps4454 I use Arch and go all out in Assembly. The gcc switches/settings are nostartfiles, nostdlib, static, fno-ident, nmagic and build-id is none
Will the program run on Windows if you remove the DOS portion of the executable?
Good video. I grew up in the era of 80s/90s computing where everything was expected to fit on a 5 1/4" or 3 1/2" floppy disk or set and I miss the days of having smaller (and portable) EXEs. I would be nice to take cl and compare/contrast with gcc, lcc, etc.
Could you do a follow up video explaining what things is setting up to use libc that takes +100KB?
I complie this simple function with gcc and clang with -e flag, set to my main funciton, and output still contains std lib stuff, for both compilers. What other flags should I use?
I actually did this a few weeks ago with a win32 sokoban game I wrote. It yields good results even with mingw.
So, if I understand the difference is linking c standard library (either statically (first example) or dynamically) vs not linking it at all, and only using Windows (win32) library?
I still don't get it... why that much of code when it can be done with 2kB? What is the purpose of all the removed code? Is it to slow down PCs because they become faster?
I was expecting to see 512 bytes or smaller.
thats very cool can we decrease the size of executable more ? I am waiting for new videos
There are 2 good videos from Dave's Garage about that. He got it down to 800-600 bytes :)
@@conrad42 thanks, and do you have any idea how the shell codes are being produced bc they are so small yet for example they can establish connections l wonder also how they are working
@@kaankarakoc7680 shell code is a script language, which needs another executable (interpreter) to be run. Shell scripts mostly just orchestrate other executables. C is a compiled language and you get a standalone executable. Is this understandable?
I get many "LNK2001 unresolved external symbol" errors for many functions like "memcpy" and "rand"
Changing the entry point not only omits the startup code, but the whole C standard library, only leaving you with the parts of the Win32 API you explicitly link with. You may want to link to the UCRT (included since Windows 10, an update to the classic MSVCRT) instead of the Visual Studio runtime for a smaller C program.
@@D0Samp Thank you. I'll look into it. Or just have my own memcpy in the code. Thanks again
This video has been done like 900 times before. But I've seen at least 800 of them so I think the algorithm knows me. AFIK dave the plumber has the high score for smallest win32 program.
You forogt to strip the symbols from the binary, that's the reason why a hello world is comparatively huge. Excluding the C standard library is not a good idea IMHO, because you won't have printf for debigging, exit codes for your main function and basic convenience methods like string to int conversion.
Thanks though for sharing Cutter, it seems like a very nice piece of software
The binary in the video does not contain symbols (you can see in the functions list in cutter it does not pick up any symbols). Unlike Unix systems, on Windows symbols are not saved in the main binary but they are saved aside in a .pdb file. By default, when compiling with Visual Studio Build Tools, cl works in release mode and thus no symbols and debugging information is generated unless a special flag is passed. There exist many Windows API functions which can come in place of C lib functions, for example instead of printf, WriteConsole can be used. And for string to int there exists RtlCharToInteger learn.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-rtlchartointeger
Indeed, in most cases it is useful to also use the C lib for the convenience, but in some cases, it can be useful for example for very simple programs to only use Windows API if desired, it can also be a good learning experience.
Isnt WriteConsole just a file write to stdout? And I also think that Windows have the api wsprintf which combined with WriteConsole would be a complete printf
@@nirlichtman Thanks for sharing! Yeah, I was wrong... I just tested the /link /entry:main option and it shrinks the binary from 86kB to 1.5kB on my machine. And even the exit code is working just fine. Turns out, Windows is wildy different than Linux.
But it's important to realize that stressing about 86k of library binary size isn't helpful for most developers.
Though I personally do not like the Windows API and find its documentation very hard to understand, I agree it can be a great learning experience to use only Windows API functions instead of the C runtime.
Your videos are very nicely produced, keep up the good work!
@@newton-342 Thanks!
0:55 I don't know why, but it never occurred to me to use the command "start ." Pretty handy!
"explorer ." works as well. If you want to switch to cmd from explorer just type cmd in the address bar
So without the C entry point, you cannot do things like import stdio.h and call fprint?
I'm a little rusty on msvc++, but in mingw, things you can do, other than omitting the crt init code, include enabling optimization, and stripping symbols.
"winget package manager"
**uses vim**
I don't understand how you are not a linux user
There's nothing wrong with using Windows, nowadays even if you feel the need to use linux for something, WSL makes up for it so it isn't much of a big deal. Besides, if I were to be this knowledgeable about windows and its various APIs, I sure as hell would prefer it lol
he is
@@javierflores09 other than the fact that it is proprietary and malware, i agree there is nothing wrong with using windows
thank god this tutorial exists, the c binaries really eat up my 2 TB ssd
your windows setup is nice! what window manager do you use? :)
Thanks! Using one I am building called LightWM :)
My tiniest executable ever was 20 bytes, it set the terminal width from 25 to 50 lines.
How to compile with gcc to make a very minimal executable file?
So then, what's the smallest possible EXE we can make? I'm thinking of a finely crafted hex edited executable.
Can you make an even smaller executable in Assembly?
Yes.
Great video, thanks a bunch for the explanations
But what about merging all pages (.data, .text, etc) to one?
The DOS header thing reminds me of the Cosmopolitan C library project by Justine Tunney. Have you seen it? I think analyzing programs written in it with cutter would be a cool video. I couldn't understand it well from the write-up, maybe you can explain its secrets better.
can you do a demo of a different dos stub inside an exe?
That's a good idea, I will add to my list (might do this as part of a future video) :)
Nice video! Can you do a sort-of tutorial video on how to properly install Windows 10 with debloating tips / removing all the stuff that you don't need?
You might just use the Home/Pro edition of Win10. Few people also suggest installing the 2021 LTSC version that has no bloat - but it isn't legit because many circument the activation with an external script (bc it's expensive if you do it the legitimate way).
Many people are using an unofficial ISO downloaded from the internet that guarantee speed, reliability bla bla... but those ISOs can't really be trusted.
Maybe you could also throw in some open-source applications that are alternatives for system apps (like the old Files app you have).
Yah I recently started using winfile and it's very nice (it's the original file manager from Windows 3.1, Microsoft open sourced it and it's maintained on Github)
The debloating Win10 is a good idea for a future video, I will add to my list
After putting your command , it shows that 'cl' is not recognized is an internal and external command
How to fix it ?
Make sure you run the command inside the visual studio x64 native tools command prompt
I'd like to see the cutter path for the DOS mode
nice to see the assembly code.
I am learning assembly, and the book I use has chapters to work on linux. being a giant C program, Linux programs (at least from late 90s) uses stack based parameters passing.
Here, message box function does not use stack. instead it uses registers. I now wonder if it is because of 64bits, or it is the way windows differs from linux. (though it still increases/decreases stack pointer rsp)
The parameters are passed according to the calling convention, in this case the registers are used instead of the stack because of the x64 calling convention used.
I actually never notice since space is cheap these days... maybe if it were 1981 I would care.
it's the principle of the matter
2KB is still quite big for a program that does literally nothing. The smallest exe I ever saw, was on my Amiga. It was only 56 bytes large and was called "reboot". It does simply reboot the Amiga straight away without any prompt. And it wasn't a batch file or anything. Opening it in a hex editor really showed hex codes like a real exe file.
So it’s a lie. This program CAN be run in DOS mode because it IS running in order to print the message.
No, the program written isn't running in DOS mode, just a bit of boiler plate to let you know. Just like the "Non-bootable disk" boot sector messages of days of yore: obviously it booted to a message, but it isn't doing what the user was trying to do. So both are correct messages.
hi, could you please make some longer video on creating kernel modules/drivers under linux? or could you please create some C videos on some 'hacky' way to use it?
I wonder what would be the size if using gcc…
YES finally windows! i was looking for this video! thank you so much Nir! does Cutter work only with C?
Cutter works with many different binary file executable formats and is agnostic to the higher level programming language (or assembly) that they were originally written in.
This reminds me of situations like when people are like: "I wonder why my Python program takes so long to load, it's only a few lines of code"
The few lines: "import xawerfuaefrhiwethiwerragbesgbsrebgerbgiesgersbgsergerg... do simple thing, return x"
Thanks for the information 🙂
But what happens if you actually allow an NT .exe to run on DOS?
It runs the DOS stub section of the NT .exe, which in most cases is a simple DOS program that prints a message saying that it cant run on DOS (as demonstrated in the end of the video)
@@nirlichtman let me rephrase, since it got misunderstood. What happens if you remove the stub and correct the exe to not run into errors, then attempt to run in DOS?
Very nice video!! This happens with other compiles as well (gcc, clang)? Or only with the windows compiler "cl"?
You can do that. The linker flags can be a bit different.
I checked with GCC as well and it also by default adds some C library boilerplate to the executable
Thanks!
Meanwhile java executables: Look at what they need to mimic a fraction of my power
Meanwhile the JRE hiding in the background:
That’s me in a nutshell - “a little more useful than nothing,”
Holy shit man, +39C? Where do you live, Venus? :)
😂 Crazy heat wave on that day
what size second program with MessageBoxW was?
@kokokokosin yes
The `dir` from dosbox said it was 3072 bytes, so 3kB
@@EionRobb thanks
Isn't this program malformed? You may omit the whole C standard library including the default startup code, but you need at least one call to ExitProcess (same as _exit on Linux) to cleanly exit the program without crashing.
Apparently this works because the entry point function returns into the function for spawning threads (BaseThreadInitThunk in kernel32) which exits the thread that it was started on, and a process will exit if it has no more threads.
you're calling ret from a function. How could it possibly crash?
@@GeorgeTsiros Unlike the main function, which is usually called by the startup code of the C library, an entry point function is not guaranteed to have a valid return address on the stack. But because threads are meant to return a status code and the main thread on Windows is started the exact same way as additional ones, it still works.
@@D0Samp the entry point is entered by calling into it. No matter what it is, it will have a valid return address. yes?
@@GeorgeTsiros As I said, that happens to be the case here, you only have to explicitly exit the process if you can't make sure there are no other threads. In comparison, ELF-based Unix directly resumes execution from the execve() call at the entry point in the replaced process, with a specific stack layout. If you return from the entry point function, you end up executing the first argument (i.e. the program name) as code… which crashes, especially if the stack is marked not for execution.
Wow, this is incredible! I wonder if there's an equivalent to this on MacOS/Linux?
Just with a return 0 empty main function, compiling that on MacOS 14.4.1, Arm64 (M2) with CMake via Unix Makefiles gave me 16,848 B in Release mode! And a whopping 35,568 B if using -G Xcode instead of Unix Makefiles.
I tried on Zorin Ubuntu Linux 16.3, Intel64, and I got down to 14,328 B with `strip --strip-all [TARGET_FILE]`
I tried on Raspberry Pi (Debian-based Linux), Arm64, and got down to 6,160 B,
But still nowhere near this neat trick of yours on Windows! I tried myself and got down to just 2,560 B, for comparison.
Is that a windows tiler?
Yes, I started a TWM project for Windows called LightWM
when redo this with c code and gcc flags for linux systems?
planned :)
what is the real reason people still use windows?
reminds me the tech demo of a fps in 96kb.
Is that a tiling WM thing in windows lol?
Yes, I am working on one called LightWM
thank you mark zuccerberg
Hope that temp showing is not in Celsius
😂 We had a serious heat wave
Is that applicable to C++ as well?
Yes, but you will need to reimplement even more parts of standard library than for C case.
woow Nir, this is great!!!!! How do you find out about that knowledge? Do you read any specific C books? You are a genious!!!
Nirk please, a video to use JSON in C where we can see how to process it and how to generate it.
Thanks for sharing and please more videos like this!
He read. Documentation, compiler/linker options, etc. Nothing in this is special to C.
can you please fix the big icon small filename problem it hurts my eyes too and will be a great video topic
DOSBOX: set blaster=220 etc. I remember this from DOS times. I hated this line and I used to delete it everywhere.
Hey there! I really like your video, but I'm having problems optimizing the size of my Raylib game...
Thanks! I haven't tried Raylib yet so I am not sure if I can help, but if there is any specific question related to the video, let me know
Wow, great and utile.
Go developers 👀
I watched mostly because I have always had a question I've never bothered to answer for myself 😅
Unfortunately, the video didn't cover it: does WIN32_LEAN_AND_MEAN change the binary size?
Perhaps one of these years I'll bother to find out 😹
considering that that is checked only at one exact #ifndef in the windows' SDK (line 193 in windows.h), which is not #included in this example, i can say "not at all"
Most likely, no.
But it makes compilation faster (in case anyone is still concerned about that).
My tiniest exe had 2bytes.
It was to turn on PC speaker. ❤
I'm running out of ways to say "Neat", maybe fantastique!
Maining C# and learning about the unsafe keyword, pointers and then span.
I learn more and more how absolutely vital memory allocation and use is.
Especially in networking managing buffers and byte sizes. It's not just sending over as little as possible but managing the size of the buffer sent.
It's a whole class subject's worth of study on it's own.
making toy android system would be interesting! ^^