 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
||||||||||
|
||||||||||||||
|
||||||||||||||
|
#1
01-14-2011, 08:47 AM
|
|||
|
|||
Reduce .Net Exe Assembly file size
Hi All,
 I'm currently looking a way to strip down the size of a .Net Exe Assembly. Using a toolchain ilmerge->monolinker->eazobfuscator->monocecil (to remove security attributes), and removing the .rsrc section at the PE file, everything is working well so far. But now, I would like to remove the .reloc section, as I have read in the book "IL 2.0 Assembler" p61 : "if the common language runtime header flags indicate that the image file is IL only (COMIMAGE_FLAGS_ILONLY), the operating system ignores the .reloc section altogether.". But trying to remove this section is producing an invalid .NET PE files. I'm running on Windows 7 and I thought that It was a CLI-aware platform that doesn't require the reloc section and is going directly to the managed entry point. Am i missing something here? 
|
|
#2
01-14-2011, 09:03 AM
|
|||
|
|||
|
The obvious question here is "why on Earth do you need that?!".
If you care about size that much, just pack file with NETZ, SixxPack or some other pure .NET packer. It will give you bigger savings than getting rid of relocations. If it's for research, disassemble PEDecoder::CheckFormat, PEDecoder::CheckILOnly and PEDecoder::CheckILOnlyBaseRelocations functions in mscorwks.dll from .NET 2.x. Lidin's book is good but nothing beats the actual implementation. Btw, who said that you must have relocations in the .reloc section?  Last edited by kao : 01-14-2011 at 09:04 AM. Reason: EDIT: typo
|
|
#3
01-14-2011, 09:48 AM
|
|||
|
|||
|
Quote:
I'm mostly doing demomaking 4k/64k intro (my blog), and I'm working now with .NET to see how much I can reduce the file size of a .NET assembly for small executable (let's say, under 200Ko, could be under 64k in some circumstances)Quote:
 Just in comparison, sixxpack is compressing my exe from 65Ko to 39Ko where I can go as low as 19Ko with my own packer, so, at this level, this is important! Quote:
But you give me the idea to look directly at the source CLR released old-source (SSCLI2), and I just found this around in pedecoder.cpp : Code:
CHECK((FindNTHeaders()->FileHeader.Characteristics & VAL16(IMAGE_FILE_RELOCS_STRIPPED)) != 0);
|
|
#4
01-14-2011, 10:06 AM
|
|||
|
|||
|
Quote:
I'm using IDA as a disassembler and PDB files from Microsoft. SSCLI is good but their PEDecoder class is incomplete. Once you start hacking more of .NET internals, it becomes a problem. Files that would pass all checks of SSCLI, could fail in real OS. Have fun! kao
|
|
#5
01-14-2011, 10:45 AM
|
|||
|
|||
|
I used to do some tests to get the smallest "do something" .NET Assembly, I managed to reduce it to 3 KB only, I don't know if it can be stripped more.
anyway I recommend using MPRess packer for .NET files to reduce the size.
__________________
Life can only be understood backwards but It must be read forwards.
|
|
#6
01-14-2011, 11:37 AM
|
|||
|
|||
|
Quote:
Also, I did already test MPress and the exe was able to compress from 65Ko to around 31Ko, better than NETZ or sixxpack, but still, from my test, we can go as low as 20Ko, which is a significant improvement here (of course, at the cost of decompressing time, which could be around 800ms, but for demomaking, that's not an issue) Quote:
Indeed for SSCLI2.0, but It has stills lots of things inside that are still accurate, so... It was probably easier for me to look at this sourcecode than to go through the tedious IDAPro way!
|
Linear Mode
