Yes, you append the data outside/after the end of the defined PE image. You can do a simple concatenation if you don’t want to deal with the PE header. For instance “echo abcd >> myprogram.exe” would work, resulting in ‘abcd’ appended to the end of ‘myprogram.exe’. Myprogram.exe would run fine. Then you’d just need to … Read more
If you load the binary into your own process you can use GetModuleHandle. It returns a HMODULE, but that is the same as HINSTANCE and the base address. If you want to know what base address the binary prefers you should read the PE header. See here and look for the ImageBase field in IMAGE_OPTIONAL_HEADER. … Read more
You can use /pdbpath:none (or /pdbaltpath:%_PDB% on newer versions of link.exe) to remove the full qualified path name of the PDB file, but keep the name and extension of the PDB only. Keeping the name (and extension) of the PDB for released images is your only way to debug an image that is buggy. Windows … Read more
Most Windows process (*.exe) are loaded in (user mode) memory address 0x00400000, that’s what we call the “virtual address” (VA) – because they are visible only to each process, and will be converted to different physical addresses by the OS (visible by the kernel / driver layer). For example, a possible physical memory address (visible … Read more
.NET Core 3.0 .NET Core 3.0 supports it out of the box. It packs all stuff in one .exe file (~68 MB for a basic console app). There is PublishTrimmed=true option that can decrease size to ~28 MB by analyzing static code references and excluding unused framework assemblies from the final build. To configure single … Read more
As quoted from source (Creating the smallest possible PE executable): 1 Smallest possible PE file: 97 bytes Smallest possible PE file on Windows 2000: 133 bytes Smallest PE file that downloads a file over WebDAV and executes it: 133 bytes The files above are the smallest possible PE files due to requirements of the PE … Read more