Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the minimum file size of a PE file (exe) on Windows? And the minimal memory allocation? [duplicate]

Tags:

memory

windows

exe

masm

What is the minimum file size of a PE file (exe) on Windows? And the minimum memory allocation?

I assembled (using MASM (ml.exe) and link.exe that come with VS 10) the following code: I can not leave out kernel32.lib and ExitProcess, if I do, the program crashes. 

; Assmebly options
.386
.MODEL FLAT, STDCALL
option casemap:none

; Include Libs
includelib kernel32.lib

; Imported symbols
ExitProcess PROTO :Dword
Sleep PROTO :Dword

; Code
.CODE

start:
    invoke Sleep, 10000
    invoke ExitProcess, 0
END start

The Sleep command is included only to be able to read the memory usage before the program ends.

Now I measure the following: The .exe file is exactly 2.5 KB in size (if I include user32.lib and MessageBoxA, it becomes 3 KB in size --> blocks?) and the application uses 136 KB RAM when it's run (Vista 32bit).

Isn't that somewhat much memory for such a simple program? Why is the exe file so large, and the RAM requirement much larger than the exe file?

Are there some minimal memory sizes? What about the file? It looks like it's organized in blocks of 0.5 KB in size, but isn't it 0.5 KB then for this shortest possible program?

Where can I read about this (except http://msdn.microsoft.com/en-us/magazine/cc301805.aspx which I will check out)?

Thanks (my first question here)

like image 829
masterxilo Avatar asked Dec 05 '22 00:12

masterxilo

1 Answers

ntdll.dll is mapped into every single process and does a lot of basic initialization before your code starts running. This will always cause a small amount of private memory to be allocated. Take a look at LdrpInitializeProcess; here's a small list of things:

  • It creates the process heap.
  • It sets up the activation context stack for the current thread.
  • It initializes several critical sections. This will almost always cause memory to be allocated.

Also, other DLLs that get loaded into your process (e.g. kernel32.dll, user32.dll) will probably allocate memory themselves, in their DllMain functions.

EDIT: Take a look at this simple test program I created:

Minimal program

It's a completely native program (no Win32), and imports just two functions from ntdll.dll: NtDelayExecution and NtTerminateProcess. It's very similar to your program, and even though it doesn't do anything except sleep, it still uses 100 kB of private memory. The file is 2.5 kB in size, just like your program.

like image 56
wj32 Avatar answered Dec 28 '22 11:12

wj32
Sign in to Comment

Related questions

VSCode Installation Failed - Failed to extract installer
Open JSON files in different directory - Python3, Windows, pathlib
How can I find the drive letters for all disks on a system?
win api readConsole()
CouchDB fails to start after applying Windows 10 Creators Update
Node.js halts when console window is scrolled
Are Assembly programs almost the same size as C programs
Error installing ruby on rails on windows 10
Deallocation doesn't free memory in Windows/C++ Application
How can I force a Perl script to use ActiveState's wperl?
How can I create a locked-down python environment?
How can I detect if Windows Installer is installed?
Where should I put the ack configuration file on Windows?
Callback, specified in QueueUserAPC , does not get called
Create file command in batch files (*.bat)
Automated Windows UI Testing Approach
Cygwin's bash can't run 'net use /user' command?
Set PHP cron job on windows server 2003
Windows Named Pipe Support in Linux [closed]
System tray context menu doesn't disappear

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!