Trying to understand more of my current work in progress and I ran in through OllyDbg. The ASM is very interesting but what's more interesting is that this very small file (2k) has hundreds of lines of "00 DB 00" after what I thought was the end of the file. Why are these important?
Those padding bytes are used to align the size of files. Sections of portable executables are aligned to the standard value 512.
The binary I have in question is really very small where it's related to code. Is there a switch that I can use that will make this pad as limited as possible?
Thomas,
Its the format of a portable executable file that sets its minimum size. old DOS COM files were pure memory images so they could be very small but a 32 bit PE file has a dos header, a PE header and any section headers required. The minimum is 2 * 512 byte sections and the rest is PE specification data and any padding required to make the section the right size.
Perfect. That taught me the answer. Thank you.
You can use the /ALIGN swith of link.exe to get smaller win32 PE (<1024 bytes) but it may not run on every win32 platform.
Oh. Then I'll avoid this. Thanks for the information, and the warning.