Reputation: 1161
Portable Executable File without Any DLL Dependencies or Import Table
I have a program installed on my computer. When I check it with CFF Explorer, I cannot see any imports or dependencies. You can guess that it is a resource-only executable image, but it is not. It has a .text section that has a valid executable code and an entry point to this .text section.
It is obvious that it loads and links against the system libraries somehow because, otherwise, a user-mode application cannot do anything useful without calling any system APIs.
It would be great if an answer could answer these questions:
- How would such a PE image be possible?
- Which technique(s) do they use?
- And a minimal working example code if possible.
This is what the PE file looks like in CFF Explorer:
Here is a screenshot of PE Explorer. PE Explorer also says that there is no import table.
Upvotes: -1
Views: 1107
Answers (1)
Reputation: 1709
It is quite easy to generate an executable with no imports. Since this is about Windows I'll give an example using MSVC.
All you need to do is go to the project Properties -> Linker -> Input and set Ignore All Default Libraries to Yes /NODEFAULTLIB.
You will need to provide your own version of mainCRTstartup which is the default name for the entry point set by MSVC. You can change this by going to project Properties -> Linker -> Advanced and set Entry Point to the name of the function you want to use as an entry point.
Or, using directly cl.exe from the command line: cl.exe main.c /link /NODEFAULTLIB /ENTRY:"main". Full example:
$ more main.c
int main()
{
return 0;
}
$ cl.exe main.c /link /NODEFAULTLIB /ENTRY:"main"
Microsoft (R) C/C++ Optimizing Compiler Version 19.28.29333 for x86
Copyright (C) Microsoft Corporation. All rights reserved.
main.c
Microsoft (R) Incremental Linker Version 14.28.29333.0
Copyright (C) Microsoft Corporation. All rights reserved.
/out:main.exe
/NODEFAULTLIB
/ENTRY:main
main.obj
$ dumpbin /imports main.exe
Microsoft (R) COFF/PE Dumper Version 14.28.29333.0
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.exe
File Type: EXECUTABLE IMAGE
Summary
1000 .rdata
1000 .text
Of course, this means that you can not use any of the Win32 APIs. Even if you statically link a C runtime library provided by MSVC it would still not work, as it will use functionality from the system DLLs. You can workaround this if you invoke the syscalls you need directly (as long as you know their number, which may change from one Windows version to another).
Upvotes: 2
Related Questions
- Creating executable without relocations in Visual Studio
- Making visual studio projects portable, problem
- C++ Stand-alone executable
- How can I make a portable executable?
- Build a C++ binary w/o dll dependency
- DLL dependencies for portable C/C++ application for Windows
- Generating windows exe
- Compiling C++ into portable linux binaries
- Generate executable file at runtime - C++ / Visual C++
- how to build an executable without import table in c/c++?