I used to do this on MSVC all the time, but usually just dynamically linking libc, changing alignment settings, maybe merging some sections and using decent optimization settings can bring the executable size down considerably (1-2kb).
Actually removing linking to libc completly (even when done dynamically) is silly unless you really don't want to use anything from it. A real application usually needs some imported functions anyway.
As for using interrupts directly, can anyone tell me how portable are the magic values for int 0x80 interrupt on linux?
On Windows, you could technically use sysenter or int 2Eh to do a syscall into the kernel, but the actual constants used change every major NT revision (so nt4,5,6 have different values) - as they're meant to be for internal use only. Of course, it's not terribly hard to write such code in such a manner that it would be portable for all current and previous versions of NT, and with a bit more effort, you could even make the code futureproof to a certain extent (for example, by loading ntdll and resolving the APIs from there, then disassembling and extracting these constants from the base APIs, either that or parsing SSDT tables from ntoskrnl and related modules, but WHY WOULD YOU DO THAT WHEN THERE ARE CLEAN AND NICE PORTABLE INTERFACES? I've only seen such techniques used in:
- Rootkits
- Game cheats which try to avoid detection by bypassing normal API calls
- DRM
- Rootkit detectors which try to bypass any possible hooks and call the kernel's API's directly.
All 4 of these types of software are shady in their doings, so they need this for their functionality, but why would anyone doing normal software development would want to do this?)
>>3
The strange thing is, on *nix it requires a ton more work to get it as small as compiler-generated code can be --- WTF is with all the fucking sections the linker emits? Most of the stuff in the header is frivolous too. Makes me want to use a.out or AXF instead of ELF.
>>1
How the fuck did this story end up on the front page of reddit, slashdot, and /prog/?? If I had posted a simple exploration blog post like this, not even the great Suss in all his omnipotence would have noticed.