Size Is Everything: Making Tiny ELF Binaries

← Back to Stories (view on slashdot.org)

Size Is Everything: Making Tiny ELF Binaries

Posted by CowboyNeal on Friday July 30, 2004 @10:41AM from the rescue-disk-ready dept.

Milk Toast writes "According to this article one can start with a simple program consisting of 3998 bytes and reduce it down to a mere 45 bytes. Now if they could only reduce the size of my Office install." It involves digging into assembly, naturally, but it's interesting to see the extra code generated not only by the compiler, but by the other steps along the way.

40 comments

Min score:

Reason:

Sort:

First heard this on Slashdot. by Anonymous Coward · 2004-07-30 10:42 · Score: 0

I first heard about teeny ELF here.
1. Re:First heard this on Slashdot. by Scarblac · 2004-07-30 10:49 · Score: 2, Informative
  
  In fact, I first heard about it here...
  
  --
  I believe posters are recognized by their sig. So I made one.
2. Re:First heard this on Slashdot. by Scarblac · 2004-07-30 10:53 · Score: 2, Interesting
  
  And, reading through those comments, that wasn't the first time either... That's actually what I thought, but I couldn't find the link to the even older article quick enough.
  
  --
  I believe posters are recognized by their sig. So I made one.
2001 called by Anonymous Coward · 2004-07-30 10:43 · Score: 4, Funny

and they want their "news" back.
1. Re:2001 called by andreyw · 2004-07-30 20:17 · Score: 1
  
  Uh yeah. (glances back at printout of the Tiby ELF paper on bookshelf_
At the risk of offending little people... by brilinux · 2004-07-30 10:46 · Score: 2, Funny

Should ELF binaries not normally be really small?
1. Re:At the risk of offending little people... by FooAtWFU · 2004-07-30 15:31 · Score: 1
  
  What kind of a Tolkein fan are you? The elves are taller than men.
  
  --
  The World Wide Web is dying. Soon, we shall have only the Internet.
2. Re:At the risk of offending little people... by Stephen+Samuel · 2004-07-30 16:39 · Score: 1
  
  Yes, but they're thinner too.
  Besides.. the original elf was:
  1. An imaginary supernatural being, commonly a little sprite, much like a fairy; a mythological diminutive spirit,
  .....
  Webster's Revised Unabridged Dictionary (1913)
  
  --
  Free Software: Like love, it grows best when given away.
It's a duplicate! by david.given · 2004-07-30 10:55 · Score: 3, Informative

From 2002, no less!
Man, I've been reading Slashdot way too long.
(It's still a good article though. Worth rereading if you're at all interested in how ELF binaries work.)
1. Re:It's a duplicate! by Anonymous Coward · 2004-07-30 11:10 · Score: 0
  
  Heh, I knew I had read it a couple years ago, but didn't know it was a Slashdot dupe.
  
  Oh well, interesting stuff still.
2. Re:It's a duplicate! by photon317 · 2004-07-30 12:05 · Score: 2, Interesting
  
  Damn you beat me to it. Even in 2002, it was just a linux/elf rehash of what optimizating asm-geeks have been doing since the dawn of time. I distinctly remember a contest I had with another guy back around 1994 on 486-class machines running MSDOS, to see which of us could write a functional text pager (ala "more", press spacebar to see the next screen of text from standard input) in the fewest bytes possible in the resulting .COM executable. I can't recall the exact numbers, but he beat me by something around 10 bytes, and the numbers were in the neighboorhood of 100 bytes flat.
  
  --
  11*43+456^2
3. Re:It's a duplicate! by Anonymous Coward · 2004-07-30 12:07 · Score: 0
  
  optimizating
  Mr. President, you really should get back to the 9/11 commission report. Hacking assembler is not for you.
  ~~~
4. Re:It's a duplicate! by photon317 · 2004-07-30 12:09 · Score: 1
  
  I thought it was clever :)
  
  --
  11*43+456^2
5. Re:It's a duplicate! by Anonymous Coward · 2004-07-30 12:22 · Score: 0
  
  It is a nice one. Wonder if he's used it in a speech :).
  ~~~
Jesus that's old by xenocide2 · 2004-07-30 11:39 · Score: 1

As I recall, that's been on slashdot, and several posts already have mentioned this. Quite a few years ago. In fact, I think there was a Linux virus plus howto that linked to this on how to make small binaries to travel across networks with. Interesting read, and quite amusing to fit an entire virus inside an ELF header.

--
I Browse at +4 Flamebait
Open Source Sysadmin
Ugh! by Hard_Code · 2004-07-30 11:45 · Score: 1

AAAAa aaagh...get out of heeeere! you duplicate!</Mya-Rudolph-Impersonating-Donatella-Ve rsace>

--

It's 10 PM. Do you know if you're un-American?
42 by Anonymous Coward · 2004-07-30 11:55 · Score: 0
It may not be an executable but... by Froze · 2004-07-30 12:33 · Score: 2, Interesting

It runs and it is only 8 bytes!
froze@butsuri:~$ cat > tiny
exit 42
froze@butsuri:~$ chmod a+x tiny
froze@butsuri:~$ ./tiny; echo $?
42
froze@butsuri:~$ wc -c tiny
8 tiny

--
-- The morphemes of your disquisition are ascertainable, but they have eschewed an ambit of transpicuous exposition.
1. Re:It may not be an executable but... by Anonymous Coward · 2004-07-30 12:52 · Score: 0
  
  You are an eejit.
2. Re:It may not be an executable but... by Froze · 2004-07-30 13:03 · Score: 1
  
  You are an eejit.
  
  Nice troll, good troll, down boy down.
  
  The article is about getting the smallest ELF that will return 42. If returning 42 were an actual requirement and size is all that matters, then this is much more effective as it takes advantage of an already existing process - the shell. Much like the ELF is taking advantage of the kernel. I suppose that one could actually write machine code to run in place of the kernel that would generate the number 42 and do it in fewer than 45 bytes, but I didn't want to ruin my uptime ;-)
  
  --
  -- The morphemes of your disquisition are ascertainable, but they have eschewed an ambit of transpicuous exposition.
3. Re:It may not be an executable but... by dtfinch · 2004-07-30 14:38 · Score: 1
  
  You can shave at least 1 more byte off that.
4. Re:It may not be an executable but... by the_cowgod · 2004-07-30 16:49 · Score: 2, Informative
  
  That wastes a byte for a newline! Try:
  
  cowgod@kraken:~$ echo -n "exit 42" > tiny
  cowgod@kraken:~$ chmod a+x tiny
  cowgod@kraken:~$ ./tiny; echo $?
  42
  cowgod@kraken:~$ wc -c tiny
  7 tiny
gcc opts by beswicks · 2004-07-30 15:39 · Score: 2, Insightful

Erm, i'm not sure its nearly 5 in the morning here but initially he compiles with

gcc -Wall -s -O3 tiny.c

shouldn't

gcc -Wall -s -Os tiny.c

make more sense seeing as how -O(1-3) are for SPEED optimization where as -Os is to make things SMALL

pls. Expose my idiocy...
1. Re:gcc opts by Anonymous Coward · 2004-07-30 16:08 · Score: 2, Interesting
  
  The article is so old, I think it was before they had -Os in gcc.
2. Re:gcc opts by Anonymous Coward · 2004-07-30 18:07 · Score: 1, Insightful
  
  It really depends. I was working on a bootloader earlier in the semester and tried the different compile options to see what their effects were. For one-shot pieces of code, -O3 actually reduces size more than -Os because of the way everything is inlined.
3. Re:gcc opts by andreyw · 2004-07-30 20:20 · Score: 1
  
  Doesn't really matter. You end up doing the optimizations by hand anyways.
Completely, utterly, useless by be-fan · 2004-07-30 15:47 · Score: 1

There is absolutely no point at all to this article. He started with a 3998 byte program, and ended with a 45 byte one. The kicker is, when the OS loads the program into ram, it'll stick both in a 4096 byte page! All he accomplished was to make that page mostly full of zero-fill padding!

Since nobody is actually going to waste their time doing this for programs large enough that the padding doesn't kill the gain, what's the point?

--
A deep unwavering belief is a sure sign you're missing something...
1. Re:Completely, utterly, useless by Fujamabob · 2004-07-30 18:12 · Score: 3, Insightful
  
  When you google for ways to fit a program in 512 bytes on the first sector of a floppy, and this is the first article that mentions the options for not using standard include files, etc., it becomes useful.
2. Re:Completely, utterly, useless by Anonymous Coward · 2004-08-01 12:51 · Score: 0
  
  Exactly. All he did was making it a nightmare to maintain had it been any bigger project. While I admire those people that can make computers do nifty stuff with only a small number of bytes, I also admire cleanness, good abstraction, good maintainability.
  
  Please, write good and clean high-level code, use asm functions with well-defined interfaces for time-critical stuff but stop squeezing single bytes out of binaries which, according to the parent, doesn't even give you any advantage nowadays besides bragging.
3. Re:Completely, utterly, useless by p3d0 · 2004-08-02 03:04 · Score: 1
  
  You must be a riot at parties.
  
  --
  Patrick Doyle
  I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
4. Re:Completely, utterly, useless by meme_police · 2004-08-03 09:01 · Score: 1
  
  Who still uses floppies?
  
  --
  The meme police, They live inside of my head
I made this joke last time too... by Lord+Bitman · 2004-07-30 16:13 · Score: 1

How far we've come. An advanced civilization took a computer the size of a city and millions of years to do this, and now we can come up with the same answer in only 45 bytes.

--
-- 'The' Lord and Master Bitman On High, Master Of All
1. Re:I made this joke last time too... by t4k1s · 2004-07-31 01:20 · Score: 1
  
  Ouch... so Douglas Adams was off by 3...
2. Re:I made this joke last time too... by mopslik · 2004-08-03 03:27 · Score: 1
  
  ...and now we can come up with the same answer in only 45 bytes.
  
  Or you could store "42" in a text file, for a grand total of 3 bytes (including EOF). Now that's progress.
Am I the only one who burst out laughing... by shfted! · 2004-07-30 18:17 · Score: 1

... at how he describes the resemblence in the ELF and program headers? Or am I really that much of a geek? =P

Take a look at our program. Note that the last eight bytes in the ELF header bear a certain kind of resemblence to the first eight bytes in the program header table. A certain kind of resemblence that might be described as "identical".

--
He who laughs last is stuck in a time dilation bubble.
Oooh that brings back memories. by andreyw · 2004-07-30 20:29 · Score: 1

Back in 2002, after having perused the TinyELF article, I got into my Linux IA-32 assembly craze (which was an offshoot of my IA-32 OSDEV craze, lol). Now I didn't bother with messing with ELF headers - but just wanted to create the smallest possible binary output - Here is a cat-like program. ----------> .text .globl _start _start: incl %eax doit: incl %eax incl %eax pushl %esp popl %ecx xorl %edx, %edx incl %edx int $0x80 cmpl $0,%eax je exit incl %eax incl %eax incl %eax incl %ebx pushl %esp popl %ecx int $0x80 xorl %ebx, %ebx jmp doit exit: incl %eax int $0x80 ----------> Here is a Hello World type program ----------> .global _start _start: pushl $13 popl %edx pushl $msg popl %ecx incl %ebx pushl $1 pushl $4 go: popl %eax int $0x80 jmp go msg: .string "Hello Linux!\n" ---------->
Re:RTFA by Lord+Bitman · 2004-07-31 17:44 · Score: 1

it produces the number 42, using 45 bytes of code, jackass.

--
-- 'The' Lord and Master Bitman On High, Master Of All
But, but... by Anonymous Coward · 2004-08-03 04:51 · Score: 0

my wife keeps reassuring me that size isn't important!
I wish somebody would tell the spammers, then by Medievalist · 2004-08-03 05:50 · Score: 1

because it'd save me a lot of spamassassin CPU cycles.