Tuesday, April 21, 2009

Why are windows executables so big?

So I found a cool search tool by Didier Stevens: http://blog.didierstevens.com/programs/xorsearch/

I goes through a file and searches for a string, and also several common transpositions of that word. It included a windows executable :-(, but it built fine with gcc and appears to work! :-) I will definitely use this.

But, it got me thinking. I could use my new tool! I could look at the difference gross between a Windows a Linux executable with bin2bmp. (Cut me some slack, I like pictures...) Here are the results:

Linux Binary (gcc (Ubuntu 4.3.3-5ubuntu4) 4.3.3):

Windows Binary (Borland C++ - Copyright 1999 Inprise Corporation):

To be fair, his windows binary is digitally signed, but that can't be all the difference? Is it statically linked maybe?

Linux Statically Linked Binary (gcc (Ubuntu 4.3.3-5ubuntu4) 4.3.3):

Maybe not. I don't have a way to generate a Windows statically linked binary for comparison though... anyway this was mostly just an excuse to play with my new tool. But I am curious.

BTW, Latest version of bin2bmp here: http://sourceforge.net/projects/bin2bmp/

1 comment:

  1. So I'm not the only one that's noticed this! I wrote a hello world application in C and compiled it both with GCC and Dev C and the windows executable was significantly larger, but I still don't understand why it is. If you've found out anything new on the subject I would love to know.