So I found a cool search tool by Didier Stevens: http://blog.didierstevens.com/programs/xorsearch/
I goes through a file and searches for a string, and also several common transpositions of that word. It included a windows executable :-(, but it built fine with gcc and appears to work! :-) I will definitely use this.
But, it got me thinking. I could use my new tool! I could look at the difference gross between a Windows a Linux executable with bin2bmp. (Cut me some slack, I like pictures...) Here are the results:
Linux Binary (gcc (Ubuntu 4.3.3-5ubuntu4) 4.3.3):
Windows Binary (Borland C++ - Copyright 1999 Inprise Corporation):
To be fair, his windows binary is digitally signed, but that can't be all the difference? Is it statically linked maybe?
Linux Statically Linked Binary (gcc (Ubuntu 4.3.3-5ubuntu4) 4.3.3):
Maybe not. I don't have a way to generate a Windows statically linked binary for comparison though... anyway this was mostly just an excuse to play with my new tool. But I am curious.
BTW, Latest version of bin2bmp here: http://sourceforge.net/projects/bin2bmp/