MRT.EXE - reduce size

Questions about Update Pack making? Ask here.
Post Reply
swampy
Posts: 3
Joined: Wed Mar 01, 2006 2:46 am

MRT.EXE - reduce size

Post by swampy » Tue Jun 19, 2007 2:47 am

Save some more space: mrt.ex_ from 7.01 MB to 3 KB.

Open mrt.exe with reshacker, remove all resources except Version Info & save.

mrt.exe = 6 KB

mrt.ex_ = 3 KB

It passes MU with no Microsoft Windows Malicious Software Removal Tool required.

User avatar
yumeyao
Moderator
Posts: 1718
Joined: Sun Aug 27, 2006 9:24 pm
Location: Taiyuan, Shanxi, PR China

Post by yumeyao » Wed Jul 11, 2007 3:00 am

oops, i will use this on my next XP re-installation.
Image
My work list(Hosted by dumpydooby)

HiDefHusker
Posts: 14
Joined: Sat Jul 01, 2006 6:55 pm

Post by HiDefHusker » Wed Jul 11, 2007 4:08 pm

Deleting resources is tedious. Here's a ResHacker script to remove all resources from MRT.exe except the VERSIONINFO resource for language 1033.

Code: Select all

[FILENAMES]
Exe=      MRT.exe
SaveAs=   MRT_new.exe
Log=      MRT_new.log

[COMMANDS]
-delete   BITMAP,,
-delete   DIALOG,,
-delete   ICONGROUP,,
-delete   RCDATA,,
-delete   RT_RCDATA,,
-delete   STRINGTABLE,,
-delete   24,,
-delete   VERSIONINFO,,1025
-delete   VERSIONINFO,,1028
-delete   VERSIONINFO,,1029
-delete   VERSIONINFO,,1030
-delete   VERSIONINFO,,1031
-delete   VERSIONINFO,,1032
//-delete   VERSIONINFO,,1033
-delete   VERSIONINFO,,1035
-delete   VERSIONINFO,,1036
-delete   VERSIONINFO,,1037
-delete   VERSIONINFO,,1038
-delete   VERSIONINFO,,1040
-delete   VERSIONINFO,,1041
-delete   VERSIONINFO,,1042
-delete   VERSIONINFO,,1043
-delete   VERSIONINFO,,1044
-delete   VERSIONINFO,,1045
-delete   VERSIONINFO,,1046
-delete   VERSIONINFO,,1049
-delete   VERSIONINFO,,1053
-delete   VERSIONINFO,,1055
-delete   VERSIONINFO,,2052
-delete   VERSIONINFO,,2070
-delete   VERSIONINFO,,3082

newsposter
Posts: 1131
Joined: Wed Sep 14, 2005 11:31 am

Post by newsposter » Wed Jul 11, 2007 4:52 pm

this might be something worth passing along to nuhi for his nlite utility as well as for creation here as an 'addon'.

User avatar
grief
Posts: 59
Joined: Thu Aug 10, 2006 5:31 pm
Location: Ohio

Post by grief » Wed Jul 11, 2007 8:55 pm

i'd use it as a addon ;)

User avatar
yumeyao
Moderator
Posts: 1718
Joined: Sun Aug 27, 2006 9:24 pm
Location: Taiyuan, Shanxi, PR China

Post by yumeyao » Wed Jul 11, 2007 9:16 pm

HiDefHusker wrote:Deleting resources is tedious. Here's a ResHacker script to remove all resources from MRT.exe except the VERSIONINFO resource for language 1033.
how to use this script?
save it to 1.spt

then...... put it to the same folder as MRT.exe
then run "reshacker.exe 1.spt"?
Image
My work list(Hosted by dumpydooby)

Xable
Posts: 981
Joined: Tue May 03, 2005 6:38 pm
Contact:

Post by Xable » Wed Jul 11, 2007 10:52 pm

I hate to be a party poper but, in the past and maybe in the future MU checked for the presence of mrt.exe. At least for now it doesn`t, so you can leave it out alltegether.

As long as you`ve got these reg entries (and the version value is up to date) MU won`t miss it one bit.

Code: Select all

HKLM,"SOFTWARE\Microsoft\RemovalTools\MRT","EULA",0x10001,1
HKLM,"SOFTWARE\Microsoft\RemovalTools\MRT","Version",,"4AD02E69-ACFE-475C-9106-8FB3D3695CF8"

User avatar
RyanVM
Site Admin
Posts: 5186
Joined: Tue Nov 23, 2004 6:03 pm
Location: Pennsylvania
Contact:

Post by RyanVM » Thu Jul 12, 2007 12:36 am

That's good to hear. Thanks for the heads-up, Xable :)
Get up to $200 off on hosting from the same people who host this website!
http://www.ryanvm.net/forum/viewtopic.php?t=2357

User avatar
yumeyao
Moderator
Posts: 1718
Joined: Sun Aug 27, 2006 9:24 pm
Location: Taiyuan, Shanxi, PR China

Post by yumeyao » Thu Jul 12, 2007 12:54 am

thx, Xable.
as updatepack goes very huge, i'm considering to remove MRT.exe.
Image
My work list(Hosted by dumpydooby)

User avatar
MrNxDmX
Moderator
Posts: 3112
Joined: Mon Jan 03, 2005 7:33 am

Post by MrNxDmX » Thu Jul 12, 2007 6:29 pm

yumeyao wrote:as updatepack goes very huge, i'm considering to remove MRT.exe.
Good idea.
v1,31 is 15,5mb :?

User avatar
yumeyao
Moderator
Posts: 1718
Joined: Sun Aug 27, 2006 9:24 pm
Location: Taiyuan, Shanxi, PR China

Post by yumeyao » Mon Jul 16, 2007 4:30 am

yes, and compressed is 7M.....
Image
My work list(Hosted by dumpydooby)

User avatar
DizzyDen
Posts: 47
Joined: Mon May 29, 2006 10:47 am

Post by DizzyDen » Mon Jul 16, 2007 7:38 am

yumeyao wrote:
HiDefHusker wrote:Deleting resources is tedious. Here's a ResHacker script to remove all resources from MRT.exe except the VERSIONINFO resource for language 1033.
how to use this script?
save it to 1.spt

then...... put it to the same folder as MRT.exe
then run "reshacker.exe 1.spt"?
The actual conext is "reshacker.exe -script 1.spt" without quotes
You Can't Get, If You Won't Give
YCGIYWG

User avatar
code65536
Posts: 735
Joined: Wed Mar 14, 2007 2:58 pm
Location: .us
Contact:

Post by code65536 » Tue Jul 17, 2007 4:57 pm

I'd personally prefer leaving a stub that would direct the user to the download page for the MRT. Sure, it's one extra file compared to the leave-it-out method, but useful in case some newbie had been instructed to do Start > Run > "mrt" (I've told someone to do that before). It's easier to do than all that reshacking, anyway (which leaves a file that does nothing). Just one line...

Code: Select all

#include <windows.h>

int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow )
{
	ShellExecute(NULL, NULL, "http://www.microsoft.com/security/malwareremove/", NULL, NULL, 0);
}
And for people without a C compiler: mrt_stub.7z (smaller than an ISO sector :P)
Last edited by code65536 on Sun Aug 26, 2007 11:40 pm, edited 4 times in total.

OuTman
Posts: 171
Joined: Wed Jul 05, 2006 6:40 pm

Post by OuTman » Wed Jul 18, 2007 7:28 pm

code65536, about your MRT stub: excellent idea :D

however, I think it could be even better if it was a separate addon

User avatar
yumeyao
Moderator
Posts: 1718
Joined: Sun Aug 27, 2006 9:24 pm
Location: Taiyuan, Shanxi, PR China

Post by yumeyao » Wed Jul 18, 2007 11:49 pm

@OuTman: just tell me you're gonna running MRT.exe after your XP installation immediately...
Image
My work list(Hosted by dumpydooby)

OuTman
Posts: 171
Joined: Wed Jul 05, 2006 6:40 pm

Post by OuTman » Thu Jul 19, 2007 12:04 am

nonono you misunderstood me ^^

(I've NEVER run mrt.exe, simply because I never needed it.)

what I said, is that RyanVM Update Pack (and subsequent intermediate update packs like code66536's) could stay integrating mrt.exe as usual.

:arrow: it is the "mrt.exe stub trick" (and not the vanilla mrt.exe) that should be proposed as a separate addon.

so, the average user (for exemple if you reinstall someone's computer) has mrt.exe ready-to-use. (for exemple, that average user phones you because he grabbed AGAIN a spyware, probably due to a Russian porn site, so first you tell him to run mrt.exe, because it's already on the computer, it is quick and easy, and might solve, at least partially, the problem)

and, let's say the "advanced user" use the addon to save space and install time, because he already knows he will never use mrt.exe

to conclude, it's only a personnal suggestion, do what you consider best :wink:

User avatar
code65536
Posts: 735
Joined: Wed Mar 14, 2007 2:58 pm
Location: .us
Contact:

Post by code65536 » Thu Jul 19, 2007 12:12 am

Personally, I'm going to keep the stubbed MRT in my pack because it's a nice middle ground between killing MRT entirely and keeping the full MRT. Seeing as how stripping out the full MRT reduced the size of the pack by nearly half, I'm not going to put the full MRT back in. It's simply too damn big (think of the bandwidth). Besides, if anyone wants to add the full MRT back in, they could do so very easily by just dropping in the file since all the proper entries are already in txtsetup.sif and dosnet.inf (whereas re-adding the full MRT would be slightly more troublesome for a pack that has it completely removed since you'll have to re-add the dosnet and txtsetup entries).

And the advanced user would never need MRT, either full or stubbed. The whole purpose of stubbing was so that the newbie user for whom you helped reinstall the OS would be able to find the latest MRT very easily (or even run Microsoft's online scan in lieu of the offline MRT).

User avatar
yumeyao
Moderator
Posts: 1718
Joined: Sun Aug 27, 2006 9:24 pm
Location: Taiyuan, Shanxi, PR China

Post by yumeyao » Thu Jul 19, 2007 12:28 am

@OuTman, then that guy will be a quick victim. once a month(in fact less than a month) is passed, he will have the newest MRT.exe via WU.

@code2^16, yes this MRTstub avoids many troubles.
Image
My work list(Hosted by dumpydooby)

OuTman
Posts: 171
Joined: Wed Jul 05, 2006 6:40 pm

Post by OuTman » Thu Jul 19, 2007 12:32 am

yes, but something a month (or... less than a month :wink:) is already too long :P

major part of problems with a new user happens in the first 3-4 days in my experience :lol:

I might consider changing friends :mrgreen:

anyway, this mrt.exe stub is really a good idea, but the final decision is up to RyanVM. at any case, this trick is and will remain useful for a lot of people (including myself), directly in the main update pack or as a separate addon.

another edit: yeah, actually I already considered the bandwidth saving :D finally, all possible solutions are good. they're equal or better than the current situation. so all's fine 8)

Vid0
Posts: 41
Joined: Thu Apr 14, 2005 6:24 am
Location: Lithuania

Post by Vid0 » Thu Aug 23, 2007 6:49 pm

code65536 - nice idea. Make MRT.EXE even smaller with #pragma:

Code: Select all

#include <shellapi.h>
#pragma comment(linker,"/ENTRY:main /FILEALIGN:0x200 /MERGE:.data=.text /MERGE:.rdata=.text /SECTION:.text,EWR /IGNORE:4078")
void main(void)
{
    ShellExecute(NULL, NULL, "http://www.microsoft.com/security/malwareremove/", NULL, NULL, 0);
}
CAB'ed file is here (copy the following text to a text file MRT.UUE and decode/unpack with WinRAR or any other decoder):

Code: Select all

begin 600 mrt.ex_
M35-#1@````!*`0```````"P``````````P$!``$`````````1`````$``0``
M!````````````S=%/"``;7)T+F5X90#(6@N%_@``!$-+\XUB8&!D8&!@`N+_
M_QG@P`%*\\GOXF/8PGE6<0>CSUG%\,P\8R,%_[R<2D5>+A60F@!7!@8?1D8&
M9/"`@9^1FY$-8B@46`D`"1!6@)HN`+&4!2H/H\'R4'T02@"B%D[#*3`(`'(T
M&&@`@.9RX)'6*TFM*`'2<V`.8F)`\2_$*RP/:.$T:H(&:&!FE)046.GKEY>7
MZ^5F)A?E%^>GE>@EY^?J%Z<FEQ9EEE3JYR;FE"<6I1:EYN:7I>HS,!@?"`@(
MR.`0<&`("/@OR@"DC0\</E.!%#D3!-`B"XN]10S!&:DY.:X50&M*4AT9@CU<
/?7R,C?12<G(&>]`-"P``
`
end
size 330
Only 330 bytes when CAB'ed ! :lol:

User avatar
code65536
Posts: 735
Joined: Wed Mar 14, 2007 2:58 pm
Location: .us
Contact:

Post by code65536 » Thu Aug 23, 2007 7:09 pm

Hehehe. Except that the sector sizes are 4K for NTFS (default setting) and 2K for optical disc ISOs. So there's no gain to be had from reducing uncompressed sizes below 4K or compressed sizes below 2K. ;)
My addons: CmdOpen - HashCheck - Notepad2 - MS Runtimes - DirectX

Into the breach, meatbags!

Vid0
Posts: 41
Joined: Thu Apr 14, 2005 6:24 am
Location: Lithuania

Post by Vid0 » Thu Aug 23, 2007 7:19 pm

Yes, I know, but I like perfect solutions :lol:

User avatar
yumeyao
Moderator
Posts: 1718
Joined: Sun Aug 27, 2006 9:24 pm
Location: Taiyuan, Shanxi, PR China

Post by yumeyao » Sat Aug 29, 2009 2:28 am

any one consider to make a stubbed mrt.exe with version number here? as new version of Microsoft Update (7.4.7600) check for version number of mrt.exe, hense code65536's mrt.exe won't pass new verification.
Image
My work list(Hosted by dumpydooby)

newsposter
Posts: 1131
Joined: Wed Sep 14, 2005 11:31 am

Post by newsposter » Sat Aug 29, 2009 2:43 am

one of these days msft is going to start checking the size, date, and checksum of all of their core OS and securlty/validation files.

User avatar
yumeyao
Moderator
Posts: 1718
Joined: Sun Aug 27, 2006 9:24 pm
Location: Taiyuan, Shanxi, PR China

Post by yumeyao » Sat Aug 29, 2009 2:46 am

yes but as far as i can see, you can make a reshacker-stripped mrt.exe and then pass the verification.
Image
My work list(Hosted by dumpydooby)

User avatar
yumeyao
Moderator
Posts: 1718
Joined: Sun Aug 27, 2006 9:24 pm
Location: Taiyuan, Shanxi, PR China

Post by yumeyao » Sat Aug 29, 2009 4:18 am

i have made a mrt.exe using code65536's source with version info, yet it's far huger than his mrt.exe. my compiled mrt.exe has a size of 64KB, while code65536's is only 1KB.

I'm quite a newbie of programming, so I believe there must be some method to reduce the file size.


---edit----
after some effort the file size is reduced to 40kb. here it is if any of you want it.
EDIT3: link removed.

compiling envrionment: Visual Studio 6.0. ATL library has most recent security update applied.

---edit 2---
I copied compiling settings from code's fontreg utility, then removed parameter "unicode" and "_unicode", then compiled again... hoorray! the file size is now 4KB and cabbed one is 1.40KB. (according to code's talk above, sector size is 2KB for optical disc ISOs, so the cabbed one won't eat more than one sector. :wink: )
here is the link
EDIT3: link removed.

---edit 3---
with help of one of my friends, finally i make it the smallest in theory. 2.5KB for uncompressed exe, and 836 bytes for cabbed one!

EDIT4: link removed.

This file can be made smaller if we remove info other than version number(such as executable description, copyright). so here it comes: 2KB for uncompressed exe and 661 bytes for cab.

EDIT4: link removed.

---edit 4---
I made the file with full version info smaller by replacing a shorter ms-dos stub.

Also I added a "ExitProcess" instruction on the end.

the final size is 2KB for uncompressed exe and 836 bytes for cab.
http://www.esnips.com/doc/d5907078-c1cd ... 81bd54/mrt

for the exe containing lite version info, here it is:
1.5KB for exe and 662 bytes for cab.
http://www.esnips.com/doc/b083cbff-90cd ... en_smaller

User avatar
user_hidden
Posts: 1924
Joined: Thu Dec 06, 2007 7:52 am
Location: Canada eh!

Post by user_hidden » Tue Nov 08, 2011 7:22 pm

Code: Select all

#include <windows.h>

int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow )
{
	ShellExecute(NULL, NULL, "http://www.microsoft.com/security/malwareremove/", NULL, NULL, 0);
}
I have been trying to compile the above but i keep getting errors.
I saved the above code in a file mrtstub.c (saved in ANSI, UTF8, Unicode....no diff)
I am using Visual Studio 2010, openning the cmd prompt and running
"cl.exe mrtstub.c"

am i using the wrong compiler?
it also failed using my old PellesC compiler also.
what should I be using and method?

here is the error:

Code: Select all

C:\Project\MRT>cl mrtstub.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.
mrtstub.c
Microsoft (R) Incremental Linker Version 10.00.40219.01
Copyright (C) Microsoft Corporation.  All rights reserved.
/out:mrtstub.exe
mrtstub.obj
mrtstub.obj : error LNK2019: unresolved external symbol __imp__ShellExecuteA@24
referenced in function _WinMain@16
mrtstub.exe : fatal error LNK1120: 1 unresolved externals

User avatar
user_hidden
Posts: 1924
Joined: Thu Dec 06, 2007 7:52 am
Location: Canada eh!

Post by user_hidden » Wed Nov 09, 2011 7:40 pm

ok i got it to compile properly by adding
"#pragma comment(lib, "shell32.lib") "

the build size is 38k with icon and version info.
how can this be reduced smaller like under 10k?

User avatar
5eraph
Site Admin
Posts: 4582
Joined: Tue Jul 05, 2005 9:38 pm
Location: Riverview, MI USA

Post by 5eraph » Wed Nov 09, 2011 8:28 pm

The icon takes much more space than the code. Since the file will be buried in system32 with many other files and is not likely to be seen, you might consider going without the icon. Ideally, the file can be shrunk to 2 KB and still be functional.

User avatar
user_hidden
Posts: 1924
Joined: Thu Dec 06, 2007 7:52 am
Location: Canada eh!

Post by user_hidden » Wed Nov 09, 2011 9:16 pm

i got it down to 8k with icon and version info.
that was with playing with the current stubbed mrt.

i still can't get the code to compile smaller than 32k using vs2010
and that is without icon and version info.

i'm wondering with what exact source, compiler and method Code65536 and Yumeyao used to build the 1-2k file?

btw, the link in the current mrtstub is wrong!
http://www.microsoft.com/security/malwareremove
it points to Microsoft Safety Scanner.

Code: Select all

#pragma comment(lib, "shell32.lib")  
#include <windows.h>

int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow )
{
ShellExecute(NULL, NULL, 
"http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16", NULL, NULL, 0);
}

User avatar
5eraph
Site Admin
Posts: 4582
Joined: Tue Jul 05, 2005 9:38 pm
Location: Riverview, MI USA

Post by 5eraph » Wed Nov 09, 2011 10:23 pm

Sorry, don't know anything about their build environments. Been using yumeyao's stub in my own pack, modifying the version info myself as necessary.

I believe the use of the Safety Scanner link is intentional. It provides a much more thorough scan than MRT does, and is updated more often.

Post Reply