MRT.EXE - reduce size
MRT.EXE - reduce size
Save some more space: mrt.ex_ from 7.01 MB to 3 KB.
Open mrt.exe with reshacker, remove all resources except Version Info & save.
mrt.exe = 6 KB
mrt.ex_ = 3 KB
It passes MU with no Microsoft Windows Malicious Software Removal Tool required.
Open mrt.exe with reshacker, remove all resources except Version Info & save.
mrt.exe = 6 KB
mrt.ex_ = 3 KB
It passes MU with no Microsoft Windows Malicious Software Removal Tool required.
-
- Posts: 14
- Joined: Sat Jul 01, 2006 6:55 pm
Deleting resources is tedious. Here's a ResHacker script to remove all resources from MRT.exe except the VERSIONINFO resource for language 1033.
Code: Select all
[FILENAMES]
Exe= MRT.exe
SaveAs= MRT_new.exe
Log= MRT_new.log
[COMMANDS]
-delete BITMAP,,
-delete DIALOG,,
-delete ICONGROUP,,
-delete RCDATA,,
-delete RT_RCDATA,,
-delete STRINGTABLE,,
-delete 24,,
-delete VERSIONINFO,,1025
-delete VERSIONINFO,,1028
-delete VERSIONINFO,,1029
-delete VERSIONINFO,,1030
-delete VERSIONINFO,,1031
-delete VERSIONINFO,,1032
//-delete VERSIONINFO,,1033
-delete VERSIONINFO,,1035
-delete VERSIONINFO,,1036
-delete VERSIONINFO,,1037
-delete VERSIONINFO,,1038
-delete VERSIONINFO,,1040
-delete VERSIONINFO,,1041
-delete VERSIONINFO,,1042
-delete VERSIONINFO,,1043
-delete VERSIONINFO,,1044
-delete VERSIONINFO,,1045
-delete VERSIONINFO,,1046
-delete VERSIONINFO,,1049
-delete VERSIONINFO,,1053
-delete VERSIONINFO,,1055
-delete VERSIONINFO,,2052
-delete VERSIONINFO,,2070
-delete VERSIONINFO,,3082
-
- Posts: 1131
- Joined: Wed Sep 14, 2005 11:31 am
I hate to be a party poper but, in the past and maybe in the future MU checked for the presence of mrt.exe. At least for now it doesn`t, so you can leave it out alltegether.
As long as you`ve got these reg entries (and the version value is up to date) MU won`t miss it one bit.
As long as you`ve got these reg entries (and the version value is up to date) MU won`t miss it one bit.
Code: Select all
HKLM,"SOFTWARE\Microsoft\RemovalTools\MRT","EULA",0x10001,1
HKLM,"SOFTWARE\Microsoft\RemovalTools\MRT","Version",,"4AD02E69-ACFE-475C-9106-8FB3D3695CF8"
That's good to hear. Thanks for the heads-up, Xable 

Get up to $200 off on hosting from the same people who host this website!
http://www.ryanvm.net/forum/viewtopic.php?t=2357
http://www.ryanvm.net/forum/viewtopic.php?t=2357
The actual conext is "reshacker.exe -script 1.spt" without quotesyumeyao wrote:how to use this script?HiDefHusker wrote:Deleting resources is tedious. Here's a ResHacker script to remove all resources from MRT.exe except the VERSIONINFO resource for language 1033.
save it to 1.spt
then...... put it to the same folder as MRT.exe
then run "reshacker.exe 1.spt"?
You Can't Get, If You Won't Give
YCGIYWG
YCGIYWG
I'd personally prefer leaving a stub that would direct the user to the download page for the MRT. Sure, it's one extra file compared to the leave-it-out method, but useful in case some newbie had been instructed to do Start > Run > "mrt" (I've told someone to do that before). It's easier to do than all that reshacking, anyway (which leaves a file that does nothing). Just one line...
And for people without a C compiler: mrt_stub.7z (smaller than an ISO sector
)
Code: Select all
#include <windows.h>
int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow )
{
ShellExecute(NULL, NULL, "http://www.microsoft.com/security/malwareremove/", NULL, NULL, 0);
}

Last edited by code65536 on Sun Aug 26, 2007 11:40 pm, edited 4 times in total.
nonono you misunderstood me ^^
(I've NEVER run mrt.exe, simply because I never needed it.)
what I said, is that RyanVM Update Pack (and subsequent intermediate update packs like code66536's) could stay integrating mrt.exe as usual.
it is the "mrt.exe stub trick" (and not the vanilla mrt.exe) that should be proposed as a separate addon.
so, the average user (for exemple if you reinstall someone's computer) has mrt.exe ready-to-use. (for exemple, that average user phones you because he grabbed AGAIN a spyware, probably due to a Russian porn site, so first you tell him to run mrt.exe, because it's already on the computer, it is quick and easy, and might solve, at least partially, the problem)
and, let's say the "advanced user" use the addon to save space and install time, because he already knows he will never use mrt.exe
to conclude, it's only a personnal suggestion, do what you consider best
(I've NEVER run mrt.exe, simply because I never needed it.)
what I said, is that RyanVM Update Pack (and subsequent intermediate update packs like code66536's) could stay integrating mrt.exe as usual.

so, the average user (for exemple if you reinstall someone's computer) has mrt.exe ready-to-use. (for exemple, that average user phones you because he grabbed AGAIN a spyware, probably due to a Russian porn site, so first you tell him to run mrt.exe, because it's already on the computer, it is quick and easy, and might solve, at least partially, the problem)
and, let's say the "advanced user" use the addon to save space and install time, because he already knows he will never use mrt.exe
to conclude, it's only a personnal suggestion, do what you consider best

Personally, I'm going to keep the stubbed MRT in my pack because it's a nice middle ground between killing MRT entirely and keeping the full MRT. Seeing as how stripping out the full MRT reduced the size of the pack by nearly half, I'm not going to put the full MRT back in. It's simply too damn big (think of the bandwidth). Besides, if anyone wants to add the full MRT back in, they could do so very easily by just dropping in the file since all the proper entries are already in txtsetup.sif and dosnet.inf (whereas re-adding the full MRT would be slightly more troublesome for a pack that has it completely removed since you'll have to re-add the dosnet and txtsetup entries).
And the advanced user would never need MRT, either full or stubbed. The whole purpose of stubbing was so that the newbie user for whom you helped reinstall the OS would be able to find the latest MRT very easily (or even run Microsoft's online scan in lieu of the offline MRT).
And the advanced user would never need MRT, either full or stubbed. The whole purpose of stubbing was so that the newbie user for whom you helped reinstall the OS would be able to find the latest MRT very easily (or even run Microsoft's online scan in lieu of the offline MRT).
yes, but something a month (or... less than a month
) is already too long 
major part of problems with a new user happens in the first 3-4 days in my experience
I might consider changing friends
anyway, this mrt.exe stub is really a good idea, but the final decision is up to RyanVM. at any case, this trick is and will remain useful for a lot of people (including myself), directly in the main update pack or as a separate addon.
another edit: yeah, actually I already considered the bandwidth saving
finally, all possible solutions are good. they're equal or better than the current situation. so all's fine 


major part of problems with a new user happens in the first 3-4 days in my experience

I might consider changing friends

anyway, this mrt.exe stub is really a good idea, but the final decision is up to RyanVM. at any case, this trick is and will remain useful for a lot of people (including myself), directly in the main update pack or as a separate addon.
another edit: yeah, actually I already considered the bandwidth saving


code65536 - nice idea. Make MRT.EXE even smaller with #pragma:
CAB'ed file is here (copy the following text to a text file MRT.UUE and decode/unpack with WinRAR or any other decoder):
Only 330 bytes when CAB'ed ! 
Code: Select all
#include <shellapi.h>
#pragma comment(linker,"/ENTRY:main /FILEALIGN:0x200 /MERGE:.data=.text /MERGE:.rdata=.text /SECTION:.text,EWR /IGNORE:4078")
void main(void)
{
ShellExecute(NULL, NULL, "http://www.microsoft.com/security/malwareremove/", NULL, NULL, 0);
}
Code: Select all
begin 600 mrt.ex_
M35-#1@````!*`0```````"P``````````P$!``$`````````1`````$``0``
M!````````````S=%/"``;7)T+F5X90#(6@N%_@``!$-+\XUB8&!D8&!@`N+_
M_QG@P`%*\\GOXF/8PGE6<0>CSUG%\,P\8R,%_[R<2D5>+A60F@!7!@8?1D8&
M9/"`@9^1FY$-8B@46`D`"1!6@)HN`+&4!2H/H\'R4'T02@"B%D[#*3`(`'(T
M&&@`@.9RX)'6*TFM*`'2<V`.8F)`\2_$*RP/:.$T:H(&:&!FE)046.GKEY>7
MZ^5F)A?E%^>GE>@EY^?J%Z<FEQ9EEE3JYR;FE"<6I1:EYN:7I>HS,!@?"`@(
MR.`0<&`("/@OR@"DC0\</E.!%#D3!-`B"XN]10S!&:DY.:X50&M*4AT9@CU<
/?7R,C?12<G(&>]`-"P``
`
end
size 330

-
- Posts: 1131
- Joined: Wed Sep 14, 2005 11:31 am
i have made a mrt.exe using code65536's source with version info, yet it's far huger than his mrt.exe. my compiled mrt.exe has a size of 64KB, while code65536's is only 1KB.
I'm quite a newbie of programming, so I believe there must be some method to reduce the file size.
---edit----
after some effort the file size is reduced to 40kb. here it is if any of you want it.
EDIT3: link removed.
compiling envrionment: Visual Studio 6.0. ATL library has most recent security update applied.
---edit 2---
I copied compiling settings from code's fontreg utility, then removed parameter "unicode" and "_unicode", then compiled again... hoorray! the file size is now 4KB and cabbed one is 1.40KB. (according to code's talk above, sector size is 2KB for optical disc ISOs, so the cabbed one won't eat more than one sector.
)
here is the link
EDIT3: link removed.
---edit 3---
with help of one of my friends, finally i make it the smallest in theory. 2.5KB for uncompressed exe, and 836 bytes for cabbed one!
EDIT4: link removed.
This file can be made smaller if we remove info other than version number(such as executable description, copyright). so here it comes: 2KB for uncompressed exe and 661 bytes for cab.
EDIT4: link removed.
---edit 4---
I made the file with full version info smaller by replacing a shorter ms-dos stub.
Also I added a "ExitProcess" instruction on the end.
the final size is 2KB for uncompressed exe and 836 bytes for cab.
http://www.esnips.com/doc/d5907078-c1cd ... 81bd54/mrt
for the exe containing lite version info, here it is:
1.5KB for exe and 662 bytes for cab.
http://www.esnips.com/doc/b083cbff-90cd ... en_smaller
I'm quite a newbie of programming, so I believe there must be some method to reduce the file size.
---edit----
after some effort the file size is reduced to 40kb. here it is if any of you want it.
EDIT3: link removed.
compiling envrionment: Visual Studio 6.0. ATL library has most recent security update applied.
---edit 2---
I copied compiling settings from code's fontreg utility, then removed parameter "unicode" and "_unicode", then compiled again... hoorray! the file size is now 4KB and cabbed one is 1.40KB. (according to code's talk above, sector size is 2KB for optical disc ISOs, so the cabbed one won't eat more than one sector.

here is the link
EDIT3: link removed.
---edit 3---
with help of one of my friends, finally i make it the smallest in theory. 2.5KB for uncompressed exe, and 836 bytes for cabbed one!
EDIT4: link removed.
This file can be made smaller if we remove info other than version number(such as executable description, copyright). so here it comes: 2KB for uncompressed exe and 661 bytes for cab.
EDIT4: link removed.
---edit 4---
I made the file with full version info smaller by replacing a shorter ms-dos stub.
Also I added a "ExitProcess" instruction on the end.
the final size is 2KB for uncompressed exe and 836 bytes for cab.
http://www.esnips.com/doc/d5907078-c1cd ... 81bd54/mrt
for the exe containing lite version info, here it is:
1.5KB for exe and 662 bytes for cab.
http://www.esnips.com/doc/b083cbff-90cd ... en_smaller
- user_hidden
- Posts: 1924
- Joined: Thu Dec 06, 2007 7:52 am
- Location: Canada eh!
Code: Select all
#include <windows.h>
int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow )
{
ShellExecute(NULL, NULL, "http://www.microsoft.com/security/malwareremove/", NULL, NULL, 0);
}
I saved the above code in a file mrtstub.c (saved in ANSI, UTF8, Unicode....no diff)
I am using Visual Studio 2010, openning the cmd prompt and running
"cl.exe mrtstub.c"
am i using the wrong compiler?
it also failed using my old PellesC compiler also.
what should I be using and method?
here is the error:
Code: Select all
C:\Project\MRT>cl mrtstub.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation. All rights reserved.
mrtstub.c
Microsoft (R) Incremental Linker Version 10.00.40219.01
Copyright (C) Microsoft Corporation. All rights reserved.
/out:mrtstub.exe
mrtstub.obj
mrtstub.obj : error LNK2019: unresolved external symbol __imp__ShellExecuteA@24
referenced in function _WinMain@16
mrtstub.exe : fatal error LNK1120: 1 unresolved externals
- user_hidden
- Posts: 1924
- Joined: Thu Dec 06, 2007 7:52 am
- Location: Canada eh!
- user_hidden
- Posts: 1924
- Joined: Thu Dec 06, 2007 7:52 am
- Location: Canada eh!
i got it down to 8k with icon and version info.
that was with playing with the current stubbed mrt.
i still can't get the code to compile smaller than 32k using vs2010
and that is without icon and version info.
i'm wondering with what exact source, compiler and method Code65536 and Yumeyao used to build the 1-2k file?
btw, the link in the current mrtstub is wrong!
http://www.microsoft.com/security/malwareremove
it points to Microsoft Safety Scanner.
that was with playing with the current stubbed mrt.
i still can't get the code to compile smaller than 32k using vs2010
and that is without icon and version info.
i'm wondering with what exact source, compiler and method Code65536 and Yumeyao used to build the 1-2k file?
btw, the link in the current mrtstub is wrong!
http://www.microsoft.com/security/malwareremove
it points to Microsoft Safety Scanner.
Code: Select all
#pragma comment(lib, "shell32.lib")
#include <windows.h>
int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow )
{
ShellExecute(NULL, NULL,
"http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16", NULL, NULL, 0);
}