UPX
From Wikipedia, the free encyclopedia
| Initial release | May 26, 1998 |
|---|---|
| Stable release | 3.03 / April 27, 2008 |
| Written in | C++, Assembly |
| Operating system | Windows, Linux, DOS, Atari |
| Type | Executable compression |
| License | GPL |
| Website | upx.sf.net |
UPX, the Ultimate Packer for eXecutables, is a free and open source executable packer supporting a number of file formats from different operating systems.
Contents |
[edit] Compression
UPX uses a compression algorithm called UCL, which is an open source implementation of portions of the proprietary NRV - Not Really Vanished - algorithm.
UCL has been designed to be simple enough that a decompressor can be implemented in just a few hundred bytes of code. UCL requires no additional memory to be allocated for decompression, a considerable advantage that means that a UPX packed executable usually requires no additional memory.
UPX (since 2.90 beta) can use LZMA on most platforms; however, this is disabled by default for 16-bit due to slow decompression speed on older computers (use—lzma to force it on).
[edit] Decompression
UPX supports two mechanisms for decompression - an in-place technique and extraction to temporary file.
The in-place technique, which decompresses the executable into memory, is not possible on all supported platforms. The rest use extraction to temporary file. This procedure involves additional overhead and other disadvantages; however, it allows any executable file format to be packed. The executable is extracted to a temporary location, and then open() is used to obtain a file descriptor.
Once a file descriptor is obtained, the temporary file can be unlink()ed, the stub then uses execve() on the file handle (via /proc) to overwrite the stub with the executable image of the temporary file.
The extraction to temporary file method has several disadvantages:
- special permissions are ignored, such as suid.
- argv[0] will not be meaningful.
- applications will be unable to share common segments.
Unmodified UPX packing is often detected and unpacked by anti-virus scanners. UPX also has a built-in feature for unpacking unmodified executables packed with itself. The default license for the existing stubs explicitly forbids modification that prevent manual unpacking / repacking with newer UPX versions.
[edit] Supported formats
- ARM/pe
- atari/tos
- *BSD/i386
- djgpp2/coff
- dos/com
- dos/exe
- dos/sys
- linux/i386 a.out
- linux/ELF on i386, x86-64, ARM, powerpc
- linux/kernel on i386, x86-64 and ARM
- mach-o/ppc32, mach-o/i386
- rtm32/pe
- tmt/adam
- ps1/exe
- watcom/le
- win32/pe (excluding files built using the .NET Framework)
[edit] External links
- UPX: the Ultimate Packer for eXecutables
- UPX - a powerful executable packer at SourceForge.net
- UPX at Freshmeat
- Automatic UPX unpacker
|
|||||||||||||||||||||||||||||||||||||||||
