|Initial release||May 26, 1998|
|Stable release||3.09.1 (aka. 3.91) / September 30, 2013|
|Written in||C++, Assembly|
|Operating system||Microsoft Windows, Linux, Mac OS X, MS-DOS, Atari|
|Platform||i386, MIPS, AMD64, ARM, PowerPC, m68k|
|License||GPL with exception for compressed executables|
UCL has been designed to be simple enough that a decompressor can be implemented in just a few hundred bytes of code. UCL requires no additional memory to be allocated for decompression, a considerable advantage that means that a UPX packed executable usually requires no additional memory.
UPX (since 2.90 beta) can use LZMA on most platforms; however, this is disabled by default for 16-bit due to slow decompression speed on older computers (use
--lzma to force it on).
UPX supports two mechanisms for decompression: an in-place technique and extraction to temporary file.
The in-place technique, which decompresses the executable into memory, is not possible on all supported platforms. The rest use extraction to temporary file. This procedure involves additional overhead and other disadvantages; however, it allows any executable file format to be packed. The executable is extracted to a temporary location, and then
open() is used to obtain a file descriptor.
Once a file descriptor is obtained, the temporary file can be
unlink()ed, the stub then uses
execve() on the file handle (via
/proc) to overwrite the stub with the executable image of the temporary file.
The extraction to temporary file method has several disadvantages:
- special permissions are ignored, such as suid.
argvwill not be meaningful.
- applications will be unable to share common segments.
Unmodified UPX packing is often detected and unpacked by antivirus software scanners. UPX also has a built-in feature for unpacking unmodified executables packed with itself. The default license for the existing stubs explicitly forbids modification that prevent manual unpacking. Most antivirus products will raise an alarm when UPX header is detected.
- Linux/i386 a.out
- Linux/ELF on i386, x86-64, ARM, PowerPC
- Linux/kernel on i386, x86-64 and ARM
- Mach-O/ppc32, Mach-O/i386 (even produced by Google Go since 3.09)
- Windows/PE exe files containing native x86 (32-Bit) code
- Windows/PE exe files containing native AMD64 (64-Bit) code - still experimental
- UPX on SourceForge.net
- UPX at Freecode
- UPX 64bit compiled Version on SourceForge.net (upx308w-x64-dev.zip)