|Initial release||May 26, 1998|
|Stable release||3.09.1 / September 30, 2013|
|Written in||C++, Assembly|
|Operating system||Microsoft Windows, Linux, Mac OS X, MS-DOS, Atari|
|Platform||i386, MIPS, AMD64, ARM, PowerPC, m68k|
|License||GPL with exception for compressed executables|
UCL has been designed to be simple enough that a decompressor can be implemented in just a few hundred bytes of code. UCL requires no additional memory to be allocated for decompression, a considerable advantage that means that a UPX packed executable usually requires no additional memory.
UPX (since 2.90 beta) can use LZMA on most platforms; however, this is disabled by default for 16-bit due to slow decompression speed on older computers (use
--lzma to force it on).
UPX supports two mechanisms for decompression: an in-place technique and extraction to temporary file.
The in-place technique, which decompresses the executable into memory, is not possible on all supported platforms. The rest use extraction to temporary file. This procedure involves additional overhead and other disadvantages; however, it allows any executable file format to be packed. The executable is extracted to a temporary location, and then
open() is used to obtain a file descriptor.
Once a file descriptor is obtained, the temporary file can be
unlink()ed, the stub then uses
execve() on the file handle (via
/proc) to overwrite the stub with the executable image of the temporary file.
The extraction to temporary file method has several disadvantages:
- special permissions are ignored, such as suid.
argvwill not be meaningful.[clarification needed]
- applications will be unable to share common segments.
Unmodified UPX packing is often detected and unpacked by antivirus software scanners. UPX also has a built-in feature for unpacking unmodified executables packed with itself. The default license for the existing stubs explicitly forbids modification that prevent manual unpacking / repacking with newer UPX versions. Most antivirus products will raise an alarm when UPX header is detected.
- Linux/i386 a.out
- Linux/ELF on i386, x86-64, ARM, PowerPC
- Linux/kernel on i386, x86-64 and ARM
- Mach-O/ppc32, Mach-O/i386 (even produced by Google Go since 3.09)
- Windows/PE exe files containing native x86 (32-Bit) code
- Windows/PE exe files containing native AMD64 (64-Bit) code - still experimental
- UPX on SourceForge.net
- UPX at Freecode
- UPX 64bit compiled Version on SourceForge.net (upx308w-x64-dev.zip)