UPX

This article is about the computer software. For the university with the same abbreviation, see University of Phoenix.

UPX

Initial release	May 26, 1998
Stable release	3.09 / February 18, 2013 (2013-02-18)
Written in	C++, Assembly
Operating system	Microsoft Windows, Linux, Mac OS X, MS-DOS, Atari
Platform	i386, MIPS, AMD64, ARM, PowerPC, m68k
Available in	English
Type	Executable compression
License	GPL with exception for compressed executables[1]
Website	upx.sf.net

UPX (ultimate packer for executables) is a free and open source executable packer supporting a number of file formats from different operating systems.

Compression

UPX uses a data compression algorithm called UCL,^[2] which is an open source implementation of portions of the proprietary NRV (Not Really Vanished^[3]) algorithm.^[4]

UCL has been designed to be simple enough that a decompressor can be implemented in just a few hundred bytes of code. UCL requires no additional memory to be allocated for decompression, a considerable advantage that means that a UPX packed executable usually requires no additional memory.

UPX (since 2.90 beta) can use LZMA on most platforms; however, this is disabled by default for 16-bit due to slow decompression speed on older computers (use --lzma to force it on).

Decompression

UPX supports two mechanisms for decompression: an in-place technique and extraction to temporary file.

The in-place technique, which decompresses the executable into memory, is not possible on all supported platforms. The rest use extraction to temporary file. This procedure involves additional overhead and other disadvantages; however, it allows any executable file format to be packed. The executable is extracted to a temporary location, and then open() is used to obtain a file descriptor.

Once a file descriptor is obtained, the temporary file can be unlink()ed, the stub then uses execve() on the file handle (via /proc) to overwrite the stub with the executable image of the temporary file.

The extraction to temporary file method has several disadvantages:

• special permissions are ignored, such as suid.
• argv[0] will not be meaningful.^{[clarification needed]}
• applications will be unable to share common segments.

Unmodified UPX packing is often detected and unpacked by antivirus software scanners. UPX also has a built-in feature for unpacking unmodified executables packed with itself. The default license for the existing stubs explicitly forbids modification that prevent manual unpacking / repacking with newer UPX versions.^{[citation needed]}

Supported formats

• ARM/PE
• Atari/tos
• *BSD/i386
• djgpp2/COFF
• dos/com
• dos/exe
• dos/sys
• Linux/i386 a.out
• Linux/ELF on i386, x86-64, ARM, PowerPC
• Linux/kernel on i386, x86-64 and ARM
• Mach-O/ppc32, Mach-O/i386 (even produced by Google Go since 3.09)
• rtm32/PE
• tmt/adam
• PlayStation1/exe
• Watcom/le
• Win32/PE (excluding files built using the .NET Framework)

References

1. http://upx.sourceforge.net/upx-license.html
2. http://www.oberhumer.com/opensource/ucl/
3. http://www.oberhumer.com/products/nrv/
4. http://upx.hg.sourceforge.net/hgweb/upx/upx/file/5d434f4a3fe7/README.SRC

External links

Free software portal

• UPX on SourceForge.net
• UPX at Freecode