UPX

This article is about the computer software UPX. For the private for-profit institution of higher learning with the same abbreviation, see University of Phoenix.

UPX
the Ultimate Packer for eXecutables

Initial release	May 26, 1998
Stable release	3.08 / December 12, 2011; 2 months ago (2011-12-12)
Written in	C++, Assembly
Operating system	Windows, Linux, Mac OS X, DOS, Atari
Platform	i386, MIPS, AMD64, ARM, PPC, m68k
Available in	English
Type	Executable compression
License	GPL with exception for compressed executables[1]
Website	upx.sf.net

UPX, the Ultimate Packer for eXecutables, is a free and open source executable packer supporting a number of file formats from different operating systems.

Compression

UPX uses a compression algorithm called UCL, which is an open source implementation of portions of the proprietary NRV—Not Really Vanished—algorithm.

UCL has been designed to be simple enough that a decompressor can be implemented in just a few hundred bytes of code. UCL requires no additional memory to be allocated for decompression, a considerable advantage that means that a UPX packed executable usually requires no additional memory.

UPX (since 2.90 beta) can use LZMA on most platforms; however, this is disabled by default for 16-bit due to slow decompression speed on older computers (use --lzma to force it on).

Decompression

UPX supports two mechanisms for decompression - an in-place technique and extraction to temporary file.

The in-place technique, which decompresses the executable into memory, is not possible on all supported platforms. The rest use extraction to temporary file. This procedure involves additional overhead and other disadvantages; however, it allows any executable file format to be packed. The executable is extracted to a temporary location, and then open() is used to obtain a file descriptor.

Once a file descriptor is obtained, the temporary file can be unlink()ed, the stub then uses execve() on the file handle (via /proc) to overwrite the stub with the executable image of the temporary file.

The extraction to temporary file method has several disadvantages:

• special permissions are ignored, such as suid.
• argv[0] will not be meaningful.
• applications will be unable to share common segments.

Unmodified UPX packing is often detected and unpacked by anti-virus scanners. UPX also has a built-in feature for unpacking unmodified executables packed with itself. The default license for the existing stubs explicitly forbids modification that prevent manual unpacking / repacking with newer UPX versions.

Supported formats

• ARM/PE
• Atari/tos
• *BSD/i386
• djgpp2/COFF
• dos/com
• dos/exe
• dos/sys
• Linux/i386 a.out
• Linux/ELF on i386, x86-64, ARM, PowerPC
• Linux/kernel on i386, x86-64 and ARM
• Mach-O/ppc32, Mach-O/i386 (except produced by Google Go)
• rtm32/PE
• tmt/adam
• PlayStation1/exe
• Watcom/le
• Win32/PE (excluding files built using the .NET Framework)

References

1. http://upx.sourceforge.net/upx-license.html

External links

Free software portal

• UPX at SourceForge.net
• UPX at Freecode