From Wikipedia, the free encyclopedia
Jump to: navigation, search
For the rail link service with the reporting mark UPX, see Union Pearson Express.
Ultimate Packer for eXecutebles.png
Initial release May 26, 1998; 17 years ago (1998-05-26)
Stable release 3.09.1 (aka. 3.91) / September 30, 2013; 23 months ago (2013-09-30)
Written in C++, Assembly
Operating system Microsoft Windows, Linux, Mac OS X, MS-DOS, Atari
Platform i386, MIPS, AMD64, ARM, PowerPC, m68k
Available in English
Type Executable compression
License GPL with exception for compressed executables[1]
Website upx.sf.net

UPX (Ultimate Packer for Executables) is a free and open source executable packer supporting a number of file formats from different operating systems.


UPX uses a data compression algorithm called UCL,[2] which is an open source implementation of portions of the proprietary NRV (Not Really Vanished[3]) algorithm.[4]

UCL has been designed to be simple enough that a decompressor can be implemented in just a few hundred bytes of code. UCL requires no additional memory to be allocated for decompression, a considerable advantage that means that a UPX packed executable usually requires no additional memory.

UPX (since 2.90 beta) can use LZMA on most platforms; however, this is disabled by default for 16-bit due to slow decompression speed on older computers (use --lzma to force it on).

Starting with version 3.09.1, UPX also supports 64-Bit (x64) executable files on the Windows platform.[5] This feature is currently declared as experimental.


UPX supports two mechanisms for decompression: an in-place technique and extraction to temporary file.

The in-place technique, which decompresses the executable into memory, is not possible on all supported platforms. The rest use extraction to temporary file. This procedure involves additional overhead and other disadvantages; however, it allows any executable file format to be packed.

The extraction to temporary file method has several disadvantages:

  • Special permissions are ignored, such as suid.
  • argv[0] will not be meaningful.
  • Multiple running instances of the executable are unable to share common segments.

Unmodified UPX packing is often detected and unpacked by antivirus software scanners. UPX also has a built-in feature for unpacking unmodified executables packed with itself. The default license for the existing stubs explicitly forbids modification that prevent manual unpacking.[6] Most antivirus products will raise an alarm when UPX header is detected.[citation needed]

Supported formats[edit]

UPX does not currently support PE files containing CIL code intended to run on the .NET Framework.


External links[edit]