Executable compression is any means of compressing an

executable In computing, executable code, an executable file, or an executable program, sometimes simply referred to as an executable or binary, causes a computer "to perform indicated tasks according to encoded instruction (computer science), instructi ...

file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recreates the original code from the compressed code before executing it. In most cases this happens transparently so the compressed executable can be used in exactly the same way as the original. Executable compressors are often referred to as "runtime packers", "software packers", "software protectors" (or even " polymorphic packers" and " obfuscating tools"). A compressed executable can be considered a self-extracting archive, where a compressed executable is packaged along with the relevant decompression code in an executable file. Some compressed executables can be decompressed to reconstruct the original program file without being directly executed. Two programs that can be used to do this are CUP386 and UNP. Most compressed executables decompress the original code in memory and most require slightly more memory to run (because they need to store the decompressor code, the compressed data and the decompressed code). Moreover, some compressed executables have additional requirements, such as those that write the decompressed executable to the file system before executing it. Executable compression is not limited to binary executables, but can also be applied to scripts, such as

JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of Website, websites use JavaScript on the Client (computing), client side ...

. Because most scripting languages are designed to work on human-readable code, which has a high redundancy, compression can be very effective and as simple as replacing long names used to identify

variable Variable may refer to: * Variable (computer science), a symbolic name associated with a value and whose associated value may be changed * Variable (mathematics), a symbol that represents a quantity in a mathematical expression, as used in many ...

s and functions with shorter versions and/or removing white-space.

Advantages and disadvantages

Software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...

distributors use executable compression for a variety of reasons, primarily to reduce the

secondary storage Computer data storage is a technology consisting of computer components and recording media that are used to retain digital data. It is a core function and fundamental component of computers. The central processing unit (CPU) of a computer ...

requirements of their software; as executable compressors are specifically designed to compress executable code, they often achieve better

compression ratio The compression ratio is the ratio between the volume of the cylinder and combustion chamber in an internal combustion engine at their maximum and minimum values. A fundamental specification for such engines, it is measured two ways: the stati ...

than standard data compression facilities such as gzip,

zip Zip, Zips or ZIP may refer to: Common uses * ZIP Code, USPS postal code * Zipper or zip, clothing fastener Science and technology Computing * ZIP (file format), a compressed archive file format ** zip, a command-line program from Info-ZIP * Zi ...

or bzip2 . This allows software distributors to stay within the constraints of their chosen distribution media (such as

CD-ROM A CD-ROM (, compact disc read-only memory) is a type of read-only memory consisting of a pre-pressed optical compact disc that contains data. Computers can read—but not write or erase—CD-ROMs. Some CDs, called enhanced CDs, hold both comput ...

, DVD-ROM, or

floppy disk A floppy disk or floppy diskette (casually referred to as a floppy, or a diskette) is an obsolescent type of disk storage composed of a thin and flexible disk of a magnetic storage medium in a square or nearly square plastic enclosure lined w ...

), or to reduce the time and bandwidth customers require to access software distributed via the

Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...

. Executable compression is also frequently used to deter

reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...

or to obfuscate the contents of the executable (for example, to hide the presence of

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...

from antivirus scanners) by proprietary methods of compression and/or added

encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...

. Executable compression can be used to prevent direct disassembly, mask string literals and modify signatures. Although this does not eliminate the chance of reverse engineering, it can make the process more costly. A compressed executable requires less storage space in the file system, thus less time to transfer data from the file system into memory. On the other hand, it requires some time to decompress the data before execution begins. However, the speed of various storage media has not kept up with average processor speeds, so the storage is very often the bottleneck. Thus the compressed executable will load faster on most common systems. On modern desktop computers, this is rarely noticeable unless the executable is unusually big, so loading speed is not a primary reason for or against compressing an executable. On operating systems which page executable images on demand from the disk, compressed executables make this process less efficient. The decompressor stub allocates a block of memory to hold the decompressed data, which stays allocated as long as the executable stays loaded, whether it is used or not, competing for memory resources with other applications all along. If the operating system uses a swap file, the decompressed data has to be written to it to free up the memory instead of simply discarding unused data blocks and reloading them from the executable image if needed again. This is usually not noticeable, but it becomes a problem when an executable is loaded more than once at the same time—the operating system cannot reuse data blocks it has already loaded, the data has to be decompressed into a new memory block, and will be swapped out independently if not used. The additional storage and time requirements mean that it has to be weighed carefully whether to compress executables which are typically run more than once at the same time. Another disadvantage is that some utilities can no longer identify run-time library dependencies, as only the

statically linked A stand-alone program, also known as a freestanding program, is a computer program that does not load any external module, library function or program and that is designed to boot with the bootstrap procedure of the target processor – it runs o ...

extractor stub is visible. Also, some older

virus scanner Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the nam ...

s simply report all compressed executables as

virus A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Since Dmitri Ivanovsky's 1 ...

es because the decompressor stubs share some characteristics with those. Most modern virus scanners can unpack several different executable compression layers to check the actual executable inside, but some popular anti-virus and anti-malware scanners have had troubles with false positive alarms on compressed executables. In an attempt to solve the problem of

obfuscated with the help of runtime packers the

IEEE The Institute of Electrical and Electronics Engineers (IEEE) is a 501(c)(3) professional association for electronic engineering and electrical engineering (and associated disciplines) with its corporate office in New York City and its operation ...

Industry Connections Security Group {{no footnotes, date=June 2014 The Industry Connections Security Group (IEEE ICSG) is a global group of computer security entities (past and present members include: Anh Labs, AVG Technologies, AVG, Avira, ESET, F-Secure, K7 Computing, Kaspersky La ...

has introduced a

software taggant A software taggant is a cryptographic signature added to software that enables positive origin identification and integrity of programs. Software taggants use standard PKI techniques (see Public key infrastructure) and were introduced by the Industr ...

system. Executable compression used to be more popular when computers were limited to the storage capacity of

s, which were both slow and low capacity media, and small

hard drive A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating platters coated with magnet ...

s; it allowed the computer to store more software in the same amount of space, without the inconvenience of having to manually unpack an archive file every time the user wanted to use the software. However, executable compression has become less popular because of increased storage capacity on computers. It has its use in the demoscene where demos have to stay within a size limit, e.g. 64k intro. Only very sophisticated compression formats, which add to load time, keep an executable small enough to enter these competitions.

List of executable packers

CP/M and MSX-DOS executable

Known executable compressors for CP/M-80 /

MSX-DOS MSX-DOS is a discontinued disk operating system developed by Microsoft for the 8-bit home computer standard MSX, and is a cross between MS-DOS 1.25 and CP/M-80 2. MSX-DOS MSX-DOS and the extended BASIC with 3½-inch floppy disk support ...

.COM files A COM file is a type of simple executable file. On the Digital Equipment Corporation (DEC) VAX operating systems of the 1970s, .COM was used as a filename extension for text files containing commands to be issued to the operating system (simi ...

: * PMexe (since 1990, written by Yoshihiko Mino, PMARC.COM+PMEXE.CPM, signature "-pms-") * PopCom! (since 1992, written by Yoshihiko Mino, POPCOM.COM, signature "-pc1-")

DOS executable

Known executable compressors for DOS executable files (

.COM The domain name .com is a top-level domain (TLD) in the Domain Name System (DNS) of the Internet. Added at the beginning of 1985, its name is derived from the word ''commercial'', indicating its original intended purpose for domains registere ...

.EXE .exe is a common filename extension denoting an executable file (the main execution point of a computer program) for Microsoft Windows, OS/2, and DOS. File formats There are numerous file formats which may be used by a file with a extensi ...

): * Realia Spacemaker (since 1982, written by Robert B. K. Dewar, SM.COM, signature "MEMORY$") *

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...

EXEPACK (since 1985, written by Reuben Borman, EXEPACK.EXE, LINK.EXE /E EPACK signature "RB") * LZEXE (since 1989, written by

Fabrice Bellard Fabrice Bellard (; born 1972) is a French computer programmer known for writing FFmpeg, QEMU, and the Tiny C Compiler. He developed Bellard's formula for calculating single digits of pi. In 2012, Bellard co-founded Amarisoft, a telecommunication ...

, LZEXE.EXE) *

PKWare PKWARE, Inc. is an enterprise data protection software company that provides discovery, classification, masking and encryption solutions, along with data compression software, used by organizations in financial services, manufacturing, militar ...

PKLite (since 1990, written by

Phil Katz Phillip Walter Katz (November 3, 1962 – April 14, 2000) was a computer programmer best known as the co-creator of the Zip file format for data compression, and the author of PKZIP, a program for creating zip files that ran under DOS. A c ...

, PKLITE.EXE) * DIET (since 1991, written by Teddy Matsumoto, DIET.EXE) *

UPX UPX (Ultimate Packer for Executables) is a free and open source executable packer supporting a number of file formats from different operating systems. Compression UPX uses a data compression algorithm called UCL, which is an open-source im ...

(since 1998, written by Markus F. X. J. Oberhumer and László Molnár) * Knowledge Dynamics LZW Compressor

OS/2 executable

Known executable compressors under OS/2: * NeLite * LxLite

New Executable

Known executable compressors for New Executables: * PackWin * PKWare PKLite (from version 2.01) * WinLite

Portable Executable

Known executable compressors for Portable Executables: ''Note: Clients in purple are no longer in development.''

ELF files

Known executable compressors for ELF files: * gzexe (uses a

shell script A shell script is a computer program designed to be run by a Unix shell, a command-line interpreter. The various dialects of shell scripts are considered to be scripting languages. Typical operations performed by shell scripts include file manip ...

stub and gzip, works on most Unix-like systems) * HASP Envelope *

* 624 (for Linux/386)

CLI assembly files

Known executable compressors for CLI assembly files: * .NETZ * NsPack * Mpress * HASP Envelope * dotBundle * Exepack.NET * DotProtect: Commercial protector/packer for .net and mono. Features on-line verifications and "industry standard encryption".

Mac OS Classic application files

Known executable compressors for

Mac OS Classic Mac OS (originally System Software; retronym: Classic Mac OS) is the series of operating systems developed for the Macintosh family of personal computers by Apple Computer from 1984 to 2001, starting with System 1 and ending with Mac OS 9. The ...

application files: * Application VISE * StuffIt InstallerMaker

Mach-O (Apple Mac OS X) files

Known executable compressors for

Mach-O Mach-O, short for Mach object file format, is a file format for executables, object code, shared libraries, dynamically-loaded code, and core dumps. It was developed to replace the a.out format. Mach-O is used by some systems based on the M ...

(Apple Mac OS X) files: * HASP Envelope *

* VMProtect

Commodore 64 and VIC 20

Known executable compressors for executables on the

Commodore 64 The Commodore 64, also known as the C64, is an 8-bit home computer introduced in January 1982 by Commodore International (first shown at the Consumer Electronics Show, January 7–10, 1982, in Las Vegas). It has been listed in the Guinness ...

and

VIC 20 The VIC-20 (known as the VC-20 in Germany and the VIC-1001 in Japan) is an 8-bit home computer that was sold by Commodore Business Machines. The VIC-20 was announced in 1980, roughly three years after Commodore's first personal computer, the P ...

: * PuCrunch * Exomizer * ByteBoozer

Commodore Amiga

Known executable compressors for executables on the Commodore Amiga series: * powerpacker * Titanics cruncher * imploder * TNM cruncher * Shrinkler * PackFire

Java

Known executable compressors for

Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's List ...

JAR A jar is a rigid, cylindrical or slightly conical container, typically made of glass, ceramic, or plastic, with a wide mouth or opening that can be closed with a lid, screw cap, lug cap, cork stopper, roll-on cap, crimp-on cap, press-on cap, ...

files: * HASP Envelope * pack200 * ProGuard WAR files: * HASP Envelope

JavaScript scripts

There are two types of compression that can be applied to

scripts: * Reduce the redundancy in the script (by removing comments, white space and shorten variable and functions names). This does not alter the behavior of the script. * Compress the original script and create a new script that contains decompression code and compressed data. This is similar to binary executable compression.

Self-decompressing compressors

These compress the original script and output a new script that has a decompressor and compressed data. * JsSfx * Packify

Redundancy reducing compressors

These remove white space, remove comments, and shorten variable and function names but do not alter the behavior of the script. * Packer * YUI compressor * Shrinksafe * JSMin

References

(NB. PKLITE 1.50 (1995) and higher gained the capability to compress device drivers, but not combined COM+SYS drivers.) DotProtect http://site.yvansoftware.be/dotpacker1_0 web.comhem.se/~u13114991/exo/ {{Cite web, url=http://www.pouet.net/prod.php?which=54840, title = PackFire v1.2k by Neural EXE packers

Advantages and disadvantages

List of executable packers

CP/M and MSX-DOS executable

DOS executable

OS/2 executable

New Executable

Portable Executable

ELF files

CLI assembly files

Mac OS Classic application files

Mach-O (Apple Mac OS X) files

Commodore 64 and VIC 20

Commodore Amiga

Java

JavaScript scripts

Self-decompressing compressors

Redundancy reducing compressors

See also

References