Executable compression is any means of compressing an

executable In computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes and development of both computer hardware , hardware and ...

file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recreates the original code from the compressed code before executing it. In most cases this happens transparently so the compressed executable can be used in exactly the same way as the original. Executable compressors are often referred to as "runtime packers", "software packers", "software protectors" (or even " polymorphic packers" and " obfuscating tools"). A compressed executable can be considered a

self-extracting archive A self-extracting archive (SFX or SEA) is a computer A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations automatically. Modern computers can perform generic sets ...

, where a compressed executable is packaged along with the relevant decompression code in an executable file. Some compressed executables can be decompressed to reconstruct the original program file without being directly executed. Two programs that can be used to do this are CUP386 and UNP. Most compressed executables decompress the original code in memory and most require slightly more memory to run (because they need to store the decompressor code, the compressed data and the decompressed code). Moreover, some compressed executables have additional requirements, such as those that write the decompressed executable to the file system before executing it. Executable compression is not limited to binary executables, but can also be applied to scripts, such as

JavaScript JavaScript (), often abbreviated JS, is a programming language A programming language is a formal language In mathematics Mathematics (from Ancient Greek, Greek: ) includes the study of such topics as quantity (number theory), ma ...

. Because most scripting languages are designed to work on

human-readable code

, which has a high redundancy, compression can be very effective and as simple as replacing long names used to identify variables and

functions Function or functionality may refer to: Computing * Function key A function key is a key on a computer A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations automatically. Modern comp ...

with shorter versions and/or removing white-space.

Advantages and disadvantages

Software Software is a collection of instructions Instruction or instructions may refer to: Computing * Instruction, one operation of a processor within a computer architecture instruction set * Computer program, a collection of instructions Music * I ...

distributors use executable compression for a variety of reasons, primarily to reduce the

secondary storage A spindle of DVD-RW's. Computer data storage is a technology consisting of computer A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations automatically. Modern computers can perfor ...

requirements of their software; as executable compressors are specifically designed to compress executable code, they often achieve better

compression ratio The compression ratio is the ratio between the volume of the cylinder A cylinder (from ) has traditionally been a Solid geometry, three-dimensional solid, one of the most basic of curvilinear geometric shapes. Geometrically, it can be consi ...

than standard

data compression In signal processing Signal processing is an electrical engineering Electrical engineering is an engineering discipline concerned with the study, design, and application of equipment, devices, and systems which use electricity, electro ...

facilities such as

gzip gzip is a file format A file format is a standard Standard may refer to: Flags * Colours, standards and guidons * Standard (flag), a type of flag used for personal identification Norm, convention or requirement * Standard (metrol ...

, zip or

bzip2 bzip2 is a free and open-source Free and open-source software (FOSS) is software that is both free software and open-source software where anyone is free software license, freely licensed to use, copy, study, and change the software in an ...

. This allows software distributors to stay within the constraints of their chosen distribution media (such as

CD-ROM A CD-ROM (, compact disc read-only memory) is a pre-pressed optical compact disc The compact disc (CD) is a digital Digital usually refers to something using digits, particularly binary digits. Technology and computing Hardware *Digital ...

CD-ROM

DVD-ROM The DVD (common abbreviation for Digital Video Disc or Digital Versatile Disc) is a digital media, digital optical disc data storage format invented and developed in 1995 and released in late 1996. Currently allowing up to 17.08 Gigabyte, GB o ...

DVD-ROM

, or

Floppy disk A floppy disk or floppy diskette (sometimes casually referred to as a floppy or diskette) is a type of disk storage Disk storage (also sometimes called drive storage) is a general category of storage mechanisms where data is recorded by vario ...

), or to reduce the time and bandwidth customers require to access software distributed via the

Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a ''internetworking, network of networks'' that consist ...

. Executable compression is also frequently used to deter

reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through the application of which one attempts to understand through deductive reasoning Deductive reasoning, also deductive logic, is the process ...

or to obfuscate the contents of the executable (for example, to hide the presence of

malware Malware (a portmanteau for malicious software) is any software intentionally designed to cause disruption to a computer, server (computing), server, Client (computing), client, or computer network, leak private information, gain unauthorized acc ...

malware

from antivirus scanners) by proprietary methods of compression and/or added

encryption In cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in ...

. Executable compression can be used to prevent direct

disassembly A disassembler is a computer program In imperative programming, a computer program is a sequence of instructions in a programming language that a computer can execute or interpret. In declarative programming, a ''computer program'' is a Set (math ...

, mask string literals and modify signatures. Although this does not eliminate the chance of reverse engineering, it can make the process more costly. A compressed executable requires less storage space in the file system, thus less time to transfer data from the file system into memory. On the other hand, it requires some time to decompress the data before execution begins. However, the speed of various storage media has not kept up with average processor speeds, so the storage is very often the bottleneck. Thus the compressed executable will load faster on most common systems. On modern desktop computers, this is rarely noticeable unless the executable is unusually big, so loading speed is not a primary reason for or against compressing an executable. On operating systems which read executable images on demand from the disk (see

virtual memory In computing, virtual memory, or virtual storage is a Memory management (operating systems), memory management technique that provides an "idealized abstraction of the storage resources that are actually available on a given machine" which "cre ...

), compressed executables make this process less efficient. The decompressor stub allocates a block of memory to hold the decompressed data, which stays allocated as long as the executable stays loaded, whether it is used or not, competing for memory resources with other applications all along. If the operating system uses a swap file, the decompressed data has to be written to it to free up the memory instead of simply discarding unused data blocks and reloading them from the executable image if needed again. This is usually not noticeable, but it becomes a problem when an executable is loaded more than once at the same time—the operating system cannot reuse data blocks it has already loaded, the data has to be decompressed into a new memory block, and will be swapped out independently if not used. The additional storage and time requirements mean that it has to be weighed carefully whether to compress executables which are typically run more than once at the same time. Another disadvantage is that some utilities can no longer identify

run-time library In computer programming Computer programming is the process of designing and building an executable computer program to accomplish a specific computing result or to perform a particular task. Programming involves tasks such as analysis, gene ...

dependencies, as only the statically linked extractor stub is visible. Also, some older

virus scanner Antivirus software, or anti-virus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer v ...

s simply report all compressed executables as

viruses A virus is a wikt:submicroscopic, submicroscopic infectious agent that Viral replication, replicates only inside the living Cell (biology), cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, incl ...

viruses

because the decompressor stubs share some characteristics with those. Most modern virus scanners can unpack several different executable compression layers to check the actual executable inside, but some popular anti-virus and anti-malware scanners have had troubles with false positive alarms on compressed executables. In an attempt to solve the problem of

obfuscated with the help of

runtime packer Executable compression is any means of Data compression, compressing an executable file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recre ...

s the

IEEE The Institute of Electrical and Electronics Engineers (IEEE) is a professional association A professional association (also called a professional body, professional organization, or professional society) usually seeks to further Further or ...

Industry Connections Security Group {{no footnotes, date=June 2014 The Industry Connections Security Group (IEEE ICSG) is a global group of computer security entities (past and present members include: Anh Labs, AVG Technologies, AVG, Avira, ESET, F-Secure, K7 Computing, Kaspersky La ...

has introduced a

software taggant A software taggant is a cryptographic signature added to software that enables positive origin identification and integrity of programs. Software taggants use standard PKI techniques (see Public key infrastructure A public key infrastructure (PKI) ...

system. Executable compression used to be more popular when computers were limited to the storage capacity of

floppy disk A floppy disk or floppy diskette (sometimes casually referred to as a floppy or diskette) is a type of disk storage Disk storage (also sometimes called drive storage) is a general category of storage mechanisms where data is recorded by vario ...

s, which were both slow and low capacity media, and small

hard drive A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device On a reel-to-reel tape recorder (Sony TC-630), the recorder is data storage equipment and the magnetic tape is a data stora ...

s; it allowed the computer to store more software in the same amount of space, without the inconvenience of having to manually unpack an archive file every time the user wanted to use the software. However, executable compression has become less popular because of increased storage capacity on computers. It has its use in the

demoscene The demoscene is an international focused on producing demos: self-contained, sometimes extremely small, computer programs that produce presentations. The purpose of a demo is to show off , visual art, and musical skills. Demos and other demo ...

where demos have to stay within a size limit like 64 kilobytes to enter some competitions. Only very sophisticated compression formats, which add to load time, keep an executable small enough to enter these competitions.

List of executable packers

CP/M and MSX-DOS executable

Known executable compressors for CP/M-80 /

MSX-DOS MSX-DOS is a discontinued disk operating system developed by Microsoft Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation which produces Software, computer software, co ...

.COM files: * PMexe (since 1990, written by Yoshihiko Mino, PMARC.COM+PMEXE.CPM, signature "-pms-") * PopCom! (since 1992, written by Yoshihiko Mino, POPCOM.COM, signature "-pc1-")

DOS executable

Known executable compressors for

DOS DOS (, ) is a platform-independent acronym for disk operating system which later became a common shorthand for disk-based operating systems on IBM PC compatible IBM PC compatible computers are similar to the original IBM Personal Computer, IB ...

DOS

executable files (

.COM The domain name com is a top-level domain A top-level domain (TLD) is one of the Domain name, domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are instal ...

or .EXE): * Realia Spacemaker (since 1982, written by Robert B. K. Dewar, SM.COM, signature "MEMORY$") * Microsoft EXEPACK (since 1985, written by Reuben Borman, EXEPACK.EXE, LINK.EXE /E[XEPACK], signature "RB") * LZEXE (since 1989, written by Fabrice Bellard, LZEXE.EXE) * PKWare PKLite (since 1990, written by Phil Katz, PKLITE.EXE) * DIET (since 1991, written by Teddy Matsumoto, DIET.EXE) * TINYPROG (TINYPROG.EXE) * RJS Software RJCRUSH (since 1994, written by Roland Skinner, RJCRUSH.EXE) * XPA (since 1995, written by JauMing Tseng, XPA.EXE) * Ibsen Software aPACK (since 1997, written by Jørgen Ibsen, APACK.EXE) * UPX (since 1998, written by Markus F. X. J. Oberhumer and László Molnár) * 32LiTE (since 1998, written by Oleg Prokhorov, 32LITE.EXE) * Knowledge Dynamics LZW Compressor * WWpack (written by Piotr Warezak and Rafal Wierzbicki, WWPACK.EXE) * 624 (only for .COM files smaller than 25 KB, uses Lempel–Ziv–Welch, LZW) * AINEXE * AvPack * ComPAck * HASP Envelope * LGLZ * PMWLITE * ProPack * UCEXE * WDOSX * XE * XPack

OS/2 executable

Known executable compressors under OS/2: * NeLite * LxLite

New Executable

Known executable compressors for New Executables: * PackWin * PKWare PKLite (from version 2.01) * WinLite

Portable Executable

Known executable compressors for Portable Executables: ''Note: Clients in purple are no longer in development.''

ELF files

Known executable compressors for Executable and Linkable Format, ELF files: * gzexe (uses a shell script stub and

, works on most Unix-like systems) * HASP Envelope * UPX * 624 (for Linux/386)

CLI assembly files

Known executable compressors for Assembly (CLI), CLI assembly files: * .NETZ * NsPack * Mpress * HASP Envelope * .netshrink * dotBundle * Exepack.NET * DotProtect: Commercial protector/packer for .net and mono. Features on-line verifications and "industry standard encryption".

Mac OS Classic application files

Known executable compressors for Mac OS Classic application files: * Application VISE * StuffIt InstallerMaker

Mach-O (Apple Mac OS X) files

Known executable compressors for Mach-O (Apple Mac OS X) files: * HASP Envelope * UPX * VMProtect

Commodore 64 and VIC 20

Known executable compressors for executables on the Commodore 64 and VIC 20: * PuCrunch * Exomizer * ByteBoozer

Commodore Amiga

Known executable compressors for executables on the Commodore Amiga series: * powerpacker * Titanics cruncher * imploder * TNM cruncher * Shrinkler * PackFire

Java

Known executable compressors for Java (software platform), Java: JAR (file format), JAR files: * HASP Envelope * pack200 * ProGuard (software), ProGuard WAR (Sun file format), WAR files: * HASP Envelope

JavaScript scripts

There are two types of compression that can be applied to

scripts: * Reduce the redundancy in the script (by removing comments, white space and shorten variable and functions names). This does not alter the behavior of the script. * Compress the original script and create a new script that contains decompression code and compressed data. This is similar to binary executable compression.

Self-decompressing compressors

These compress the original script and output a new script that has a decompressor and compressed data. * JsSfx * Packify

Redundancy reducing compressors

These remove white space, remove comments, and shorten variable and function names but do not alter the behavior of the script. * Packer * YUI compressor * Shrinksafe * JSMin

References

(NB. PKLITE 1.50 (1995) and higher gained the capability to compress device drivers, but not combined COM+SYS drivers.) https://web.archive.org/web/20040525022811/http://www.xtreeme.prv.pl/ DotProtect http://site.yvansoftware.be/dotpacker1_0 https://web.archive.org/web/20140730211711/http://www.cs.tut.fi/~albert/Dev/pucrunch/ web.comhem.se/~u13114991/exo/ {{Cite web, url=http://www.pouet.net/prod.php?which=54840, title = PackFire v1.2k by Neural EXE packers