Executable compression is any means of
compressing an
executable
In computing
Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes and development of both computer hardware , hardware and ...
file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recreates the original code from the compressed code before executing it. In most cases this happens transparently so the compressed executable can be used in exactly the same way as the original. Executable compressors are often referred to as "runtime packers", "software packers", "software protectors" (or even "
polymorphic packers" and "
obfuscating tools").
A compressed executable can be considered a
self-extracting archive
A self-extracting archive (SFX or SEA) is a computer
A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations automatically. Modern computers can perform generic sets ...
, where a compressed executable is packaged along with the relevant decompression code in an executable file. Some compressed executables can be decompressed to reconstruct the original program file without being directly executed. Two programs that can be used to do this are CUP386 and UNP.
Most compressed executables decompress the original code in memory and most require slightly more memory to run (because they need to store the decompressor code, the compressed data and the decompressed code). Moreover, some compressed executables have additional requirements, such as those that write the decompressed executable to the file system before executing it.
Executable compression is not limited to binary executables, but can also be applied to scripts, such as
JavaScript
JavaScript (), often abbreviated JS, is a programming language
A programming language is a formal language
In mathematics
Mathematics (from Ancient Greek, Greek: ) includes the study of such topics as quantity (number theory), ma ...

. Because most scripting languages are designed to work on
, which has a high
redundancy, compression can be very effective and as simple as replacing long names used to identify
variables and
functions
Function or functionality may refer to:
Computing
* Function key
A function key is a key on a computer
A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations automatically. Modern comp ...
with shorter versions and/or removing
white-space.
Advantages and disadvantages
Software
Software is a collection of instructions
Instruction or instructions may refer to:
Computing
* Instruction, one operation of a processor within a computer architecture instruction set
* Computer program, a collection of instructions
Music
* I ...

distributors use executable compression for a variety of reasons, primarily to reduce the
secondary storage
A spindle of DVD-RW's.
Computer data storage is a technology consisting of computer
A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations automatically. Modern computers can perfor ...
requirements of their software; as executable compressors are specifically designed to compress executable code, they often achieve better
compression ratio
The compression ratio is the ratio between the volume of the cylinder
A cylinder (from ) has traditionally been a Solid geometry, three-dimensional solid, one of the most basic of curvilinear geometric shapes. Geometrically, it can be consi ...

than standard
data compression
In signal processing
Signal processing is an electrical engineering
Electrical engineering is an engineering discipline concerned with the study, design, and application of equipment, devices, and systems which use electricity, electro ...
facilities such as
gzip
gzip is a file format
A file format is a standard
Standard may refer to:
Flags
* Colours, standards and guidons
* Standard (flag), a type of flag used for personal identification
Norm, convention or requirement
* Standard (metrol ...
,
zip or
bzip2
bzip2 is a free and open-source
Free and open-source software (FOSS) is software that is both free software and open-source software where anyone is free software license, freely licensed to use, copy, study, and change the software in an ...
. This allows software distributors to stay within the constraints of their chosen distribution media (such as
CD-ROM
A CD-ROM (, compact disc read-only memory) is a pre-pressed optical compact disc
The compact disc (CD) is a digital
Digital usually refers to something using digits, particularly binary digits.
Technology and computing Hardware
*Digital ...

,
DVD-ROM
The DVD (common abbreviation for Digital Video Disc or Digital Versatile Disc) is a digital media, digital optical disc data storage format invented and developed in 1995 and released in late 1996. Currently allowing up to 17.08 Gigabyte, GB o ...

, or
Floppy disk
A floppy disk or floppy diskette (sometimes casually referred to as a floppy or diskette) is a type of disk storage
Disk storage (also sometimes called drive storage) is a general category of storage mechanisms where data is recorded by vario ...

), or to reduce the time and bandwidth customers require to access software distributed via the
Internet
The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a ''internetworking, network of networks'' that consist ...

.
Executable compression is also frequently used to deter
reverse engineering
Reverse engineering (also known as backwards engineering or back engineering) is a process or method through the application of which one attempts to understand through deductive reasoning
Deductive reasoning, also deductive logic, is the process ...

or to obfuscate the contents of the executable (for example, to hide the presence of
malware
Malware (a portmanteau for malicious software) is any software intentionally designed to cause disruption to a computer, server (computing), server, Client (computing), client, or computer network, leak private information, gain unauthorized acc ...

from
antivirus scanners) by proprietary methods of compression and/or added
encryption
In cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in ...

. Executable compression can be used to prevent direct
disassembly
A disassembler is a computer program
In imperative programming, a computer program is a sequence of instructions in a programming language that a computer can execute or interpret. In declarative programming, a ''computer program'' is a Set (math ...
, mask
string literals and modify signatures. Although this does not eliminate the chance of reverse engineering, it can make the process more costly.
A compressed executable requires less storage space in the file system, thus less time to transfer data from the file system into memory. On the other hand, it requires some time to decompress the data before execution begins. However, the speed of various storage media has not kept up with average processor speeds, so the storage is very often the bottleneck. Thus the compressed executable will load faster on most common systems. On modern desktop computers, this is rarely noticeable unless the executable is unusually big, so loading speed is not a primary reason for or against compressing an executable.
On operating systems which read executable images on demand from the disk (see
virtual memory
In computing, virtual memory, or virtual storage is a Memory management (operating systems), memory management technique that provides an "idealized abstraction of the storage resources that are actually available on a given machine" which "cre ...

), compressed executables make this process less efficient. The decompressor stub allocates a block of memory to hold the decompressed data, which stays allocated as long as the executable stays loaded, whether it is used or not, competing for memory resources with other applications all along. If the operating system uses a swap file, the decompressed data has to be written to it to free up the memory instead of simply discarding unused data blocks and reloading them from the executable image if needed again. This is usually not noticeable, but it becomes a problem when an executable is loaded more than once at the same time—the operating system cannot reuse data blocks it has already loaded, the data has to be decompressed into a new memory block, and will be swapped out independently if not used. The additional storage and time requirements mean that it has to be weighed carefully whether to compress executables which are typically run more than once at the same time.
Another disadvantage is that some utilities can no longer identify
run-time library
In computer programming
Computer programming is the process of designing and building an executable computer program to accomplish a specific computing result or to perform a particular task. Programming involves tasks such as analysis, gene ...
dependencies, as only the
statically linked extractor stub is visible.
Also, some older
virus scanner
Antivirus software, or anti-virus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
Antivirus software was originally developed to detect and remove computer v ...
s simply report all compressed executables as
viruses
A virus is a wikt:submicroscopic, submicroscopic infectious agent that Viral replication, replicates only inside the living Cell (biology), cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, incl ...

because the decompressor stubs share some characteristics with those. Most modern virus scanners can unpack several different executable compression layers to check the actual executable inside, but some popular anti-virus and anti-malware scanners have had troubles with false positive alarms on compressed executables. In an attempt to solve the problem of
malware
Malware (a portmanteau for malicious software) is any software intentionally designed to cause disruption to a computer, server (computing), server, Client (computing), client, or computer network, leak private information, gain unauthorized acc ...

obfuscated with the help of
runtime packer
Executable compression is any means of Data compression, compressing an executable file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recre ...
s the
IEEE
The Institute of Electrical and Electronics Engineers (IEEE) is a professional association
A professional association (also called a professional body, professional organization, or professional society) usually seeks to further
Further or ...
Industry Connections Security Group {{no footnotes, date=June 2014
The Industry Connections Security Group (IEEE ICSG) is a global group of computer security entities (past and present members include: Anh Labs, AVG Technologies, AVG, Avira, ESET, F-Secure, K7 Computing, Kaspersky La ...
has introduced a
software taggant A software taggant is a cryptographic signature added to software that enables positive origin identification and integrity of programs. Software taggants use standard PKI techniques (see Public key infrastructure
A public key infrastructure (PKI) ...
system.
Executable compression used to be more popular when computers were limited to the storage capacity of
floppy disk
A floppy disk or floppy diskette (sometimes casually referred to as a floppy or diskette) is a type of disk storage
Disk storage (also sometimes called drive storage) is a general category of storage mechanisms where data is recorded by vario ...

s, which were both slow and low capacity media, and small
hard drive
A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device
On a reel-to-reel tape recorder (Sony TC-630), the recorder is data storage equipment and the magnetic tape is a data stora ...
s; it allowed the computer to store more software in the same amount of space, without the inconvenience of having to manually unpack an archive file every time the user wanted to use the software. However, executable compression has become less popular because of increased storage capacity on computers. It has its use in the
demoscene
The demoscene is an international focused on producing demos: self-contained, sometimes extremely small, computer programs that produce presentations. The purpose of a demo is to show off , visual art, and musical skills. Demos and other demo ...
where demos have to stay within a
size limit like 64 kilobytes to enter some competitions. Only very sophisticated compression formats, which add to load time, keep an executable small enough to enter these competitions.
List of executable packers
CP/M and MSX-DOS executable
Known executable compressors for
CP/M-80 /
MSX-DOS
MSX-DOS is a discontinued disk operating system developed by Microsoft
Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation which produces Software, computer software, co ...
.COM files:
* PMexe (since 1990, written by Yoshihiko Mino, PMARC.COM+PMEXE.CPM, signature "-pms-")
* PopCom! (since 1992, written by Yoshihiko Mino, POPCOM.COM, signature "-pc1-")
DOS executable
Known executable compressors for
DOS
DOS (, ) is a platform-independent acronym for disk operating system which later became a common shorthand for disk-based operating systems on IBM PC compatible
IBM PC compatible computers are similar to the original IBM Personal Computer, IB ...

executable files (
.COM
The domain name com is a top-level domain
A top-level domain (TLD) is one of the Domain name, domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are instal ...
or .EXE):
* Realia Spacemaker (since 1982, written by Robert B. K. Dewar, SM.COM, signature "MEMORY$")
* Microsoft EXEPACK (since 1985, written by Reuben Borman, EXEPACK.EXE, LINK.EXE /E[XEPACK], signature "RB")
* LZEXE (since 1989, written by Fabrice Bellard, LZEXE.EXE)
* PKWare PKLite (since 1990, written by Phil Katz, PKLITE.EXE)
* DIET (since 1991, written by Teddy Matsumoto, DIET.EXE)
* TINYPROG (TINYPROG.EXE)
* RJS Software RJCRUSH (since 1994, written by Roland Skinner, RJCRUSH.EXE)
* XPA (since 1995, written by JauMing Tseng, XPA.EXE)
* Ibsen Software aPACK (since 1997, written by Jørgen Ibsen, APACK.EXE)
* UPX (since 1998, written by Markus F. X. J. Oberhumer and László Molnár)
* 32LiTE (since 1998, written by Oleg Prokhorov, 32LITE.EXE)
* Knowledge Dynamics LZW Compressor
* WWpack (written by Piotr Warezak and Rafal Wierzbicki, WWPACK.EXE)
* 624 (only for .COM files smaller than 25 KB, uses Lempel–Ziv–Welch, LZW)
* AINEXE
* AvPack
* ComPAck
* HASP Envelope
* LGLZ
* PMWLITE
* ProPack
* UCEXE
* WDOSX
* XE
* XPack
OS/2 executable
Known executable compressors under OS/2:
* NeLite
* LxLite
New Executable
Known executable compressors for New Executables:
* PackWin
* PKWare PKLite (from version 2.01)
* WinLite
Portable Executable
Known executable compressors for Portable Executables:
''Note: Clients in purple are no longer in development.''
ELF files
Known executable compressors for Executable and Linkable Format, ELF files:
* gzexe (uses a shell script stub and
gzip
gzip is a file format
A file format is a standard
Standard may refer to:
Flags
* Colours, standards and guidons
* Standard (flag), a type of flag used for personal identification
Norm, convention or requirement
* Standard (metrol ...
, works on most Unix-like systems)
* HASP Envelope
* UPX
* 624 (for Linux/386)
CLI assembly files
Known executable compressors for Assembly (CLI), CLI assembly files:
* .NETZ
* NsPack
* Mpress
* HASP Envelope
* .netshrink
* dotBundle
* Exepack.NET
* DotProtect:
Commercial protector/packer for .net and mono. Features on-line verifications and "industry standard encryption".
Mac OS Classic application files
Known executable compressors for Mac OS Classic application files:
* Application VISE
* StuffIt InstallerMaker
Mach-O (Apple Mac OS X) files
Known executable compressors for Mach-O (Apple Mac OS X) files:
* HASP Envelope
* UPX
* VMProtect
Commodore 64 and VIC 20
Known executable compressors for executables on the Commodore 64 and VIC 20:
* PuCrunch
* Exomizer
* ByteBoozer
Commodore Amiga
Known executable compressors for executables on the Commodore Amiga series:
* powerpacker
* Titanics cruncher
* imploder
* TNM cruncher
* Shrinkler
* PackFire
Java
Known executable compressors for Java (software platform), Java:
JAR (file format), JAR files:
* HASP Envelope
* pack200
* ProGuard (software), ProGuard
WAR (Sun file format), WAR files:
* HASP Envelope
JavaScript scripts
There are two types of compression that can be applied to
JavaScript
JavaScript (), often abbreviated JS, is a programming language
A programming language is a formal language
In mathematics
Mathematics (from Ancient Greek, Greek: ) includes the study of such topics as quantity (number theory), ma ...

scripts:
* Reduce the redundancy in the script (by removing comments, white space and shorten variable and functions names). This does not alter the behavior of the script.
* Compress the original script and create a new script that contains decompression code and compressed data. This is similar to binary executable compression.
Self-decompressing compressors
These compress the original script and output a new script that has a decompressor and compressed data.
* JsSfx
* Packify
Redundancy reducing compressors
These remove white space, remove comments, and shorten variable and function names but do not alter the behavior of the script.
* Packer
* YUI compressor
* Shrinksafe
* JSMin
See also
* Data compression
* Disk compression
* RAM compression
* Executable
* Kolmogorov complexity
* Self-modifying code
* Self-relocating code
* Self-extracting archive
* Self-booting disk
References
[ (NB. PKLITE 1.50 (1995) and higher gained the capability to compress device drivers, but not combined COM+SYS drivers.)]
[https://web.archive.org/web/20040525022811/http://www.xtreeme.prv.pl/]
[DotProtect http://site.yvansoftware.be/dotpacker1_0 ]
[https://web.archive.org/web/20140730211711/http://www.cs.tut.fi/~albert/Dev/pucrunch/]
[web.comhem.se/~u13114991/exo/]
[{{Cite web, url=http://www.pouet.net/prod.php?which=54840, title = PackFire v1.2k by Neural]
EXE packers