UPX (Ultimate Packer for Executables) is a

free and open source Free and open-source software (FOSS) is a term used to refer to groups of software consisting of both free software and open-source software where anyone is freely licensed to use, copy, study, and change the software in any way, and the source ...

executable packer supporting a number of file formats from different operating systems.

Compression

UPX uses a

data compression algorithm In information theory, data compression, source coding, or bit-rate reduction is the process of encoding information using fewer bits than the original representation. Any particular compression is either lossy or lossless. Lossless compression ...

called UCL, which is an

open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...

implementation of portions of the proprietary NRV (''Not Really Vanished'') algorithm. UCL has been designed to be simple enough that a decompressor can be implemented in just a few hundred

byte The byte is a unit of digital information that most commonly consists of eight bits. Historically, the byte was the number of bits used to encode a single character of text in a computer and for this reason it is the smallest addressable unit ...

s of code. UCL requires no additional memory to be allocated for decompression, a considerable advantage that means that a UPX packed executable usually requires no additional memory. UPX (since 2.90 beta) can use LZMA on most platforms; however, this is disabled by default for 16-bit due to slow decompression speed on older computers (use --lzma to force it on). Starting with version 3.91, UPX also supports 64-Bit (x64) PE files on the

Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...

platform.UPX News
/ref> This feature is currently declared as ''experimental''.

Decompression

UPX supports two mechanisms for decompression: an in-place technique and extraction to

temporary file A temporary file is a file created to store information temporarily, either for a program's intermediate use or for transfer to a permanent file when complete. It may be created by computer programs for a variety of purposes, such as when a program ...

. The in-place technique, which decompresses the executable into memory, is not possible on all supported platforms. It has the advantage of being more efficient in terms of memory, and that the environment set up by the OS remains correct. The rest uses extraction to temporary file. This procedure involves additional overhead and other disadvantages; however, it allows any executable file format to be packed. The extraction to temporary file method has several disadvantages: * Special permissions are ignored, such as

suid The Unix access rights flags setuid and setgid (short for ''set user identity'' and ''set group identity'') allow users to run an executable with the file system permissions of the executable's owner or group respectively and to change behaviour ...

. *

 argv /code> will not be meaningful.
* Multiple running instances of the executable are unable to share common segments.

Unmodified UPX packing is often detected and unpacked by antivirus software 





Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove  malware.

Antivirus software was originally developed to detect and remove  computer viruses, hence the nam ...
 scanners. UPX also has a built-in feature for unpacking unmodified executables packed with itself.

  Supported formats 


UPX supports the following formats:
* Portable Executable 



The Portable Executable (PE) format is a file format for executables, object code,  DLLs and others used in 32-bit and 64-bit versions of Windows operating systems. The PE format is a data structure that encapsulates the information necessary fo ...
 (PE, EXE 
Exe or EXE may refer to:


* .exe, a file extension
* exe., abbreviation for executive
 Places
* River Exe, in England
* Exe Estuary, in England
* Exe Island, in Exeter, England
 Transportation and vehicles
* Exe (locomotive), a British locomotive
 ...
 and  DLL files):
**ARM 


In human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the glenohumeral joint (shoulder joint) and the elbow joint. The distal part of the upper limb between the ...
 (Windows CE)
** 32-bit x86 









x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introd ...
 (Windows Desktop)
** 64-bit x86-64 







x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mod ...
 (Windows Desktop, still experimental)
** RTM32 (DOS extender, as generated by Borland 



Borland Software Corporation was a computer technology company founded in 1983 by Niels Jensen, Ole Henriksen, Mogens Glad and Philippe Kahn. Its main business was the development and sale of  software development and software deployment product ...
  C/Pascal 
Pascal, Pascal's or PASCAL may refer to:

 People and fictional characters
* Pascal (given name), including a list of people with the name
* Pascal (surname), including a list of people and fictional characters with the name
**  Blaise Pascal, Fren ...
 compilers)
* COFF 



The Common Object File Format (COFF)  is a format for executable, object code, and shared library computer files used on Unix systems.  It was introduced in Unix System V, replaced the previously used  a.out format, and formed the basis for exte ...
 executables, used by DJGPP2 



DJ's GNU Programming Platform (DJGPP) is a software development suite for Intel 80386-level and above, IBM PC compatibles which supports DOS operating systems. It is guided by DJ Delorie, who began the project in 1989. It is a port of the GNU Co ...

* a.out 




a.out is a file format used in older versions of Unix-like computer operating systems for executables, object code, and, in later systems, shared libraries. This is an abbreviated form of "assembler output", the filename of the output of Ken Th ...
 format, BSD 




The Berkeley Software Distribution or Berkeley Standard Distribution (BSD) is a discontinued operating system based on Research Unix, developed and distributed by the  Computer Systems Research Group (CSRG) at the University of California, Berk ...
 i386 







The Intel 386, originally released as 80386 and later renamed i386, is a 32-bit microprocessor introduced in 1985. The first versions had 275,000 transistors
** DOS 

DOS is shorthand for the MS-DOS and IBM PC DOS family of operating systems.

DOS may also refer to:

 Computing
* Data over signalling (DoS), multiplexing data onto a signalling channel
* Denial-of-service attack (DoS), an attack on a communicatio ...
/COM 
Com or COM may refer to:

 Computing
* COM (hardware interface), a serial port interface on IBM PC-compatible computers
* COM file, or .com file, short for "command", a file extension for an executable file in MS-DOS
* .com, an Internet top-level d ...
 (including some binary images)
** DOS/EXE 
Exe or EXE may refer to:


* .exe, a file extension
* exe., abbreviation for executive
 Places
* River Exe, in England
* Exe Estuary, in England
* Exe Island, in Exeter, England
 Transportation and vehicles
* Exe (locomotive), a British locomotive
 ...

** DOS/ SYS
* Watcom 

Watcom International Corporation was a software company, which was founded in 1981 by Wes Graham and  Ian McPhee. Founding staff (Fred Crigger, Jack Schueler and McPhee) were formerly members of Professor Graham's Computer Systems Group at the Uni ...
/ LE (used by  DOS4G, PMODE/W,  DOS32A and CauseWay 





A causeway is a track, road or railway on the upper point of an embankment across "a low, or wet place, or piece of water". It can be constructed of earth, masonry, wood, or concrete. One of the earliest known wooden causeways is the Sweet Tra ...
)
* TMT/adam (as generated by the TMT Pascal compiler)
*  Atari/TOS
* Linux kernel 



The Linux kernel is a  free and open-source, monolithic, modular,  multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ope ...
, i386, x86-64 and ARM
* Linux Executable and Linkable Format 




In computing, the Executable and Linkable FormatTool Interface Standard (TIS) Portable Formats SpecificationVersion 1.1'' (October 1993) (ELF, formerly named Extensible Linking Format), is a common standard file format for executable files, obj ...
, i386, x86-64 







x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mod ...
, ARM 


In human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the glenohumeral joint (shoulder joint) and the elbow joint. The distal part of the upper limb between the ...
, PowerPC 




PowerPC (with the backronym Performance Optimization With Enhanced RISC – Performance Computing, sometimes abbreviated as PPC) is a reduced instruction set computer (RISC) instruction set architecture (ISA) created by the 1991 Apple Inc., App ...
,  MIPS
* PlayStation 1 




The  (abbreviated as PS, commonly known as the PS1/PS one or its codename PSX) is a home video game console developed and marketed by Sony Computer Entertainment. It was released in Japan on 3 December 1994, in North America on 9 September 1995 ...
/EXE (MIPS R3000)
* Darwin Mach-O 





Mach-O, short for  Mach object file format, is a file format for executables, object code, shared libraries, dynamically-loaded code, and core dumps. It was developed to replace the  a.out format.

Mach-O is used by some systems based on the M ...
, ppc32, i386, and x86-64

UPX does not currently support  PE files containing  CIL code intended to run on the .NET Framework 




The .NET Framework (pronounced as "''dot net"'') is a proprietary  software framework developed by Microsoft that runs primarily on Microsoft Windows. It was the predominant implementation of the  Common Language Infrastructure (CLI) until bein ...
.

 Notes



  References 




  External links 


* 

{{compression software implementations

 Free data compression software
 Free software programmed in C++
 EXE packers
 1998 software
 Assembly language software











	
        












 HOME 


Content is Copyleft
Website design, code, and AI is Copyrighted (c) 2014-2017 by Stephen Payne


 Consider donating to Wikimedia 



As an Amazon Associate I earn from qualifying purchases