Executable packer

UPX

UPX, the Ultimate Packer for eXecutables, is a free and open source executable packer supporting a number of file formats from different operating systems.

Compression

UPX uses a compression algorithm called UCL, which is a free implementation of the proprietary NRV, Not Really Vanished, algorithm.

UCL has been designed to be simple enough that a decompressor can be implemented in just a few hundred bytes of code. UCL requires no additional memory to be allocated for decompression, a considerable advantage that means that a UPX packed executable requires no additional memory.

UPX (3.0) can use LZMA on 32/64-bit platforms.

Decompression

UPX supports two mechanisms for decompression, an in-place technique, and extraction to temporary file.

The in-place technique, which decompresses the executable into memory, is not possible on all supported platforms. The rest use extraction to temporary file. This procedure involves additional overhead and other disadvantages; however, it allows any executable file format to be packed. The executable is extracted to a temporary location, and then open() is used to obtain a file descriptor.

Once a file descriptor is obtained, the temporary file can be unlink()ed, the stub then uses execve() on the file handle (via /proc) to overwrite the stub with the executable image of the temporary file.

The extraction to temporary file method has several disadvantages:

  • special permissions are ignored, such as suid.
  • argv[0] will not be meaningful.
  • applications will be unable to share common segments.

Unmodified UPX packing is often detected and unpacked by anti-virus scanners. UPX also has a built-in feature for unpacking unmodified executables packed with itself.

Supported formats

External links

Search another word or see Executable packeron Dictionary | Thesaurus |Spanish
Copyright © 2014 Dictionary.com, LLC. All rights reserved.
  • Please Login or Sign Up to use the Recent Searches feature
FAVORITES
RECENT

;