UPX (Ultimate Packer for eXecutables) is a

free and open source Free and open-source software (FOSS) is software available under a license that grants users the right to use, modify, and distribute the software modified or not to everyone free of charge. FOSS is an inclusive umbrella term encompassing free ...

executable packer supporting a number of file formats from different operating systems.

Compression

UPX uses a data compression algorithm called UCL, which is an

open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...

implementation of portions of the proprietary NRV (''Not Really Vanished'') algorithm. UCL has been designed to be simple enough that a decompressor can be implemented in just a few hundred

byte The byte is a unit of digital information that most commonly consists of eight bits. Historically, the byte was the number of bits used to encode a single character of text in a computer and for this reason it is the smallest addressable un ...

s of code. UCL requires no additional memory to be allocated for decompression, a considerable advantage that means that a UPX packed executable usually requires no additional memory. UPX (since 2.90 beta) can use

LZMA The Lempel–Ziv–Markov chain algorithm (LZMA) is an algorithm used to perform lossless data compression. It has been used in the 7z format of the 7-Zip archiver since 2001. This algorithm uses a dictionary compression scheme somewhat similar ...

on most platforms; however, this is disabled by default for 16-bit due to slow decompression speed on older computers (use --lzma to force it on). Starting with version 3.91, UPX also supports 64-Bit (x64) PE files on the

Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

platform. This feature is currently declared as ''experimental''.

Decompression

UPX supports two mechanisms for decompression: an in-place technique and extraction to

temporary file A temporary file is a file created to store information temporarily, either for a program's intermediate use or for transfer to a permanent file when complete. It may be created by computer programs for a variety of purposes, such as when a progra ...

. The in-place technique, which decompresses the executable into memory, is not possible on all supported platforms. It has the advantage of being more efficient in terms of memory, and that the environment set up by the OS remains correct. The rest uses extraction to temporary file. This procedure involves additional overhead and other disadvantages; however, it allows any executable file format to be packed. The extraction to temporary file method has several disadvantages: * Special permissions are ignored, such as

suid The Unix and Linux access rights flags setuid and setgid (short for ''set user identity'' and ''set group identity'') allow users to run an executable with the file system permissions of the executable's owner or group respectively and to change ...

. *

 argv /code> will not be meaningful.
* Multiple running instances of the executable are unable to share common segments.

Unmodified UPX packing is often detected and unpacked by antivirus software 






Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Antivirus software was originally developed to detect and remove computer viruses, hence the name ...
 scanners. UPX also has a built-in feature for unpacking unmodified executables packed with itself.

  Supported formats 


UPX supports the following formats:
* Portable Executable 


The Portable Executable (PE) format is a file format for executables, object file, object code, Dynamic-link library, dynamic-link-libraries (DLLs), and binary files used on 32-bit and 64-bit Microsoft Windows, Windows operating systems, as well  ...
 (PE, EXE 
Exe or EXE may refer to:


* .exe, a file extension
* exe., abbreviation for Executive (disambiguation)#Role, title, or function, executive
 Places
* River Exe, in England
* Exe Estuary, in England
* Exe Island, in Exeter, England
 Transportation a ...
 and  DLL files):
**ARM 


In  human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the  glenohumeral joint (shoulder joint) and the  elbow joint. The distal part of the upper limb between  ...
 (Windows CE)
** 32-bit x86 





x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel, based on the  8086 microprocessor and its 8-bit-external-bus variant, the  8088. Th ...
 (Windows Desktop)
** 64-bit x86-64 







x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit extension of the x86 instruction set architecture, instruction set. It was announced in 1999 and first available in the AMD Opteron family in 2003. It introduces two new ope ...
 (Windows Desktop, still experimental)
** RTM32 (DOS extender, as generated by Borland 



Borland Software Corporation was a computing technology company founded in 1983 by Niels Jensen, Ole Henriksen, Mogens Glad, and Philippe Kahn. Its main business was developing and selling software development and software deployment products. B ...
  C/ Pascal compilers)
* COFF 



The Common Object File Format (COFF)  is a  format for executable, object code, and shared library computer files used on Unix systems. It was introduced in  Unix System V, replaced the previously used  a.out format, and formed the basis for ext ...
 executables, used by  DJGPP2
* a.out 




a.out is a file format used in older versions of Unix-like computer operating systems for executables, object code, and, in later systems, shared libraries. This is an abbreviated form of " assembler output", the filename of the output of Ken T ...
 format, BSD 



The Berkeley Software Distribution (BSD), also known as Berkeley Unix or BSD Unix, is a discontinued Unix operating system developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berkeley, beginni ...
 i386 







The Intel 386, originally released as the 80386 and later renamed i386, is the third-generation  x86 architecture microprocessor from Intel. It was the first  32-bit processor in the line, making it a significant evolution in the x86 archite ...
 (removed)
* Raw 8086/DOS files:
** DOS 






DOS (, ) is a family of disk-based operating systems for  IBM PC compatible computers. The DOS family primarily consists of  IBM PC DOS and a rebranded version, Microsoft's MS-DOS, both of which were introduced in 1981. Later compatible syste ...
/COM 
Com or COM may refer to:

 Computing
* COM (hardware interface), a serial port interface on IBM PC-compatible computers
* COM file, or .com file, short for "command", a file extension for an executable file in MS-DOS
*  .com, an Internet top-level  ...
 (including some binary images)
** DOS/EXE 
Exe or EXE may refer to:


* .exe, a file extension
* exe., abbreviation for Executive (disambiguation)#Role, title, or function, executive
 Places
* River Exe, in England
* Exe Estuary, in England
* Exe Island, in Exeter, England
 Transportation a ...

** DOS/ SYS
* Watcom 
Watcom International Corporation was a software company, which was founded in 1981 by  Wes Graham and  Ian McPhee. Founding staff (Fred Crigger, Jack Schueler and McPhee) were formerly members of Professor Graham's Computer Systems Group at the Uni ...
/ LE (used by  DOS4G, PMODE/W,  DOS32A and CauseWay 





A causeway is a track, road or railway on the upper point of an  embankment across "a low, or wet place, or piece of water". It can be constructed of earth, masonry, wood, or concrete. One of the earliest known wooden causeways is the  Sweet T ...
)
* TMT/adam (as generated by the TMT Pascal compiler)
*  Atari/TOS
* Linux kernel 



The Linux kernel is a Free and open-source software, free and open source Unix-like kernel (operating system), kernel that is used in many computer systems worldwide. The kernel was created by Linus Torvalds in 1991 and was soon adopted as the k ...
, i386, x86-64 and ARM
* Linux Executable and Linkable Format 




In computing, the Executable and Linkable FormatTool Interface Standard (TIS) Portable Formats SpecificationVersion 1.1'' (October 1993) (ELF, formerly named Extensible Linking Format) is a common standard file format for executable files, obje ...
, i386, x86-64 







x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit extension of the x86 instruction set architecture, instruction set. It was announced in 1999 and first available in the AMD Opteron family in 2003. It introduces two new ope ...
, ARM 


In  human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the  glenohumeral joint (shoulder joint) and the  elbow joint. The distal part of the upper limb between  ...
, PowerPC 




PowerPC (with the backronym Performance Optimization With Enhanced RISC – Performance Computing, sometimes abbreviated as PPC) is a reduced instruction set computer (RISC) instruction set architecture (ISA) created by the 1991 Apple Inc., App ...
,  MIPS
*  PlayStation 1/EXE (MIPS R3000)
* Darwin Mach-O 





Mach-O (Mach object) file format, is a file format for executables, object code,  shared libraries, dynamically loaded code, and core dumps. It was developed to replace the  a.out format.

Mach-O is used by some systems based on the  Mach kern ...
, ppc32, i386, and x86-64

UPX does not currently support  PE files containing  CIL code intended to run on the  .NET Framework.

 Notes



  References 




  External links 


* 

{{compression software implementations

 Free data compression software
 Free software programmed in C++
 EXE packers
 1998 software
 Assembly language software