Executable compression is any means of compressing an

executable In computing, executable code, an executable file, or an executable program, sometimes simply referred to as an executable or binary, causes a computer "to perform indicated tasks according to encoded instructions", as opposed to a data fil ...

file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recreates the original code from the compressed code before executing it. In most cases this happens transparently so the compressed executable can be used in exactly the same way as the original. Executable compressors are often referred to as "runtime packers", "software packers", "software protectors" (or even "

polymorphic packer File binders are utility software that allow a user to "bind" multiple files together resulting in a single executable. They are commonly used by hackers to insert other programs such as Trojan horses into otherwise harmless files, making them mor ...

s" and " obfuscating tools"). A compressed executable can be considered a

self-extracting archive A self-extracting archive (SFX or SEA) is a computer executable program which contains compressed data in an archive file combined with machine-executable program instructions to extract this information on a compatible operating system and ...

, where a compressed executable is packaged along with the relevant decompression code in an executable file. Some compressed executables can be decompressed to reconstruct the original program file without being directly executed. Two programs that can be used to do this are CUP386 and UNP. Most compressed executables decompress the original code in memory and most require slightly more memory to run (because they need to store the decompressor code, the compressed data and the decompressed code). Moreover, some compressed executables have additional requirements, such as those that write the decompressed executable to the file system before executing it. Executable compression is not limited to binary executables, but can also be applied to scripts, such as

JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of Website, websites use JavaScript on the Client (computing), client side ...

. Because most scripting languages are designed to work on

human-readable code Computer programming is the process of performing a particular computation (or more generally, accomplishing a specific computing result), usually by designing and building an executable computer program. Programming involves tasks such as anal ...

, which has a high redundancy, compression can be very effective and as simple as replacing long names used to identify variables and functions with shorter versions and/or removing white-space.

Advantages and disadvantages

Software Software is a set of computer programs and associated software documentation, documentation and data (computing), data. This is in contrast to Computer hardware, hardware, from which the system is built and which actually performs the work. ...

distributors use executable compression for a variety of reasons, primarily to reduce the

secondary storage Computer data storage is a technology consisting of computer components and recording media that are used to retain digital data. It is a core function and fundamental component of computers. The central processing unit (CPU) of a comput ...

requirements of their software; as executable compressors are specifically designed to compress executable code, they often achieve better

compression ratio The compression ratio is the ratio between the volume of the cylinder and combustion chamber in an internal combustion engine at their maximum and minimum values. A fundamental specification for such engines, it is measured two ways: the stat ...

than standard

data compression In information theory, data compression, source coding, or bit-rate reduction is the process of encoding information using fewer bits than the original representation. Any particular compression is either lossy or lossless. Lossless compressi ...

facilities such as

gzip gzip is a file format and a software application used for file compression and decompression. The program was created by Jean-loup Gailly and Mark Adler as a free software replacement for the compress program used in early Unix systems, and ...

zip Zip, Zips or ZIP may refer to: Common uses * ZIP Code, USPS postal code * Zipper or zip, clothing fastener Science and technology Computing * ZIP (file format), a compressed archive file format ** zip, a command-line program from Info-ZIP * Zi ...

or bzip2 . This allows software distributors to stay within the constraints of their chosen distribution media (such as CD-ROM,

DVD-ROM The DVD (common abbreviation for Digital Video Disc or Digital Versatile Disc) is a digital optical disc data storage format. It was invented and developed in 1995 and first released on November 1, 1996, in Japan. The medium can store any k ...

, or

floppy disk A floppy disk or floppy diskette (casually referred to as a floppy, or a diskette) is an obsolescent type of disk storage composed of a thin and flexible disk of a magnetic storage medium in a square or nearly square plastic enclosure lined ...

), or to reduce the time and bandwidth customers require to access software distributed via the

Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a ''internetworking, network of networks'' that consists ...

. Executable compression is also frequently used to deter

reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...

or to obfuscate the contents of the executable (for example, to hide the presence of

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...

from antivirus scanners) by proprietary methods of compression and/or added

encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can dec ...

. Executable compression can be used to prevent direct

disassembly A disassembler is a computer program that translates machine language into assembly language—the inverse operation to that of an assembler. A disassembler differs from a decompiler, which targets a high-level language rather than an assembly l ...

, mask

string literal A string literal or anonymous string is a string value in the source code of a computer program. Modern programming languages commonly use a quoted sequence of characters, formally " bracketed delimiters", as in x = "foo", where "foo" is a string ...

s and modify signatures. Although this does not eliminate the chance of reverse engineering, it can make the process more costly. A compressed executable requires less storage space in the file system, thus less time to transfer data from the file system into memory. On the other hand, it requires some time to decompress the data before execution begins. However, the speed of various storage media has not kept up with average processor speeds, so the storage is very often the bottleneck. Thus the compressed executable will load faster on most common systems. On modern desktop computers, this is rarely noticeable unless the executable is unusually big, so loading speed is not a primary reason for or against compressing an executable. On operating systems which

page Page most commonly refers to: * Page (paper), one side of a leaf of paper, as in a book Page, PAGE, pages, or paging may also refer to: Roles * Page (assistance occupation), a professional occupation * Page (servant), traditionally a young ma ...

executable images on demand from the disk, compressed executables make this process less efficient. The decompressor stub allocates a block of memory to hold the decompressed data, which stays allocated as long as the executable stays loaded, whether it is used or not, competing for memory resources with other applications all along. If the operating system uses a swap file, the decompressed data has to be written to it to free up the memory instead of simply discarding unused data blocks and reloading them from the executable image if needed again. This is usually not noticeable, but it becomes a problem when an executable is loaded more than once at the same time—the operating system cannot reuse data blocks it has already loaded, the data has to be decompressed into a new memory block, and will be swapped out independently if not used. The additional storage and time requirements mean that it has to be weighed carefully whether to compress executables which are typically run more than once at the same time. Another disadvantage is that some utilities can no longer identify

run-time library Runtime, run-time, or run time may refer to: Computing * Runtime (program lifecycle phase), the period during which a computer program is executing * Runtime library, a program library designed to implement functions built into a programming langu ...

dependencies, as only the

statically linked A stand-alone program, also known as a freestanding program, is a computer program that does not load any external module, library function or program and that is designed to boot with the bootstrap procedure of the target processor – it runs o ...

extractor stub is visible. Also, some older

virus scanner Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name ...

s simply report all compressed executables as

virus A virus is a wikt:submicroscopic, submicroscopic infectious agent that replicates only inside the living Cell (biology), cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and ...

es because the decompressor stubs share some characteristics with those. Most modern virus scanners can unpack several different executable compression layers to check the actual executable inside, but some popular anti-virus and anti-malware scanners have had troubles with false positive alarms on compressed executables. In an attempt to solve the problem of

obfuscated with the help of

runtime packer Executable compression is any means of compressing an executable file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recreates the original ...

s the

IEEE The Institute of Electrical and Electronics Engineers (IEEE) is a 501(c)(3) professional association for electronic engineering and electrical engineering (and associated disciplines) with its corporate office in New York City and its operati ...

Industry Connections Security Group {{no footnotes, date=June 2014 The Industry Connections Security Group ( IEEE ICSG) is a global group of computer security entities (past and present members include: Anh Labs, AVG, Avira, ESET, F-Secure, K7 Computing, Kaspersky Labs, Marvell ...

has introduced a

software taggant A software taggant is a cryptographic signature added to software that enables positive origin identification and integrity of programs. Software taggants use standard PKI techniques (see Public key infrastructure) and were introduced by the Indust ...

system. Executable compression used to be more popular when computers were limited to the storage capacity of

s, which were both slow and low capacity media, and small

hard drive A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating platters coated with magne ...

s; it allowed the computer to store more software in the same amount of space, without the inconvenience of having to manually unpack an archive file every time the user wanted to use the software. However, executable compression has become less popular because of increased storage capacity on computers. It has its use in the

demoscene The demoscene is an international computer art subculture focused on producing demos: self-contained, sometimes extremely small, computer programs that produce audiovisual presentations. The purpose of a demo is to show off programming, visua ...

where demos have to stay within a size limit, e.g.

64k intro A 64K intro is a demo where the size of the executable file is limited to 64 kibibytes, or 65,536 bytes. At demo parties, there is a category for this kind of demo, where the one that gives the best impression wins. 64K intros generally apply ...

. Only very sophisticated compression formats, which add to load time, keep an executable small enough to enter these competitions.

List of executable packers

CP/M and MSX-DOS executable

Known executable compressors for CP/M-80 /

MSX-DOS MSX-DOS is a discontinued disk operating system developed by Microsoft for the 8-bit home computer standard MSX, and is a cross between MS-DOS 1.25 and CP/M-80 2. MSX-DOS MSX-DOS and the extended BASIC with 3½-inch floppy disk support ...

.COM files A COM file is a type of simple executable file. On the Digital Equipment Corporation (DEC) VAX operating systems of the 1970s, .COM was used as a filename extension for text files containing commands to be issued to the operating system (simi ...

: * PMexe (since 1990, written by Yoshihiko Mino, PMARC.COM+PMEXE.CPM, signature "-pms-") * PopCom! (since 1992, written by Yoshihiko Mino, POPCOM.COM, signature "-pc1-")

DOS executable

Known executable compressors for

DOS DOS is shorthand for the MS-DOS and IBM PC DOS family of operating systems. DOS may also refer to: Computing * Data over signalling (DoS), multiplexing data onto a signalling channel * Denial-of-service attack (DoS), an attack on a communicat ...

executable files (

.COM The domain name .com is a top-level domain (TLD) in the Domain Name System (DNS) of the Internet. Added at the beginning of 1985, its name is derived from the word ''commercial'', indicating its original intended purpose for domains registere ...

.EXE .exe is a common filename extension denoting an executable file (the main execution point of a computer program) for Microsoft Windows, OS/2, and DOS. File formats There are numerous file formats which may be used by a file with a extensi ...

): * Realia Spacemaker (since 1982, written by

Robert B. K. Dewar Robert Berriedale Keith Dewar (21 June 1945 – 30 June 2015) was an American computer scientist and educator. He helped to develop programming languages and compilers and was an outspoken advocate of freely licensed open-source software. He was ...

, SM.COM, signature "MEMORY$") *

Microsoft Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...

EXEPACK (since 1985, written by

Reuben Borman Reuben or Reuven is a Biblical male first name from Hebrew רְאוּבֵן (Re'uven), meaning "behold, a son". In the Bible, Reuben was the firstborn son of Jacob. Variants include Rúben in European Portuguese; Rubens in Brazilian Portuguese ...

, EXEPACK.EXE, LINK.EXE /E EPACK signature "RB") * LZEXE (since 1989, written by

Fabrice Bellard Fabrice Bellard (; born 1972) is a French computer programmer known for writing FFmpeg, QEMU, and the Tiny C Compiler. He developed Bellard's formula for calculating single digits of pi. In 2012, Bellard co-founded Amarisoft, a telecommunication ...

, LZEXE.EXE) *

PKWare PKWARE, Inc. is an enterprise data protection software company that provides discovery, classification, masking and encryption solutions, along with data compression software, used by organizations in financial services, manufacturing, militar ...

PKLite (since 1990, written by

Phil Katz Phillip Walter Katz (November 3, 1962 – April 14, 2000) was a computer programmer best known as the co-creator of the Zip file format for data compression, and the author of PKZIP, a program for creating zip files that ran under DOS. A c ...

, PKLITE.EXE) * DIET (since 1991, written by

Teddy Matsumoto Teddy is an English language given name, usually a hypocorism of Edward or Theodore. It may refer to: People Nickname * Teddy Atlas (born 1956), boxing trainer and fight commentator * Teddy Bourne (born 1948), British Olympic epee fencer * Tedd ...

, DIET.EXE) *

UPX UPX (Ultimate Packer for Executables) is a free and open source executable packer supporting a number of file formats from different operating systems. Compression UPX uses a data compression algorithm called UCL, which is an open-source im ...

(since 1998, written by Markus F. X. J. Oberhumer and László Molnár) * Knowledge Dynamics LZW Compressor

OS/2 executable

Known executable compressors under

OS/2 OS/2 (Operating System/2) is a series of computer operating systems, initially created by Microsoft and IBM under the leadership of IBM software designer Ed Iacobucci. As a result of a feud between the two companies over how to position OS/2 ...

: * NeLite * LxLite

New Executable

Known executable compressors for

New Executable The New Executable (abbreviated NE or NewEXE) is a 16-bit .exe file format, a successor to the DOS MZ executable format. It was used in Windows 1.0–3.x, Windows 9x, multitasking MS-DOS 4.0, OS/2 1.x, and the OS/2 subset of Windows NT up to ver ...

s: * PackWin * PKWare PKLite (from version 2.01) * WinLite

Portable Executable

Known executable compressors for

Portable Executable The Portable Executable (PE) format is a file format for executables, object code, DLLs and others used in 32-bit and 64-bit versions of Windows operating systems. The PE format is a data structure that encapsulates the information necessary f ...

s: ''Note: Clients in purple are no longer in development.''

ELF files

Known executable compressors for

ELF An elf () is a type of humanoid supernatural being in Germanic mythology and folklore. Elves appear especially in North Germanic mythology. They are subsequently mentioned in Snorri Sturluson's Icelandic Prose Edda. He distinguishes "ligh ...

files: * gzexe (uses a

shell script A shell script is a computer program designed to be run by a Unix shell, a command-line interpreter. The various dialects of shell scripts are considered to be scripting languages. Typical operations performed by shell scripts include file manip ...

stub and

, works on most Unix-like systems) * HASP Envelope *

* 624 (for Linux/386)

CLI assembly files

Known executable compressors for CLI assembly files: * .NETZ * NsPack * Mpress * HASP Envelope * dotBundle * Exepack.NET * DotProtect: Commercial protector/packer for .net and mono. Features on-line verifications and "industry standard encryption".

Mac OS Classic application files

Known executable compressors for

Mac OS Classic Mac OS (originally System Software; retronym: Classic Mac OS) is the series of operating systems developed for the Macintosh family of personal computers by Apple Computer from 1984 to 2001, starting with System 1 and ending with Mac OS 9. The ...

application files: * Application VISE * StuffIt InstallerMaker

Mach-O (Apple Mac OS X) files

Known executable compressors for

Mach-O Mach-O, short for Mach object file format, is a file format for executables, object code, shared libraries, dynamically-loaded code, and core dumps. It was developed to replace the a.out format. Mach-O is used by some systems based on the ...

(Apple Mac OS X) files: * HASP Envelope *

* VMProtect

Commodore 64 and VIC 20

Known executable compressors for executables on the Commodore 64 and

VIC 20 The VIC-20 (known as the VC-20 in Germany and the VIC-1001 in Japan) is an 8-bit home computer that was sold by Commodore Business Machines. The VIC-20 was announced in 1980, roughly three years after Commodore's first personal computer, the PE ...

: * PuCrunch * Exomizer * ByteBoozer

Commodore Amiga

Known executable compressors for executables on the

Commodore Amiga Amiga is a family of personal computers introduced by Commodore in 1985. The original model is one of a number of mid-1980s computers with 16- or 32-bit processors, 256 KB or more of RAM, mouse-based GUIs, and significantly improved grap ...

series: * powerpacker * Titanics cruncher * imploder * TNM cruncher * Shrinkler * PackFire

Java

Known executable compressors for

Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mo ...

JAR A jar is a rigid, cylindrical or slightly conical container, typically made of glass, ceramic, or plastic, with a wide mouth or opening that can be closed with a lid, screw cap, lug cap, cork stopper, roll-on cap, crimp-on cap, press-on c ...

files: * HASP Envelope * pack200 * ProGuard

WAR War is an intense armed conflict between states, governments, societies, or paramilitary groups such as mercenaries, insurgents, and militias. It is generally characterized by extreme violence, destruction, and mortality, using regular o ...

files: * HASP Envelope

JavaScript scripts

There are two types of compression that can be applied to

scripts: * Reduce the redundancy in the script (by removing comments, white space and shorten variable and functions names). This does not alter the behavior of the script. * Compress the original script and create a new script that contains decompression code and compressed data. This is similar to binary executable compression.

Self-decompressing compressors

These compress the original script and output a new script that has a decompressor and compressed data. * JsSfx * Packify

Redundancy reducing compressors

These remove white space, remove comments, and shorten variable and function names but do not alter the behavior of the script. * Packer * YUI compressor * Shrinksafe * JSMin

References

(NB. PKLITE 1.50 (1995) and higher gained the capability to compress device drivers, but not combined COM+SYS drivers.) DotProtect http://site.yvansoftware.be/dotpacker1_0 web.comhem.se/~u13114991/exo/ {{Cite web, url=http://www.pouet.net/prod.php?which=54840, title = PackFire v1.2k by Neural EXE packers

Advantages and disadvantages

List of executable packers

CP/M and MSX-DOS executable

DOS executable

OS/2 executable

New Executable

Portable Executable

ELF files

CLI assembly files

Mac OS Classic application files

Mach-O (Apple Mac OS X) files

Commodore 64 and VIC 20

Commodore Amiga

Java

JavaScript scripts

Self-decompressing compressors

Redundancy reducing compressors

See also

References