mirror of
				https://github.com/upx/upx
				synced 2025-10-19 23:42:44 +08:00 
			
		
		
		
	
		
			
				
	
	
		
			967 lines
		
	
	
		
			35 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			967 lines
		
	
	
		
			35 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| =head1 NAME
 | |
| 
 | |
| upx - compress or expand executable files
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 SYNOPSIS
 | |
| 
 | |
| B<upx> S<[ I<command> ]> S<[ I<options> ]> I<filename>...
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 ABSTRACT
 | |
| 
 | |
|                     The Ultimate Packer for eXecutables
 | |
|    Copyright (c) 1996-2021 Markus Oberhumer, Laszlo Molnar & John Reiser
 | |
|                            https://upx.github.io
 | |
| 
 | |
| 
 | |
| B<UPX> is a portable, extendable, high-performance executable packer for
 | |
| several different executable formats. It achieves an excellent compression
 | |
| ratio and offers I<*very*> fast decompression. Your executables suffer
 | |
| no memory overhead or other drawbacks for most of the formats supported,
 | |
| because of in-place decompression.
 | |
| 
 | |
| While you may use B<UPX> freely for both non-commercial and commercial
 | |
| executables (for details see the file LICENSE), we would highly
 | |
| appreciate if you credit B<UPX> and ourselves in the documentation,
 | |
| possibly including a reference to the B<UPX> home page. Thanks.
 | |
| 
 | |
| [ Using B<UPX> in non-OpenSource applications without proper credits
 | |
| is considered not politically correct ;-) ]
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 DISCLAIMER
 | |
| 
 | |
| B<UPX> comes with ABSOLUTELY NO WARRANTY; for details see the file LICENSE.
 | |
| 
 | |
| This is the first production quality release, and we plan that future 1.xx
 | |
| releases will be backward compatible with this version.
 | |
| 
 | |
| Please report all problems or suggestions to the authors. Thanks.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 SECURITY CONTEXT
 | |
| 
 | |
| IMPORTANT NOTE: B<UPX> inherits the security context of any files it handles.
 | |
| 
 | |
| This means that packing, unpacking, or even testing or listing a file requires
 | |
| the same security considerations as acutally executing the file.
 | |
| 
 | |
| Use B<UPX> on trusted files only!
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 DESCRIPTION
 | |
| 
 | |
| B<UPX> is a versatile executable packer with the following features:
 | |
| 
 | |
|   - excellent compression ratio: compresses better than zip/gzip,
 | |
|       use UPX to decrease the size of your distribution !
 | |
| 
 | |
|   - very fast decompression: about 10 MiB/sec on an ancient Pentium 133,
 | |
|       about 200 MiB/sec on an Athlon XP 2000+.
 | |
| 
 | |
|   - no memory overhead for your compressed executables for most of the
 | |
|       supported formats
 | |
| 
 | |
|   - safe: you can list, test and unpack your executables
 | |
|       Also, a checksum of both the compressed and uncompressed file is
 | |
|       maintained internally.
 | |
| 
 | |
|   - universal: UPX can pack a number of executable formats:
 | |
|       * atari/tos
 | |
|       * bvmlinuz/386    [bootable Linux kernel]
 | |
|       * djgpp2/coff
 | |
|       * dos/com
 | |
|       * dos/exe
 | |
|       * dos/sys
 | |
|       * linux/386
 | |
|       * linux/elf386
 | |
|       * linux/sh386
 | |
|       * ps1/exe
 | |
|       * rtm32/pe
 | |
|       * tmt/adam
 | |
|       * vmlinuz/386     [bootable Linux kernel]
 | |
|       * vmlinux/386
 | |
|       * watcom/le (supporting DOS4G, PMODE/W, DOS32a and CauseWay)
 | |
|       * win32/pe (exe and dll)
 | |
|       * win64/pe (exe and dll)
 | |
|       * arm/pe (exe and dll)
 | |
|       * linux/elfamd64
 | |
|       * linux/elfppc32
 | |
|       * mach/elfppc32
 | |
| 
 | |
|   - portable: UPX is written in portable endian-neutral C++
 | |
| 
 | |
|   - extendable: because of the class layout it's very easy to support
 | |
|       new executable formats or add new compression algorithms
 | |
| 
 | |
|   - free: UPX can be distributed and used freely. And from version 0.99
 | |
|       the full source code of UPX is released under the GNU General Public
 | |
|       License (GPL) !
 | |
| 
 | |
| You probably understand now why we call B<UPX> the "I<ultimate>"
 | |
| executable packer.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 COMMANDS
 | |
| 
 | |
| =head2 Compress
 | |
| 
 | |
| This is the default operation, eg. B<upx yourfile.exe> will compress the file
 | |
| specified on the command line.
 | |
| 
 | |
| =head2 Decompress
 | |
| 
 | |
| All B<UPX> supported file formats can be unpacked using the B<-d> switch, eg.
 | |
| B<upx -d yourfile.exe> will uncompress the file you've just compressed.
 | |
| 
 | |
| =head2 Test
 | |
| 
 | |
| The B<-t> command tests the integrity of the compressed and uncompressed
 | |
| data, eg. B<upx -t yourfile.exe> check whether your file can be safely
 | |
| decompressed. Note, that this command doesn't check the whole file, only
 | |
| the part that will be uncompressed during program execution. This means
 | |
| that you should not use this command instead of a virus checker.
 | |
| 
 | |
| =head2 List
 | |
| 
 | |
| The B<-l> command prints out some information about the compressed files
 | |
| specified on the command line as parameters, eg B<upx -l yourfile.exe>
 | |
| shows the compressed / uncompressed size and the compression ratio of
 | |
| I<yourfile.exe>.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 OPTIONS
 | |
| 
 | |
| B<-q>: be quiet, suppress warnings
 | |
| 
 | |
| B<-q -q> (or B<-qq>): be very quiet, suppress errors
 | |
| 
 | |
| B<-q -q -q> (or B<-qqq>): produce no output at all
 | |
| 
 | |
| B<--help>: prints the help
 | |
| 
 | |
| B<--version>: print the version of B<UPX>
 | |
| 
 | |
| B<--exact>: when compressing, require to be able to get a byte-identical file
 | |
| after decompression with option B<-d>. [NOTE: this is work in progress and is
 | |
| not supported for all formats yet. If you do care, as a workaround you can
 | |
| compress and then decompress your program a first time - any further
 | |
| compress-decompress steps should then yield byte-identical results
 | |
| as compared to the first decompressed version.]
 | |
| 
 | |
| [ ...to be written... - type `B<upx --help>' for now ]
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 COMPRESSION LEVELS & TUNING
 | |
| 
 | |
| B<UPX> offers ten different compression levels from B<-1> to B<-9>,
 | |
| and B<--best>.  The default compression level is B<-8> for files
 | |
| smaller than 512 KiB, and B<-7> otherwise.
 | |
| 
 | |
| =over 4
 | |
| 
 | |
| =item *
 | |
| 
 | |
| Compression levels 1, 2 and 3 are pretty fast.
 | |
| 
 | |
| =item *
 | |
| 
 | |
| Compression levels 4, 5 and 6 achieve a good time/ratio performance.
 | |
| 
 | |
| =item *
 | |
| 
 | |
| Compression levels 7, 8 and 9 favor compression ratio over speed.
 | |
| 
 | |
| =item *
 | |
| 
 | |
| Compression level B<--best> may take a long time.
 | |
| 
 | |
| =back
 | |
| 
 | |
| Note that compression level B<--best> can be somewhat slow for large
 | |
| files, but you definitely should use it when releasing a final version
 | |
| of your program.
 | |
| 
 | |
| Quick info for achieving the best compression ratio:
 | |
| 
 | |
| =over 4
 | |
| 
 | |
| =item *
 | |
| 
 | |
| Try B<upx --brute myfile.exe> or even B<upx --ultra-brute myfile.exe>.
 | |
| 
 | |
| =item *
 | |
| 
 | |
| Try if B<--overlay=strip> works.
 | |
| 
 | |
| =item *
 | |
| 
 | |
| For win32/pe programs there's B<--strip-relocs=0>. See notes below.
 | |
| 
 | |
| =back
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 OVERLAY HANDLING OPTIONS
 | |
| 
 | |
| Info: An "overlay" means auxiliary data attached after the logical end of
 | |
| an executable, and it often contains application specific data
 | |
| (this is a common practice to avoid an extra data file, though
 | |
| it would be better to use resource sections).
 | |
| 
 | |
| B<UPX> handles overlays like many other executable packers do: it simply
 | |
| copies the overlay after the compressed image. This works with some
 | |
| files, but doesn't work with others, depending on how an application
 | |
| actually accesses this overlayed data.
 | |
| 
 | |
|   --overlay=copy    Copy any extra data attached to the file. [DEFAULT]
 | |
| 
 | |
|   --overlay=strip   Strip any overlay from the program instead of
 | |
|                     copying it. Be warned, this may make the compressed
 | |
|                     program crash or otherwise unusable.
 | |
| 
 | |
|   --overlay=skip    Refuse to compress any program which has an overlay.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 ENVIRONMENT
 | |
| 
 | |
| The environment variable B<UPX> can hold a set of default
 | |
| options for B<UPX>. These options are interpreted first and
 | |
| can be overwritten by explicit command line parameters.
 | |
| For example:
 | |
| 
 | |
|     for DOS/Windows:   set UPX=-9 --compress-icons#0
 | |
|     for sh/ksh/zsh:    UPX="-9 --compress-icons=0"; export UPX
 | |
|     for csh/tcsh:      setenv UPX "-9 --compress-icons=0"
 | |
| 
 | |
| Under DOS/Windows you must use '#' instead of '=' when setting the
 | |
| environment variable because of a COMMAND.COM limitation.
 | |
| 
 | |
| Not all of the options are valid in the environment variable -
 | |
| B<UPX> will tell you.
 | |
| 
 | |
| You can explicitly use the B<--no-env> option to ignore the
 | |
| environment variable.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 NOTES FOR THE SUPPORTED EXECUTABLE FORMATS
 | |
| 
 | |
| =head2 NOTES FOR ATARI/TOS
 | |
| 
 | |
| This is the executable format used by the Atari ST/TT, a Motorola 68000
 | |
| based personal computer which was popular in the late '80s. Support
 | |
| of this format is only because of nostalgic feelings of one of
 | |
| the authors and serves no practical purpose :-).
 | |
| See http://www.freemint.de for more info.
 | |
| 
 | |
| Packed programs will be byte-identical to the original after uncompression.
 | |
| All debug information will be stripped, though.
 | |
| 
 | |
| Extra options available for this executable format:
 | |
| 
 | |
|   --all-methods       Compress the program several times, using all
 | |
|                       available compression methods. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default method gives the best results anyway.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR BVMLINUZ/I386
 | |
| 
 | |
| Same as vmlinuz/i386.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR DOS/COM
 | |
| 
 | |
| Obviously B<UPX> won't work with executables that want to read data from
 | |
| themselves (like some commandline utilities that ship with Win95/98/ME).
 | |
| 
 | |
| Compressed programs only work on a 286+.
 | |
| 
 | |
| Packed programs will be byte-identical to the original after uncompression.
 | |
| 
 | |
| Maximum uncompressed size: ~65100 bytes.
 | |
| 
 | |
| Extra options available for this executable format:
 | |
| 
 | |
|   --8086              Create an executable that works on any 8086 CPU.
 | |
| 
 | |
|   --all-methods       Compress the program several times, using all
 | |
|                       available compression methods. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default method gives the best results anyway.
 | |
| 
 | |
|   --all-filters       Compress the program several times, using all
 | |
|                       available preprocessing filters. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default filter gives the best results anyway.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR DOS/EXE
 | |
| 
 | |
| dos/exe stands for all "normal" 16-bit DOS executables.
 | |
| 
 | |
| Obviously B<UPX> won't work with executables that want to read data from
 | |
| themselves (like some command line utilities that ship with Win95/98/ME).
 | |
| 
 | |
| Compressed programs only work on a 286+.
 | |
| 
 | |
| Extra options available for this executable format:
 | |
| 
 | |
|   --8086              Create an executable that works on any 8086 CPU.
 | |
| 
 | |
|   --no-reloc          Use no relocation records in the exe header.
 | |
| 
 | |
|   --all-methods       Compress the program several times, using all
 | |
|                       available compression methods. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default method gives the best results anyway.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR DOS/SYS
 | |
| 
 | |
| Compressed programs only work on a 286+.
 | |
| 
 | |
| Packed programs will be byte-identical to the original after uncompression.
 | |
| 
 | |
| Maximum uncompressed size: ~65350 bytes.
 | |
| 
 | |
| Extra options available for this executable format:
 | |
| 
 | |
|   --8086              Create an executable that works on any 8086 CPU.
 | |
| 
 | |
|   --all-methods       Compress the program several times, using all
 | |
|                       available compression methods. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default method gives the best results anyway.
 | |
| 
 | |
|   --all-filters       Compress the program several times, using all
 | |
|                       available preprocessing filters. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default filter gives the best results anyway.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR DJGPP2/COFF
 | |
| 
 | |
| First of all, it is recommended to use B<UPX> *instead* of B<strip>. strip has
 | |
| the very bad habit of replacing your stub with its own (outdated) version.
 | |
| Additionally B<UPX> corrects a bug/feature in strip v2.8.x: it
 | |
| will fix the 4 KiB alignment of the stub.
 | |
| 
 | |
| B<UPX> includes the full functionality of stubify. This means it will
 | |
| automatically stubify your COFF files. Use the option B<--coff> to
 | |
| disable this functionality (see below).
 | |
| 
 | |
| B<UPX> automatically handles Allegro packfiles.
 | |
| 
 | |
| The DLM format (a rather exotic shared library extension) is not supported.
 | |
| 
 | |
| Packed programs will be byte-identical to the original after uncompression.
 | |
| All debug information and trailing garbage will be stripped, though.
 | |
| 
 | |
| Extra options available for this executable format:
 | |
| 
 | |
|   --coff              Produce COFF output instead of EXE. By default
 | |
|                       UPX keeps your current stub.
 | |
| 
 | |
|   --all-methods       Compress the program several times, using all
 | |
|                       available compression methods. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default method gives the best results anyway.
 | |
| 
 | |
|   --all-filters       Compress the program several times, using all
 | |
|                       available preprocessing filters. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default filter gives the best results anyway.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR LINUX [general]
 | |
| 
 | |
| Introduction
 | |
| 
 | |
|   Linux/386 support in UPX consists of 3 different executable formats,
 | |
|   one optimized for ELF executables ("linux/elf386"), one optimized
 | |
|   for shell scripts ("linux/sh386"), and one generic format
 | |
|   ("linux/386").
 | |
| 
 | |
|   We will start with a general discussion first, but please
 | |
|   also read the relevant docs for each of the individual formats.
 | |
| 
 | |
|   Also, there is special support for bootable kernels - see the
 | |
|   description of the vmlinuz/386 format.
 | |
| 
 | |
| General user's overview
 | |
| 
 | |
|   Running a compressed executable program trades less space on a
 | |
|   ``permanent'' storage medium (such as a hard disk, floppy disk,
 | |
|   CD-ROM, flash memory, EPROM, etc.) for more space in one or more
 | |
|   ``temporary'' storage media (such as RAM, swap space, /tmp, etc.).
 | |
|   Running a compressed executable also requires some additional CPU
 | |
|   cycles to generate the compressed executable in the first place,
 | |
|   and to decompress it at each invocation.
 | |
| 
 | |
|   How much space is traded?  It depends on the executable, but many
 | |
|   programs save 30% to 50% of permanent disk space.  How much CPU
 | |
|   overhead is there?  Again, it depends on the executable, but
 | |
|   decompression speed generally is at least many megabytes per second,
 | |
|   and frequently is limited by the speed of the underlying disk
 | |
|   or network I/O.
 | |
| 
 | |
|   Depending on the statistics of usage and access, and the relative
 | |
|   speeds of CPU, RAM, swap space, /tmp, and file system storage, then
 | |
|   invoking and running a compressed executable can be faster than
 | |
|   directly running the corresponding uncompressed program.
 | |
|   The operating system might perform fewer expensive I/O operations
 | |
|   to invoke the compressed program.  Paging to or from swap space
 | |
|   or /tmp might be faster than paging from the general file system.
 | |
|   ``Medium-sized'' programs which access about 1/3 to 1/2 of their
 | |
|   stored program bytes can do particularly well with compression.
 | |
|   Small programs tend not to benefit as much because the absolute
 | |
|   savings is less.  Big programs tend not to benefit proportionally
 | |
|   because each invocation may use only a small fraction of the program,
 | |
|   yet UPX decompresses the entire program before invoking it.
 | |
|   But in environments where disk or flash memory storage is limited,
 | |
|   then compression may win anyway.
 | |
| 
 | |
|   Currently, executables compressed by UPX do not share RAM at runtime
 | |
|   in the way that executables mapped from a file system do.  As a
 | |
|   result, if the same program is run simultaneously by more than one
 | |
|   process, then using the compressed version will require more RAM and/or
 | |
|   swap space.  So, shell programs (bash, csh, etc.)  and ``make''
 | |
|   might not be good candidates for compression.
 | |
| 
 | |
|   UPX recognizes three executable formats for Linux: Linux/elf386,
 | |
|   Linux/sh386, and Linux/386.  Linux/386 is the most generic format;
 | |
|   it accommodates any file that can be executed.  At runtime, the UPX
 | |
|   decompression stub re-creates in /tmp a copy of the original file,
 | |
|   and then the copy is (re-)executed with the same arguments.
 | |
|   ELF binary executables prefer the Linux/elf386 format by default,
 | |
|   because UPX decompresses them directly into RAM, uses only one
 | |
|   exec, does not use space in /tmp, and does not use /proc.
 | |
|   Shell scripts where the underlying shell accepts a ``-c'' argument
 | |
|   can use the Linux/sh386 format.  UPX decompresses the shell script
 | |
|   into low memory, then maps the shell and passes the entire text of the
 | |
|   script as an argument with a leading ``-c''.
 | |
| 
 | |
| General benefits:
 | |
| 
 | |
|   - UPX can compress all executables, be it AOUT, ELF, libc4, libc5,
 | |
|     libc6, Shell/Perl/Python/... scripts, standalone Java .class
 | |
|     binaries, or whatever...
 | |
|     All scripts and programs will work just as before.
 | |
| 
 | |
|   - Compressed programs are completely self-contained. No need for
 | |
|     any external program.
 | |
| 
 | |
|   - UPX keeps your original program untouched. This means that
 | |
|     after decompression you will have a byte-identical version,
 | |
|     and you can use UPX as a file compressor just like gzip.
 | |
|     [ Note that UPX maintains a checksum of the file internally,
 | |
|       so it is indeed a reliable alternative. ]
 | |
| 
 | |
|   - As the stub only uses syscalls and isn't linked against libc it
 | |
|     should run under any Linux configuration that can run ELF
 | |
|     binaries.
 | |
| 
 | |
|   - For the same reason compressed executables should run under
 | |
|     FreeBSD and other systems which can run Linux binaries.
 | |
|     [ Please send feedback on this topic ]
 | |
| 
 | |
| General drawbacks:
 | |
| 
 | |
|   - It is not advisable to compress programs which usually have many
 | |
|     instances running (like `sh' or `make') because the common segments of
 | |
|     compressed programs won't be shared any longer between different
 | |
|     processes.
 | |
| 
 | |
|   - `ldd' and `size' won't show anything useful because all they
 | |
|     see is the statically linked stub.  Since version 0.82 the section
 | |
|     headers are stripped from the UPX stub and `size' doesn't even
 | |
|     recognize the file format.  The file patches/patch-elfcode.h has a
 | |
|     patch to fix this bug in `size' and other programs which use GNU BFD.
 | |
| 
 | |
| General notes:
 | |
| 
 | |
|   - As UPX leaves your original program untouched it is advantageous
 | |
|     to strip it before compression.
 | |
| 
 | |
|   - If you compress a script you will lose platform independence -
 | |
|     this could be a problem if you are using NFS mounted disks.
 | |
| 
 | |
|   - Compression of suid, guid and sticky-bit programs is rejected
 | |
|     because of possible security implications.
 | |
| 
 | |
|   - For the same reason there is no sense in making any compressed
 | |
|     program suid.
 | |
| 
 | |
|   - Obviously UPX won't work with executables that want to read data
 | |
|     from themselves. E.g., this might be a problem for Perl scripts
 | |
|     which access their __DATA__ lines.
 | |
| 
 | |
|   - In case of internal errors the stub will abort with exitcode 127.
 | |
|     Typical reasons for this to happen are that the program has somehow
 | |
|     been modified after compression.
 | |
|     Running `strace -o strace.log compressed_file' will tell you more.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR LINUX/ELF386
 | |
| 
 | |
| Please read the general Linux description first.
 | |
| 
 | |
| The linux/elf386 format decompresses directly into RAM,
 | |
| uses only one exec, does not use space in /tmp,
 | |
| and does not use /proc.
 | |
| 
 | |
| Linux/elf386 is automatically selected for Linux ELF executables.
 | |
| 
 | |
| Packed programs will be byte-identical to the original after uncompression.
 | |
| 
 | |
| How it works:
 | |
| 
 | |
|   For ELF executables, UPX decompresses directly to memory, simulating
 | |
|   the mapping that the operating system kernel uses during exec(),
 | |
|   including the PT_INTERP program interpreter (if any).
 | |
|   The brk() is set by a special PT_LOAD segment in the compressed
 | |
|   executable itself.  UPX then wipes the stack clean except for
 | |
|   arguments, environment variables, and Elf_auxv entries (this is
 | |
|   required by bugs in the startup code of /lib/ld-linux.so as of
 | |
|   May 2000), and transfers control to the program interpreter or
 | |
|   the e_entry address of the original executable.
 | |
| 
 | |
|   The UPX stub is about 1700 bytes long, partly written in assembler
 | |
|   and only uses kernel syscalls. It is not linked against any libc.
 | |
| 
 | |
| Specific drawbacks:
 | |
| 
 | |
|   - For linux/elf386 and linux/sh386 formats, you will be relying on
 | |
|     RAM and swap space to hold all of the decompressed program during
 | |
|     the lifetime of the process.  If you already use most of your swap
 | |
|     space, then you may run out.  A system that is "out of memory"
 | |
|     can become fragile.  Many programs do not react gracefully when
 | |
|     malloc() returns 0.  With newer Linux kernels, the kernel
 | |
|     may decide to kill some processes to regain memory, and you
 | |
|     may not like the kernel's choice of which to kill.  Running
 | |
|     /usr/bin/top is one way to check on the usage of swap space.
 | |
| 
 | |
| Extra options available for this executable format:
 | |
| 
 | |
|   (none)
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR LINUX/SH386
 | |
| 
 | |
| Please read the general Linux description first.
 | |
| 
 | |
| Shell scripts where the underling shell accepts a ``-c'' argument
 | |
| can use the Linux/sh386 format.  B<UPX> decompresses the shell script
 | |
| into low memory, then maps the shell and passes the entire text of the
 | |
| script as an argument with a leading ``-c''.
 | |
| It does not use space in /tmp, and does not use /proc.
 | |
| 
 | |
| Linux/sh386 is automatically selected for shell scripts that
 | |
| use a known shell.
 | |
| 
 | |
| Packed programs will be byte-identical to the original after uncompression.
 | |
| 
 | |
| How it works:
 | |
| 
 | |
|   For shell script executables (files beginning with "#!/" or "#! /")
 | |
|   where the shell is known to accept "-c <command>", UPX decompresses
 | |
|   the file into low memory, then maps the shell (and its PT_INTERP),
 | |
|   and passes control to the shell with the entire decompressed file
 | |
|   as the argument after "-c".  Known shells are sh, ash, bash, bsh, csh,
 | |
|   ksh, tcsh, pdksh.  Restriction: UPX cannot use this method
 | |
|   for shell scripts which use the one optional string argument after
 | |
|   the shell name in the script (example: "#! /bin/sh option3\n".)
 | |
| 
 | |
|   The UPX stub is about 1700 bytes long, partly written in assembler
 | |
|   and only uses kernel syscalls. It is not linked against any libc.
 | |
| 
 | |
| Specific drawbacks:
 | |
| 
 | |
|   - For linux/elf386 and linux/sh386 formats, you will be relying on
 | |
|     RAM and swap space to hold all of the decompressed program during
 | |
|     the lifetime of the process.  If you already use most of your swap
 | |
|     space, then you may run out.  A system that is "out of memory"
 | |
|     can become fragile.  Many programs do not react gracefully when
 | |
|     malloc() returns 0.  With newer Linux kernels, the kernel
 | |
|     may decide to kill some processes to regain memory, and you
 | |
|     may not like the kernel's choice of which to kill.  Running
 | |
|     /usr/bin/top is one way to check on the usage of swap space.
 | |
| 
 | |
| Extra options available for this executable format:
 | |
| 
 | |
|   (none)
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR LINUX/386
 | |
| 
 | |
| Please read the general Linux description first.
 | |
| 
 | |
| The generic linux/386 format decompresses to /tmp and needs
 | |
| /proc file system support. It starts the decompressed program
 | |
| via the execve() syscall.
 | |
| 
 | |
| Linux/386 is only selected if the specialized linux/elf386
 | |
| and linux/sh386 won't recognize a file.
 | |
| 
 | |
| Packed programs will be byte-identical to the original after uncompression.
 | |
| 
 | |
| How it works:
 | |
| 
 | |
|   For files which are not ELF and not a script for a known "-c" shell,
 | |
|   UPX uses kernel execve(), which first requires decompressing to a
 | |
|   temporary file in the file system.  Interestingly -
 | |
|   because of the good memory management of the Linux kernel - this
 | |
|   often does not introduce a noticeable delay, and in fact there
 | |
|   will be no disk access at all if you have enough free memory as
 | |
|   the entire process takes places within the file system buffers.
 | |
| 
 | |
|   A compressed executable consists of the UPX stub and an overlay
 | |
|   which contains the original program in a compressed form.
 | |
| 
 | |
|   The UPX stub is a statically linked ELF executable and does
 | |
|   the following at program startup:
 | |
| 
 | |
|     1) decompress the overlay to a temporary location in /tmp
 | |
|     2) open the temporary file for reading
 | |
|     3) try to delete the temporary file and start (execve)
 | |
|        the uncompressed program in /tmp using /proc/<pid>/fd/X as
 | |
|        attained by step 2)
 | |
|     4) if that fails, fork off a subprocess to clean up and
 | |
|        start the program in /tmp in the meantime
 | |
| 
 | |
|   The UPX stub is about 1700 bytes long, partly written in assembler
 | |
|   and only uses kernel syscalls. It is not linked against any libc.
 | |
| 
 | |
| Specific drawbacks:
 | |
| 
 | |
|   - You need additional free disk space for the uncompressed program
 | |
|     in your /tmp directory. This program is deleted immediately after
 | |
|     decompression, but you still need it for the full execution time
 | |
|     of the program.
 | |
| 
 | |
|   - You must have /proc file system support as the stub wants to open
 | |
|     /proc/<pid>/exe and needs /proc/<pid>/fd/X. This also means that you
 | |
|     cannot compress programs that are used during the boot sequence
 | |
|     before /proc is mounted.
 | |
| 
 | |
|   - Utilities like `top' will display numerical values in the process
 | |
|     name field. This is because Linux computes the process name from
 | |
|     the first argument of the last execve syscall (which is typically
 | |
|     something like /proc/<pid>/fd/3).
 | |
| 
 | |
|   - Because of temporary decompression to disk the decompression speed
 | |
|     is not as fast as with the other executable formats. Still, I can see
 | |
|     no noticeable delay when starting programs like my ~3 MiB emacs (which
 | |
|     is less than 1 MiB when compressed :-).
 | |
| 
 | |
| Extra options available for this executable format:
 | |
| 
 | |
|   --force-execve      Force the use of the generic linux/386 "execve"
 | |
|                       format, i.e. do not try the linux/elf386 and
 | |
|                       linux/sh386 formats.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR PS1/EXE
 | |
| 
 | |
| This is the executable format used by the Sony PlayStation (PSone),
 | |
| a Mips R3000 based gaming console which is popular since the late '90s.
 | |
| Support of this format is very similar to the Atari one, because of
 | |
| nostalgic feelings of one of the authors.
 | |
| 
 | |
| Packed programs will be byte-identical to the original after uncompression,
 | |
| until further notice.
 | |
| 
 | |
| Maximum uncompressed size: ~1.89 / ~7.60 MiB.
 | |
| 
 | |
| Notes:
 | |
| 
 | |
|   - UPX creates as default a suitable executable for CD-Mastering
 | |
|     and console transfer. For a CD-Master main executable you could also try
 | |
|     the special option "--boot-only" as described below.
 | |
|     It has been reported that upx packed executables are fully compatible with
 | |
|     the Sony PlayStation 2 (PS2, PStwo) and Sony PlayStation Portable (PSP) in
 | |
|     Sony PlayStation (PSone) emulation mode.
 | |
| 
 | |
|   - Normally the packed files use the same memory areas like the uncompressed
 | |
|     versions, so they will not override other memory areas while unpacking.
 | |
|     If this isn't possible UPX will abort showing a 'packed data overlap'
 | |
|     error. With the "--force" option UPX will relocate the loading address
 | |
|     for the packed file, but this isn't a real problem if it is a single or
 | |
|     the main executable.
 | |
| 
 | |
| Extra options available for this executable format:
 | |
| 
 | |
|   --all-methods       Compress the program several times, using all
 | |
|                       available compression methods. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default method gives the best results anyway.
 | |
| 
 | |
|   --8-bit             Uses 8 bit size compression [default: 32 bit]
 | |
| 
 | |
|   --8mib-ram          PSone has 8 MiB ram available [default: 2 MiB]
 | |
| 
 | |
|   --boot-only         This format is for main exes and CD-Mastering only !
 | |
|                       It may slightly improve the compression ratio,
 | |
|                       decompression routines are faster than default ones.
 | |
|                       But it cannot be used for console transfer !
 | |
| 
 | |
|   --no-align          This option disables CD mode 2 data sector format
 | |
|                       alignment. May slightly improves the compression ratio,
 | |
|                       but the compressed executable will not boot from a CD.
 | |
|                       Use it for console transfer only !
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR RTM32/PE and ARM/PE
 | |
| 
 | |
| Same as win32/pe.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR TMT/ADAM
 | |
| 
 | |
| This format is used by the TMT Pascal compiler - see http://www.tmt.com/ .
 | |
| 
 | |
| Extra options available for this executable format:
 | |
| 
 | |
|   --all-methods       Compress the program several times, using all
 | |
|                       available compression methods. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default method gives the best results anyway.
 | |
| 
 | |
|   --all-filters       Compress the program several times, using all
 | |
|                       available preprocessing filters. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default filter gives the best results anyway.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR VMLINUZ/386
 | |
| 
 | |
| The vmlinuz/386 and bvmlinuz/386 formats take a gzip-compressed
 | |
| bootable Linux kernel image ("vmlinuz", "zImage", "bzImage"),
 | |
| gzip-decompress it and re-compress it with the B<UPX> compression method.
 | |
| 
 | |
| vmlinuz/386 is completely unrelated to the other Linux executable
 | |
| formats, and it does not share any of their drawbacks.
 | |
| 
 | |
| Notes:
 | |
| 
 | |
|   - Be sure that "vmlinuz/386" or "bvmlinuz/386" is displayed
 | |
|   during compression - otherwise a wrong executable format
 | |
|   may have been used, and the kernel won't boot.
 | |
| 
 | |
| Benefits:
 | |
| 
 | |
|   - Better compression (but note that the kernel was already compressed,
 | |
|   so the improvement is not as large as with other formats).
 | |
|   Still, the bytes saved may be essential for special needs like
 | |
|   boot disks.
 | |
| 
 | |
|      For example, this is what I get for my 2.2.16 kernel:
 | |
|         1589708  vmlinux
 | |
|          641073  bzImage        [original]
 | |
|          560755  bzImage.upx    [compressed by "upx -9"]
 | |
| 
 | |
|   - Much faster decompression at kernel boot time (but kernel
 | |
|     decompression speed is not really an issue these days).
 | |
| 
 | |
| Drawbacks:
 | |
| 
 | |
|   (none)
 | |
| 
 | |
| Extra options available for this executable format:
 | |
| 
 | |
|   --all-methods       Compress the program several times, using all
 | |
|                       available compression methods. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default method gives the best results anyway.
 | |
| 
 | |
|   --all-filters       Compress the program several times, using all
 | |
|                       available preprocessing filters. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default filter gives the best results anyway.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR WATCOM/LE
 | |
| 
 | |
| B<UPX> has been successfully tested with the following extenders:
 | |
|   DOS4G, DOS4GW, PMODE/W, DOS32a, CauseWay.
 | |
|   The WDOS/X extender is partly supported (for details
 | |
|   see the file bugs BUGS).
 | |
| 
 | |
| DLLs and the LX format are not supported.
 | |
| 
 | |
| Extra options available for this executable format:
 | |
| 
 | |
|   --le                Produce an unbound LE output instead of
 | |
|                       keeping the current stub.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head2 NOTES FOR WIN32/PE
 | |
| 
 | |
| The PE support in B<UPX> is quite stable now, but probably there are
 | |
| still some incompatibilities with some files.
 | |
| 
 | |
| Because of the way B<UPX> (and other packers for this format) works, you
 | |
| can see increased memory usage of your compressed files because the whole
 | |
| program is loaded into memory at startup.
 | |
| If you start several instances of huge compressed programs you're
 | |
| wasting memory because the common segments of the program won't
 | |
| get shared across the instances.
 | |
| On the other hand if you're compressing only smaller programs, or
 | |
| running only one instance of larger programs, then this penalty is
 | |
| smaller, but it's still there.
 | |
| 
 | |
| If you're running executables from network, then compressed programs
 | |
| will load faster, and require less bandwidth during execution.
 | |
| 
 | |
| DLLs are supported. But UPX compressed DLLs can not share common data and
 | |
| code when they got used by multiple applications. So compressing msvcrt.dll
 | |
| is a waste of memory, but compressing the dll plugins of a particular
 | |
| application may be a better idea.
 | |
| 
 | |
| Screensavers are supported, with the restriction that the filename
 | |
| must end with ".scr" (as screensavers are handled slightly different
 | |
| than normal exe files).
 | |
| 
 | |
| UPX compressed PE files have some minor memory overhead (usually in the
 | |
| 10 - 30 KiB range) which can be seen by specifying the "-i" command
 | |
| line switch during compression.
 | |
| 
 | |
| Extra options available for this executable format:
 | |
| 
 | |
|  --compress-exports=0 Don't compress the export section.
 | |
|                       Use this if you plan to run the compressed
 | |
|                       program under Wine.
 | |
|  --compress-exports=1 Compress the export section. [DEFAULT]
 | |
|                       Compression of the export section can improve the
 | |
|                       compression ratio quite a bit but may not work
 | |
|                       with all programs (like winword.exe).
 | |
|                       UPX never compresses the export section of a DLL
 | |
|                       regardless of this option.
 | |
| 
 | |
|   --compress-icons=0  Don't compress any icons.
 | |
|   --compress-icons=1  Compress all but the first icon.
 | |
|   --compress-icons=2  Compress all icons which are not in the
 | |
|                       first icon directory. [DEFAULT]
 | |
|   --compress-icons=3  Compress all icons.
 | |
| 
 | |
|   --compress-resources=0  Don't compress any resources at all.
 | |
| 
 | |
|   --keep-resource=list Don't compress resources specified by the list.
 | |
|                       The members of the list are separated by commas.
 | |
|                       A list member has the following format: I<type[/name]>.
 | |
|                       I<Type> is the type of the resource. Standard types
 | |
|                       must be specified as decimal numbers, user types can be
 | |
|                       specified by decimal IDs or strings. I<Name> is the
 | |
|                       identifier of the resource. It can be a decimal number
 | |
|                       or a string. For example:
 | |
| 
 | |
|                       --keep-resource=2/MYBITMAP,5,6/12345
 | |
| 
 | |
|                       UPX won't compress the named bitmap resource "MYBITMAP",
 | |
|                       it leaves every dialog (5) resource uncompressed, and
 | |
|                       it won't touch the string table resource with identifier
 | |
|                       12345.
 | |
| 
 | |
|   --force             Force compression even when there is an
 | |
|                       unexpected value in a header field.
 | |
|                       Use with care.
 | |
| 
 | |
|   --strip-relocs=0    Don't strip relocation records.
 | |
|   --strip-relocs=1    Strip relocation records. [DEFAULT]
 | |
|                       This option only works on executables with base
 | |
|                       address greater or equal to 0x400000. Usually the
 | |
|                       compressed files becomes smaller, but some files
 | |
|                       may become larger. Note that the resulting file will
 | |
|                       not work under Windows 3.x (Win32s).
 | |
|                       UPX never strips relocations from a DLL
 | |
|                       regardless of this option.
 | |
| 
 | |
|   --all-methods       Compress the program several times, using all
 | |
|                       available compression methods. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default method gives the best results anyway.
 | |
| 
 | |
|   --all-filters       Compress the program several times, using all
 | |
|                       available preprocessing filters. This may improve
 | |
|                       the compression ratio in some cases, but usually
 | |
|                       the default filter gives the best results anyway.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 DIAGNOSTICS
 | |
| 
 | |
| Exit status is normally 0; if an error occurs, exit status
 | |
| is 1. If a warning occurs, exit status is 2.
 | |
| 
 | |
| B<UPX>'s diagnostics are intended to be self-explanatory.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 BUGS
 | |
| 
 | |
| Please report all bugs immediately to the authors.
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 AUTHORS
 | |
| 
 | |
|  Markus F.X.J. Oberhumer <markus@oberhumer.com>
 | |
|  http://www.oberhumer.com
 | |
| 
 | |
|  Laszlo Molnar <ezerotven+github@gmail.com>
 | |
| 
 | |
|  John F. Reiser <jreiser@BitWagon.com>
 | |
| 
 | |
|  Jens Medoch <jssg@users.sourceforge.net>
 | |
| 
 | |
| 
 | |
| 
 | |
| =head1 COPYRIGHT
 | |
| 
 | |
| Copyright (C) 1996-2021 Markus Franz Xaver Johannes Oberhumer
 | |
| 
 | |
| Copyright (C) 1996-2021 Laszlo Molnar
 | |
| 
 | |
| Copyright (C) 2000-2021 John F. Reiser
 | |
| 
 | |
| Copyright (C) 2002-2021 Jens Medoch
 | |
| 
 | |
| This program may be used freely, and you are welcome to
 | |
| redistribute it under certain conditions.
 | |
| 
 | |
| This program is distributed in the hope that it will be useful,
 | |
| but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
| B<UPX License Agreement> for more details.
 | |
| 
 | |
| You should have received a copy of the UPX License Agreement along
 | |
| with this program; see the file LICENSE. If not, visit the UPX home page.
 | |
| 
 | 
