Executable compression

Source: Wikipedia, the free encyclopedia.
"POPCOM" redirects here. For the music fair, see Popkomm.

Executable compression is any means of

polymorphic packers" and "obfuscating tools
".

A compressed executable can be considered a self-extracting archive, where a compressed executable is packaged along with the relevant decompression code in an executable file. Some compressed executables can be decompressed to reconstruct the original program file without being directly executed. Two programs that can be used to do this are CUP386 and UNP.[citation needed]

Most compressed executables decompress the original code in memory and most require slightly more memory to run (because they need to store the decompressor code, the compressed data and the decompressed code). Moreover, some compressed executables have additional requirements, such as those that write the decompressed executable to the file system before executing it.

Executable compression is not limited to binary executables, but can also be applied to scripts, such as

functions with shorter versions and/or removing white-space
.

Advantages and disadvantages

DVD-ROM, or floppy disk), or to reduce the time and bandwidth customers require to access software distributed via the Internet
.

Executable compression is also frequently used to deter

disassembly, mask string literals
and modify signatures. Although this does not eliminate the chance of reverse engineering, it can make the process more costly.

A compressed executable requires less storage space in the file system, thus less time to transfer data from the file system into memory. On the other hand, it requires some time to decompress the data before execution begins. However, the speed of various storage media has not kept up with average processor speeds, so the storage is very often the bottleneck. Thus the compressed executable will load faster on most common systems. On modern desktop computers, this is rarely noticeable unless the executable is unusually big, so loading speed is not a primary reason for or against compressing an executable.

On operating systems which page executable images on demand from the disk, compressed executables make this process less efficient. The decompressor stub allocates a block of memory to hold the decompressed data, which stays allocated as long as the executable stays loaded, whether it is used or not, competing for memory resources with other applications all along. If the operating system uses a swap file, the decompressed data has to be written to it to free up the memory instead of simply discarding unused data blocks and reloading them from the executable image if needed again. This is usually not noticeable, but it becomes a problem when an executable is loaded more than once at the same time—the operating system cannot reuse data blocks it has already loaded, the data has to be decompressed into a new memory block, and will be swapped out independently if not used. The additional storage and time requirements mean that it has to be weighed carefully whether to compress executables which are typically run more than once at the same time.

Another disadvantage is that some utilities can no longer identify

statically linked
extractor stub is visible.

Also, some older

IEEE Industry Connections Security Group has introduced a software taggant
system.

Executable compression used to be more popular when computers were limited to the storage capacity of

64k intro
. Only very sophisticated compression formats, which add to load time, keep an executable small enough to enter these competitions.

List of executable packers

CP/M and MSX-DOS executable

Known executable compressors for

.COM files
:

MS-DOS executable

Known executable compressors for

.EXE
):

  • Realia Spacemaker (since 1982, written by
    Robert B. K. Dewar, SM.COM, signature "MEMORY$")[2][3][4][5][6][7][8][9]
  • Microsoft EXEPACK (since 1985, written by Reuben Borman, EXEPACK.EXE, LINK.EXE /E[XEPACK], signature "RB")[9][5][4][10]
  • LZEXE (since 1989, written by Fabrice Bellard, LZEXE.EXE)[11][12]
  • PKWare PKLite (since 1990, written by Phil Katz, PKLITE.EXE)[12][13]
  • DIET (since 1991, written by Teddy Matsumoto, DIET.EXE)[12]
  • TINYPROG (TINYPROG.EXE)
  • RJS Software RJCRUSH (since 1994, written by Roland Skinner, RJCRUSH.EXE)
  • XPA (since 1995, written by JauMing Tseng, XPA.EXE)
  • Ibsen Software aPACK (since 1997, written by Jørgen Ibsen, APACK.EXE)
  • UPX (since 1998, written by Markus F. X. J. Oberhumer and László Molnár)
  • 32LiTE (since 1998, written by Oleg Prokhorov, 32LITE.EXE)
  • Knowledge Dynamics LZW Compressor[14]
  • WWpack (since 1994, written by Piotr Warezak and Rafal Wierzbicki, WWPACK.EXE)
  • 624 (only for .COM files smaller than 25 KB, uses LZW)
  • AINEXE
  • AvPack
  • ComPAck
  • HASP Envelope
  • LGLZ
  • PMWLITE
  • ProPack
  • UCEXE
  • WDOSX
  • XE
  • XPack

OS/2 executable

Known executable compressors under OS/2:

  • NeLite
  • LxLite

New Executable

Known executable compressors for New Executables:

  • PackWin
  • PKWare PKLite (from version 2.01)
  • WinLite

Portable Executable

Known executable compressors for Portable Executables:

Note: Clients in purple are no longer in development.

Name Latest stable Software license x86-64 support
32Lite
Alienyze 1.4 (17 August 2020 (2020-08-17)) Proprietary No
ANDpakk2
Armadillo 9.62 (7 June 2013 (2013-06-07)) Proprietary Yes
ASPack 2.40 (7 December 2018 (2018-12-07)) Proprietary Yes
ASPR (ASProtect) 2.78 (7 December 2018 (2018-12-07)) Proprietary Yes
BeRoEXEPacker
BIN-crypter
BoxedApp Packer 3.3 (26 July 2015 (2015-07-26)) Proprietary Yes
CExe 1.0b (20 July 2001 (2001-07-20))
GPL
 No
Crinkler 2.3 (22 July 2020 (2020-07-22)) Zlib Yes
dotBundle 1.3 (4 April 2013 (2013-04-04))[15] Proprietary Yes
Enigma Protector 6.60 (21 August 2019 (2019-08-21))[16] Proprietary Yes
Enigma Virtual Box 9.40 (10 October 2019 (2019-10-10))[16] Proprietary Yes
exe32pack
EXE Bundle 3.11 (7 January 2011 (2011-01-07))[17] Proprietary ?
EXECryptor
EXE Stealth 4.14 (29 June 2011 (2011-06-29))[17] Proprietary ?
eXPressor 1.8.0.1 (14 January 2010 (2010-01-14)) Proprietary ?
FSG 2.0 (24 May 2004 (2004-05-24))[18] Freeware No
kkrunchy src 0.23a4 (Unknown) Public domain No
MEW 1.1 (Unknown) Freeware No
MPRESS 2.19 (2 January 2012 (2012-01-02)) Freeware Yes
MuCruncher
NeoLite
NsPack
Obsidium 1.6 (11 April 2017 (2017-04-11))[19] Proprietary Yes
PECompact
PEPack
PESpin 1.33 (3 May 2011 (2011-05-03)) Freeware Yes
Petite 2.4 (22 September 2016 (2016-09-22)) Freeware No
PKLite32
RLPack Basic 1.21 (31 October 2008 (2008-10-31))
GPL
 No
Shrinker32
Smart Packer Pro X 2.0.0.1 (3 June 2019 (2019-06-03)) Proprietary Yes
Themida/WinLicense 3.0 (24 October 2019 (2019-10-24)) Proprietary Yes
Upack
UPX 3.96 (23 January 2020 (2020-01-23))
GPL
 experimental
VMProtect 3.4 (3 August 2019 (2019-08-03)) Proprietary Yes
WWPack32 1.20 (19 June 2000 (2000-06-19)) No
XComp/XPack 0.98 (18 February 2007 (2007-02-18)) Freeware No
Yoda's Crypte
YZPack

ELF files

Known executable compressors for ELF files:

  • gzexe (uses a shell script stub and gzip, works on most Unix-like systems)
  • HASP Envelope
  • UPX
  • 624 (for Linux/386)[20]

CLI assembly files

Known executable compressors for CLI assembly files:

  • .NETZ
  • NsPack
  • Mpress
  • HASP Envelope
  • dotBundle
  • Exepack.NET
  • DotProtect:[21] Commercial protector/packer for .net and mono. Features on-line verifications and "industry standard encryption".

Mac OS Classic applications

Executable compressors for

Mac OS Classic
applications:

  • Application VISE[22]
  • StuffIt InstallerMaker

Mach-O (Apple Mac OS X) files

Known executable compressors for Mach-O (Apple Mac OS X) files:

  • HASP Envelope
  • UPX
  • VMProtect

Commodore 64 and VIC-20

Known executable compressors for executables on the Commodore 64 and VIC-20:

Amiga

Known executable compressors for executables on the Amiga series:

Java

Known executable compressors for Java:

JAR files:

  • HASP Envelope
  • pack200
  • ProGuard

WAR
files:

  • HASP Envelope

JavaScript

There are two types of compression that can be applied to JavaScript scripts:

  • Reduce the redundancy in the script (by removing comments, white space and shorten variable and functions names). This does not alter the behavior of the script.
  • Compress the original script and create a new script that contains decompression code and compressed data. This is similar to binary executable compression.

Self-decompressing compressors

These compress the original script and output a new script that has a decompressor and compressed data.

  • JsSfx
  • Packify

Redundancy reducing compressors

These remove white space, remove comments, and shorten variable and function names but do not alter the behavior of the script.

  • Packer
  • YUI compressor
  • Shrinksafe
  • JSMin

See also

References

  1. ^ Gielen, Pierre; Taylor, Johnathan (1997) [1993]. Logan, Wolverine (ed.). "PMarc help manual". Archived from the original on 2019-04-22. Retrieved 2019-02-22. […] PMEXE.CPM […] is a module […] in combination with PMARC […] used to make executable compressed COM files (just like LZEXE or PKLITE […] type: PMARC <archive>.COM=PMEXE2.CPM <filename> [options] The archive-name must be .COM […] not .PMA. The output file will have the extension .CPM. It's an MSX-DOS COM file […] rename file […] to run it […]
  2. R.B.K. Dewar
    (1982–1983), 8088 assembly language, 8,000 lines […]
  3. Ziff-Davis Publishing: 417. Archived
    from the original on 2019-04-22. Retrieved 2019-04-22.
  4. ^
    Dewar, Robert Berriedale Keith (1984-03-13). "DOS 3.1 ASMB (Another Silly Microsoft Bug)". [email protected]. Archived
    from the original on 2018-05-01. Retrieved 2019-04-23. […] The /E option of the linker should generate an EXE file which is logically equivalent to the uncompressed EXE file. The current version […] results in AX being clobbered. AX on entry to an EXE file has a definite meaning (it indicates drive validity for the parameters), thus it should be passed through to the uncompressed image. Given this one very obvious violation of the interface rules, there may be others, I have not bothered to investigate further […] I did write the Realia SpaceMaker program which does a similar sort of thing to the EXEPACK option (but needless to say does not have this particular […]
  5. ^ a b Paul, Matthias R. (2002-10-07) [2000]. "Re: masm .com (PSP) related trouble". Newsgroupalt.lang.asm. Archived from the original on 2017-09-03. Retrieved 2017-09-03.}
  6. ^ Necasek, Michal (2018-04-30). "Realia SpaceMaker". OS/2 Museum. Archived from the original on 2019-01-27. Retrieved 2019-02-22.
  7. ^ Parsons, Jeff (2019-01-10). "An Update on Early Norton Utilities". PCjs. Archived from the original on 2019-01-29. Retrieved 2019-02-22.
  8. ^ Necasek, Michal (2019-01-12). "Yep, Norton Did It". OS/2 Museum. Archived from the original on 2019-04-22. Retrieved 2019-04-22.
  9. ^ a b Necasek, Michal (2018-03-23). "EXEPACK and the A20-Gate". OS/2 Museum. Archived from the original on 2018-11-13. Retrieved 2019-04-20.
  10. ^ Miles, Ya'akov; Nather, Ed (1986-05-17) [1986-02-05, 1986-02-09]. "Undocumented Microsoft LINK option: /E". INFO-IBMPC mailing list. Archived from the original on 2018-05-01. Retrieved 2019-04-26. [Miles:] There exists an undocumented […] switch to Microsoft LINK.EXE […], which will cause an automatic compaction during binding. This process will eliminate storage for uninitialized arrays from the .EXE file produced by the linker […] To use this feature, specify the /E option to the command line […] [Nather:] The option does not exist in MS Link versions 3.00 and 3.01 [Miles:] By comparing the sizes of the (packed) files generated from LINK ver 3.02 and the /E option with the size of the .EXE file manually packed with […] EXEPACK, I have come to the conclusion that LINK ver 3.02 option /E generates EXACTLY the same size file as manually running EXEPACK on a regular .EXE file output by LINK […]
  11. ^ Bellard, Fabrice (2003-02-09). "LZEXE home page". bellard.org. Archived from the original on 2019-03-24. Retrieved 2019-03-18.
  12. ^
    S2CID 35889155
    . Retrieved 2019-04-26.
  13. ^ Paul, Matthias R. (2002-04-11). "Re: [fd-dev] ANNOUNCE: CuteMouse 2.0 alpha 1". freedos-dev. Archived from the original on 2020-02-21. Retrieved 2020-02-21. […] > no one packer may pack combos like .SYS+.COM or .SYS+.EXE. […] There are packers for .COM or .EXE and others for .SYS, but I too have not seen a packer which supports both in one. […] possibility to combine a program/TSR and device driver in .EXE files […] and a program/TSR.COM and device driver into a .COM program […] It might also be possible to add another self-made stub to the file, after it has already been compressed […] all the compressed DR-DOS device drivers use a similar technique to let the normal PKLITE .COM decompressor work with .SYS files (meanwhile PKLITE supports a similar feature for .SYS files itself). […] (NB. PKLITE 1.50 (1995) and higher gained the capability to compress device drivers, but not combined COM+SYS drivers.)
  14. ^ "Google Code Archive - Long-term storage for Google Code Project Hosting".
  15. ^ "DotBundle - Download an evaluation version". Archived from the original on 2013-08-21. Retrieved 2013-05-06.
  16. ^ a b "Software Protection, Software Licensing, Software Virtualization".
  17. ^ a b "WebtoolMaster Software News".
  18. ^ "Archived copy". www.xtreeme.prv.pl. Archived from the original on 2004-05-25. Retrieved 2022-01-15.{{cite web}}: CS1 maint: archived copy as title (link)
  19. ^ "Download | Obsidium Software Protection System".
  20. ^ "624".
  21. ^ DotProtect http://site.yvansoftware.be/dotpacker1_0 Archived 22 January 2011 at the Wayback Machine
  22. ^ Kiene, Steve; Mark, Dave (1999). "A Chat With Steve Kiene". MacTech. Vol. 15, no. 4. Retrieved 2017-12-10.
  23. ^ "Lossless Data Compression Program: Hybrid LZ77 RLE". www.cs.tut.fi. Archived from the original on 2014-07-30. Retrieved 2022-01-15.
  24. ^ web.comhem.se/~u13114991/exo/
  25. ^ "ByteBoozer (PC)".
  26. ^ a b c "Crunchers to download".
  27. ^ "Askeksa/Shrinkler". GitHub. 2021-09-25.
  28. ^ "PackFire v1.2k by Neural".
Retrieved from "https://en.wikipedia.org/w/index.php?title=Executable_compression&oldid=1209133415"