HN Gopher Feed (2017-10-12) - page 2 of 10 ___________________________________________________________________
UPX - Ultimate Packer for Executables
64 points by jsnathan
https://upx.github.io/___________________________________________________________________
ComputerGuru - 56 minutes ago
mpress is an even better, more modern alternative:
http://www.matcode.com/mpress.htmWe used to compress all our
binaries (desktop software developers), but fighting false
positives from antivirus vendors became an endless nightmare. We
just gave up and stopped using binary compressors entirely.
bruno2223 - 2 hours ago
UPX was also good to protect the code, not only for compacting:1. I
used UPX to compact my Delphi EXE file.2. Then I openned up any
HEXA editor3. looked for "UPX" string and changed to "222x"Doing
this, the UPX unpack tool didn't work and crackers could not easily
see or edit my source code with Assembly (as UPX mess with
everything!)Thanks UPX :-)
slezyr - 2 hours ago
That's interesting. The UPX string is most likely a name of
section in PE file. It's first UPX string you will find in the
file.How did UPX loader managed to find the section in which
packed content is stored?UPD. It's REALLY easy to "hack" this
protection. You simply need to attach a debugger and you will see
unprotected exe file in the memory. There are tools to convert
loaded unprotected exe file into regular exe file on the disk.
So... No one really tried to hack you. Sorry.
bruno2223 - 2 hours ago
I dunno know. But this method worked for years!
slezyr - 2 hours ago
See my update. You could only stop kids, who tried to use UPX
unpackers.
bruno2223 - 2 hours ago
Nice to know!Well, It was another protection layer for,
like you sad, to keep bad kids away.This was 10 years ago
already.
[deleted]
steeve - 2 hours ago
UPX still works great when used with Go executables.We use it
heavily to compress some of our Docker image executables [1].[1]
https://github.com/znly/docker-protobuf/blob/master/Dockerfi...
slezyr - 2 hours ago
It should work on almost every binary.The exception are NSIS
installers, self-extracting archives (exe rar files), files with
IDL interfaces.When NSIS starts they will try to open it's own
exe file and find the section in which it's packed data is
stored. But UPX will remove those sections and create .UPX
section with compressed data.
jacobush - 12 minutes ago
Hmm, works for me tho
justinfrankel - 2 hours ago
You can actually set NSIS to UPX-pack its stub, if you're so
inclined, but the stub is pretty small already.
slezyr - 2 hours ago
This isn't what I meant. If you try to run UPX on someones
NSIS installer the resulting file will fail to launch.
kronos29296 - 1 hours ago
When I first found upx I did this a couple of times only to
fail pretty badly and then I stopped doing it. This was
like 7-8 years ago when I first tried the portable
version. Never found the cause till today.
leeoniya - 2 hours ago
also http://www.farbrausch.de/~fg/kkrunchy/and related
https://news.ycombinator.com/item?id=7739599
mp3geek - 1 hours ago
Reminds me of the ol'Amiga days with Imploder compressor
spapas82 - 3 hours ago
I used it to compress a Lazarus (open source Delphi clone)
executable. The results were great (executable size reduced by more
than 50%, iirc from 2 mb to around 800 kB).Offering a sub MB
executable in the era of 100 MB electron apps is totally pioneer :)
hannob - 3 hours ago
Surprised this still exists.A little walk down memory lane: I once
ran the exe mailing list for exe packers and protection tools.
There was a whole scene of people in the 90s writing such tools and
writing unpackers and removal tools for such things. UPX was one of
the later ones that still existed when most of this scene vanished.
kichik - 3 hours ago
Exists and maintained. They even keep adding support for more
formats. That's pretty amazing after almost 20 years.
mitchty - 3 hours ago
I use it for static binaries I use where I don't care about
startup times being slower.You'd be suprised at how much of an
elf binary is all 0's.
vetinari - 2 hours ago
Compressing them this way however makes situation worse for
memory manager.If you use uncompressed (or transparently
compressed by the filesystem) binary, your process has mmaped
the memory pages, which can be discarded and then reloaded,
as needed.If you use self-extractor, your process has dirty
pages that it itself wrote, that cannot be discarded, but
must be moved to swap if needed.The more you use the same
executable for multiple processes, the worse the effect is.
The ro mmaped pages are shared among them all, the written
pages are private to each process.
yason - 3 hours ago
How large are those binaries?I would be surprised to see
practical performance degradation in uncompressing executable
code before jumping to the program on today's machine. The
largest binary in my /usr/bin/ is 50 megabytes. On the other
hand, for very, very large binaries it's probably faster to
decompress in memory rather than load all the bits from
disk.Further, most executables aren't static these days. (I
often wish they were, though!). What type of binaries have
you got, and are they really so big that it's worth the
hassle to compress them just to save disk space?Just
interested.
mitchty - 3 hours ago
50MiB to 6MiBThe binaries are mostly stuff like pandoc and
compiled statically so that I can run them anywhere.
Nothing too special.Its not technically needed, but it
makes network transfer faster and in general thats good
enough. Its not really intended to reduce disk space
really, just more a way to make things more manageable.
lwerdna - 3 hours ago
I think some of that still exists, but the goal is to to evade
anti-virus instead of compressing and deterring
RE:https://hackforums.net/forumdisplay.php?fid=299
kondor6c - 3 hours ago
Yes, this was my first experience with this piece of software.
You can pretty clearly tell that it is from UPX by examining
the file in a hex editor.I still have the malicious file on VM
for me to do some analysis on it later. (if anyone would like
it, feel free to contact me) edit: added the contact me
0x4a42 - 3 hours ago
Modern DRMs and protectors are based on the same
concept(s)/protector(s) as the exes packers from the nineties.
andrewstuart2 - 3 hours ago
Not only does it exist, but it's insanely good at packing go
static binaries. I don't remember the compression ratio, but I
think it's something like 20% of the original size.
pmoriarty - 3 hours ago
I used to use this a lot, back in the bad old days, when drive
space was at a premium.These days I struggle to fill my hard drives
no matter how wasteful I am with downloading videos and not
bothering to clean up afterwards... and the amount of hard drive
space you can buy per dollar keeps growing faster than I can fill
my disks.Much trickier issues to tackle are speed (unless you go
with SSD's, but then you run in to space issues again, and
reliability issues), backups, and data integrity. All of these
issues are made much harder by the sheer amounts of data we're
storing these days. Executables usually account for only a
relatively small fraction of that space.
kronos29296 - 1 hours ago
I think upx is more useful for static binaries like that of
Haskell applications which is kinda huge. (GHC produces huge
binaries - eg. pandoc or ghc-mod). A 100 something mb binary is
not what you usually have. UPX can work its magic stuff like
that. More manageable not necessarily essential but when you need
it you need it badly.
DaiPlusPlus - 1 hours ago
Is there a reason the Haskell compiler can't trim-out code it
knows won't be used? Or is there another reason for the large
size?
tome - 55 minutes ago
The word on the street is that it's not unused code but
rather aggressively inlined code.
kccqzy - 4 minutes ago
That?s called split sections and it?s enabled by default in
GHC 8.2.1. The main reason is aggressively inlined code
compiled slightly differently.
WesBrownSQL - 1 hours ago
I use UPX to compress my go binaries totally awesome to trim down
their size and still have no issues with execution.
modeless - 1 hours ago
Warning: although UPX is awesome, be wary of using it to distribute
software to a wide audience as it seems to trigger false positives
in some antivirus software.
beagle3 - 1 hours ago
People who compress their go binaries (or any other binaries,
really) - please be aware that thus doing, you stop the OS from
being able to page out your executable (rarely a big loss), and
also to be unable to share executable pages (not a huge loss for a
2MB executable, a huge loss for a 100MB executable).If there's only
one copy of a program running, it won't matter - but if you are
running hundreds of copies (even docerized and stuff), you are
likely better off NOT upxing.