Executable compression

From Just Solve the File Format Problem
(Difference between revisions)
Jump to: navigation, search
(List of formats)
(List of formats)
 
(21 intermediate revisions by 2 users not shown)
Line 11: Line 11:
 
Executable compression frequently involves techniques, such as self-modifying code, that are also used by '''viruses''' and other malware. Compounding the problem, a compressed executable can't be properly scanned by anti-malware software unless it knows how to decompress it.
 
Executable compression frequently involves techniques, such as self-modifying code, that are also used by '''viruses''' and other malware. Compounding the problem, a compressed executable can't be properly scanned by anti-malware software unless it knows how to decompress it.
  
Don't be surprised if your anti-malware software thinks some compressed executable files look suspicious. Research into this topic should be considered '''NSFW'''.
+
Don't be surprised if your anti-malware software thinks some compressed executable files, and related tools, look suspicious. Research into this topic should be considered '''NSFW'''.
  
 
== List of formats ==
 
== List of formats ==
Line 18: Line 18:
 
* AINEXE - See [[AIN#AINEXE]]
 
* AINEXE - See [[AIN#AINEXE]]
 
* [[aPACK]]
 
* [[aPACK]]
* [[APK]]
 
 
* [[ASPack]]
 
* [[ASPack]]
* [[AVPACK]] (Andrei Volkov)
+
* [[AVPACK]]
 
* [[AXE (executable compression)|AXE]]
 
* [[AXE (executable compression)|AXE]]
 +
* [[CauseWay Compressor]]
 +
* [[CC (UniHackers)]]
 
* [[COMPACK]]
 
* [[COMPACK]]
 +
* [[Compact (Klaus Peichl)]]
 +
* [[ComprEXE]]
 +
* [[Cruncher]]
 
* [[DIET (compression)|DIET]]
 
* [[DIET (compression)|DIET]]
 +
* [[DJP]]
 +
* [[EPACK (executable compression)|EPACK]]
 +
* [[ExeLITE]] (a.k.a. ELITE)
 
* [[EXEPACK]]
 
* [[EXEPACK]]
 +
* [[EXEPACK2]]
 
* [[ICE (executable compression)|ICE]]
 
* [[ICE (executable compression)|ICE]]
 
* [[JAM (executable compression)|JAM]]
 
* [[JAM (executable compression)|JAM]]
 
* [[The JAM Packer|JAM Packer, The]]
 
* [[The JAM Packer|JAM Packer, The]]
 +
* [[LEXEM]]
 +
* [[LGLZ]]
 
* [[LZEXE]]
 
* [[LZEXE]]
 +
* [[MEGALITE]]
 +
* [[PACK (NoddegamrA)]]
 +
* [[PACK (TurboPower)]]
 +
* [[PACKWIN]]
 +
* [[PAKEXE]]
 
* [[PECompact]]
 
* [[PECompact]]
 
* [[Petite]]
 
* [[Petite]]
* [[PGMPak]] (Todor Todorov)
+
* [[PGMPAK]]
 
* [[PKLITE]]
 
* [[PKLITE]]
 
* [[PKLITE32]]
 
* [[PKLITE32]]
 +
* [[Pksmart]]
 +
* [[PKTINY]]
 +
* [[PMexe]]
 +
* [[PopCom!]]
 
* [[Pro-Pack|PRO-PACK]]
 
* [[Pro-Pack|PRO-PACK]]
 +
* [[Realia Spacemaker]]
 +
* [[RJCRUSH]]
 
* [[SCRNCH]]
 
* [[SCRNCH]]
 
* [[SHRINK (executable compression)|SHRINK]]
 
* [[SHRINK (executable compression)|SHRINK]]
 
* [[TINYPROG]]
 
* [[TINYPROG]]
 +
* [[T-PACK]]
 
* UCEXE - See [[UltraCompressor II#UCEXE]]
 
* UCEXE - See [[UltraCompressor II#UCEXE]]
 
* [[UPX]]
 
* [[UPX]]
 
* [[WWPACK]]
 
* [[WWPACK]]
 +
* [[WWPack32]]
 
* [[XPACK]]
 
* [[XPACK]]
 
* [[X-pack for Executable‎]]
 
* [[X-pack for Executable‎]]
Line 48: Line 71:
 
* {{OldskoolDOSEXE}} → Executable Tools Pack → packers/, unpackers/
 
* {{OldskoolDOSEXE}} → Executable Tools Pack → packers/, unpackers/
 
* [{{CdTextfilesURL|pdos9606/ARCHIVER/EXECOMP/}}] - A collection of some compression and decompression utilities for DOS
 
* [{{CdTextfilesURL|pdos9606/ARCHIVER/EXECOMP/}}] - A collection of some compression and decompression utilities for DOS
 +
 +
=== Decompression software ===
 +
Some multi-format executable decompression utilities are listed here. They generally only run on the same platform as the files they decompress.
 +
 +
* UNP - [{{SACFTPURL|pack|unp411.zip}} v4.11] · [{{SACFTPURL|pack|unp412b.zip}} 4.12β] · [https://bencastricum.nl/unp/ website] - For DOS, source code available
 +
* [{{SACFTPURL|pack|tron130.zip}} Tron] - For DOS
 +
* [{{SACFTPURL|pack|ucfcup34.zip}} CUP386] - For DOS
 +
* [{{SACFTPURL|pack|i034.zip}} iCEuNP] by JauMing Tseng & Christoph Gabler - For DOS, source code included
 +
* [{{SACFTPURL|pack|unexe.zip}} UNEXE] by Frolov Andrey Leonidovich - For DOS
 +
* [{{SACFTPURL|pack|teu182.lzh}} TEU]
 +
* {{CdTextfiles|simtel/simtel0101/simtel/execomp/gtr184.zip|GTR}}
  
 
== See also ==
 
== See also ==
 
* [[Archiving#Self-extracting archives]]
 
* [[Archiving#Self-extracting archives]]
 +
* [[Executable envelopes]]
  
 
== Links ==
 
== Links ==

Latest revision as of 11:43, 22 March 2024

File Format
Name Executable compression
Ontology

Executable compression takes an executable file, and makes it smaller, without changing its functionality. One way to do that is to compress the file and bundle it with a small decompression routine, which decompresses the file, in memory, every time it is executed.

It is usually possible to identify a particular kind of compressed executable as such, and decompress it to its original form. Another possibility is to let the program decompress itself, then try to capture it in memory. However, some developers have used various tricks to try to make these things difficult.

Contents

[edit] Security information

Executable compression frequently involves techniques, such as self-modifying code, that are also used by viruses and other malware. Compounding the problem, a compressed executable can't be properly scanned by anti-malware software unless it knows how to decompress it.

Don't be surprised if your anti-malware software thinks some compressed executable files, and related tools, look suspicious. Research into this topic should be considered NSFW.

[edit] List of formats

[edit] Software

[edit] Decompression software

Some multi-format executable decompression utilities are listed here. They generally only run on the same platform as the files they decompress.

  • UNP - v4.11 · 4.12β · website - For DOS, source code available
  • Tron - For DOS
  • CUP386 - For DOS
  • iCEuNP by JauMing Tseng & Christoph Gabler - For DOS, source code included
  • UNEXE by Frolov Andrey Leonidovich - For DOS
  • TEU
  • GTR

[edit] See also

[edit] Links

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox