Executable compression

Quality 0.50 · 0 views · Updated 2 months ago

Means of compressing an executable file

title: "Executable compression" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["exe-packers"] description: "Means of compressing an executable file" topic_path: "general/exe-packers" source: "https://en.wikipedia.org/wiki/Executable_compression" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0

::summary Means of compressing an executable file ::

Executable compression is any means of compressing an executable file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recreates the original code from the compressed code before executing it. In most cases this happens transparently so the compressed executable can be used in exactly the same way as the original. Executable compressors are often referred to as executable packers, runtime packers, software packers, software protectors, or even "polymorphic packers" and "obfuscating tools".

A compressed executable can be considered a self-extracting archive, where a compressed executable is packaged along with the relevant decompression code in an executable file. Some compressed executables can be decompressed to reconstruct the original program file without being directly executed. Two programs that can be used to do this are CUP386 and UNP.

Most compressed executables decompress the original code in memory and most require slightly more memory to run (because they need to store the decompressor code, the compressed data and the decompressed code). Moreover, some compressed executables have additional requirements, such as those that write the decompressed executable to the file system before executing it.

Executable compression is not limited to binary executables, but can also be applied to scripts, such as JavaScript. Because most scripting languages are designed to work on human-readable code, which has a high redundancy, compression can be very effective and as simple as replacing long names used to identify variables and functions with shorter versions and/or removing white-space.

Advantages and disadvantages

Software distributors use executable compression for a variety of reasons, primarily to reduce the secondary storage requirements of their software; as executable compressors are specifically designed to compress executable code, they often achieve better compression ratio than standard data compression facilities such as gzip, zip or bzip2 . This allows software distributors to stay within the constraints of their chosen distribution media (such as CD-ROM, DVD-ROM, or floppy disk), or to reduce the time and bandwidth customers require to access software distributed via the Internet.

Executable compression is also frequently used to deter reverse engineering or to obfuscate the contents of the executable (for example, to hide the presence of malware from antivirus scanners) by proprietary methods of compression and/or added encryption. Executable compression can be used to prevent direct disassembly, mask string literals and modify signatures. Although this does not eliminate the chance of reverse engineering, it can make the process more costly.

A compressed executable requires less storage space in the file system, thus less time to transfer data from the file system into memory. On the other hand, it requires some time to decompress the data before execution begins. However, the speed of various storage media has not kept up with average processor speeds, so the storage is very often the bottleneck. Thus the compressed executable will load faster on most common systems. On modern desktop computers, this is rarely noticeable unless the executable is unusually big, so loading speed is not a primary reason for or against compressing an executable.

On operating systems which page executable images on demand from the disk, compressed executables make this process less efficient. The decompressor stub allocates a block of memory to hold the decompressed data, which stays allocated as long as the executable stays loaded, whether it is used or not, competing for memory resources with other applications all along. If the operating system uses a swap file, the decompressed data has to be written to it to free up the memory instead of simply discarding unused data blocks and reloading them from the executable image if needed again. This is usually not noticeable, but it becomes a problem when an executable is loaded more than once at the same time—the operating system cannot reuse data blocks it has already loaded, the data has to be decompressed into a new memory block, and will be swapped out independently if not used. The additional storage and time requirements mean that it has to be weighed carefully whether to compress executables which are typically run more than once at the same time.

Another disadvantage is that some utilities can no longer identify run-time library dependencies, as only the statically linked extractor stub is visible.

Also, some older virus scanners simply report all compressed executables as viruses because the decompressor stubs share some characteristics with those. Most modern virus scanners can unpack several different executable compression layers to check the actual executable inside, but some popular anti-virus and anti-malware scanners have had troubles with false positive alarms on compressed executables. In an attempt to solve the problem of malware obfuscated with the help of runtime packers the IEEE Industry Connections Security Group has introduced a software taggant system.

Executable compression used to be more popular when computers were limited to the storage capacity of floppy disks, which were both slow and low capacity media, and small hard drives; it allowed the computer to store more software in the same amount of space, without the inconvenience of having to manually unpack an archive file every time the user wanted to use the software. However, executable compression has become less popular because of increased storage capacity on computers. It has its use in the demoscene where demos have to stay within a size limit, e.g. 64k intro. Only very sophisticated compression formats, which add to load time, keep an executable small enough to enter these competitions.

List of executable packers

{{anchor|PMEXE|PMSFX|POPCOM}}CP/M and MSX-DOS executable

Known executable compressors for CP/M-80 / MSX-DOS .COM files:

  • PMexe (since 1990, written by Yoshihiko Mino, PMARC.COM+PMEXE.CPM, signature "-pms-")
  • PopCom! (since 1992, written by Yoshihiko Mino, POPCOM.COM, signature "-pc1-")

{{anchor|SM|EXEPACK|LZEXE|PKLITE|DIET|TINYPROG|RJCRUSH|APACK|32LITE|WWPACK}}MS-DOS executable

Known executable compressors for MS-DOS-compatible executable files (.COM or .EXE):

  • Realia Spacemaker (since 1982, written by Robert B. K. Dewar, SM.COM, signature "MEMORY$")
  • Microsoft EXEPACK (since 1985, written by Reuben Borman, EXEPACK.EXE, LINK.EXE /E[XEPACK], signature "RB")
  • LZEXE (since 1989, written by Fabrice Bellard, LZEXE.EXE)
  • PKWare PKLite (since 1990, written by Phil Katz, PKLITE.EXE)
  • DIET (since 1991, written by Teddy Matsumoto, DIET.EXE)
  • TINYPROG (TINYPROG.EXE)
  • RJS Software RJCRUSH (since 1994, written by Roland Skinner, RJCRUSH.EXE)
  • XPA (since 1995, written by JauMing Tseng, XPA.EXE)
  • Ibsen Software aPACK (since 1997, written by Jørgen Ibsen, APACK.EXE)
  • UPX (since 1998, written by Markus F. X. J. Oberhumer and László Molnár)
  • 32LiTE (since 1998, written by Oleg Prokhorov, 32LITE.EXE)
  • Knowledge Dynamics LZW Compressor
  • WWpack (since 1994, written by Piotr Warezak and Rafal Wierzbicki, WWPACK.EXE)
  • 624 (only for .COM files smaller than 25 KB, uses LZW)
  • AINEXE
  • AvPack
  • ComPAck
  • HASP Envelope
  • LGLZ
  • PMWLITE
  • ProPack
  • UCEXE
  • WDOSX
  • XE
  • XPack

OS/2 executable

Known executable compressors under OS/2:

  • NeLite
  • LxLite

New Executable

Known executable compressors for New Executables:

  • PackWin
  • PKWare PKLite (from version 2.01)
  • WinLite

Portable Executable

Known executable compressors for Portable Executables:

Note: Clients in purple are no longer in development. ::data[format=table] | Name | Latest stable | Software license | x86-64 support | |32Lite | |Alienyze | |ANDpakk2 | |Armadillo | |ASPack | |ASPR (ASProtect) | |BeRoEXEPacker | |BIN-crypter | |BoxedApp Packer | |CExe | |Crinkler | |dotBundle | |Enigma Protector | |Enigma Virtual Box | |exe32pack | |EXE Bundle | |EXECryptor | |EXE Stealth | |eXPressor | |FSG | |kkrunchy src | |MEW | |MPRESS | |MuCruncher | |NeoLite | |NsPack | |Obsidium | |PECompact | |PEPack | |PESpin | |Petite | |PKLite32 | |RLPack Basic | |Shrinker32 | |Smart Packer Pro X | |Themida/WinLicense | |Upack | |UPX | |VMProtect | |WWPack32 | |XComp/XPack | |Yoda's Crypte | |YZPack | |---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.4 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 9.62 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2.40 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2.78 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 3.3 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.0b () | GPL | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2.3 () | Zlib | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.3 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 6.60 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 9.40 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 3.11 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 4.14 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.8.0.1 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2.0 () | Freeware | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 0.23a4 (Unknown) | Public domain | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.1 (Unknown) | Freeware | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2.19 () | Freeware | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.6 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.33 () | Freeware | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2.4 () | Freeware | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.21 () | GPL | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2.0.0.1 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 3.2.5.0 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 5.0.1 () | GPL | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 3.4 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.20 () | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 0.98 () | Freeware | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ::

ELF files

Known executable compressors for ELF files:

  • gzexe (uses a shell script stub and gzip, works on most Unix-like systems)
  • HASP Envelope
  • UPX
  • 624 (for Linux/386)

CLI assembly files

Known executable compressors for CLI assembly files:

  • .NETZ
  • NsPack
  • Mpress
  • HASP Envelope
  • dotBundle
  • Exepack.NET
  • DotProtect: Commercial protector/packer for .net and mono. Features on-line verifications and "industry standard encryption".

Mac OS Classic applications

Executable compressors for Mac OS Classic applications:

  • Application VISE
  • StuffIt InstallerMaker

Mach-O (Apple Mac OS X) files

Known executable compressors for Mach-O (Apple Mac OS X) files:

  • HASP Envelope
  • UPX
  • VMProtect

Commodore 64 and VIC-20

Known executable compressors for executables on the Commodore 64 and VIC-20:

  • PuCrunch
  • Exomizer
  • ByteBoozer

Amiga

Known executable compressors for executables on the Amiga series:

  • powerpacker
  • Titanics cruncher
  • imploder
  • TNM cruncher
  • Shrinkler
  • PackFire

Java

Known executable compressors for Java:

JAR files:

WAR files:

  • HASP Envelope

JavaScript

There are two types of compression that can be applied to JavaScript scripts:

  • Reduce the redundancy in the script (by removing comments, white space and shorten variable and functions names). This does not alter the behavior of the script.
  • Compress the original script and create a new script that contains decompression code and compressed data. This is similar to binary executable compression.

Self-decompressing compressors

These compress the original script and output a new script that has a decompressor and compressed data.

  • JsSfx
  • Packify

Redundancy reducing compressors

Main article: Minification (programming)

These remove white space, remove comments, and shorten variable and function names but do not alter the behavior of the script.

p. 32. quote: "YUI Compressor is ... is one of the most popular JavaScript minifier tools" Nicholas C. Zakas "Professional JavaScript for Web Developers". 2011. p. 768-769. quote: "Crunchers: An important part of the JavaScript build process ... JSMin ... Dojo ShrinkSafe ... and ... YUI compressor ..."

References

|author-first1=Ya'akov |author-last1=Miles |author-first2=Ed |author-last2=Nather |date=1986-05-17 |orig-year=1986-02-05, 1986-02-09 |work=INFO-IBMPC mailing list |url=https://people.dsv.su.se/~jpalme/qzkom/ibmpc-8605-000511.html |access-date=2019-04-26 |url-status=live |archive-url=https://web.archive.org/web/20180501183936/https://people.dsv.su.se/~jpalme/qzkom/ibmpc-8605-000511.html |archive-date=2018-05-01 |quote=[Miles:] There exists an undocumented […] switch to Microsoft LINK.EXE […], which will cause an automatic compaction during binding. This process will eliminate storage for uninitialized arrays from the .EXE file produced by the linker […] To use this feature, specify the /E option to the command line […] [Nather:] The option does not exist in MS Link versions 3.00 and 3.01 [Miles:] By comparing the sizes of the (packed) files generated from LINK ver 3.02 and the /E option with the size of the .EXE file manually packed with […] EXEPACK, I have come to the conclusion that LINK ver 3.02 option /E generates EXACTLY the same size file as manually running EXEPACK on a regular .EXE file output by LINK […]}}

References

  1. (1997). "PMarc help manual".
  2. "Cambridge University Press et al v. Patton et al, Filing 124, Supplemental Initial Disclosures by Cambridge University Press, Oxford University Press, Inc., Sage Publications, Inc. - Cambridge University Press, Oxfort University Press, Inc., and Sage Publications, Inc. v. Mark P. Becker, Georgia State University President, et al, Civil Action No. 1:08-CV-1425-ODE". United States District Court For The Northern District Of Georgia, Atlanta Division.
  3. Realia, Inc.. (January 1983). "If you use DOS, you need this program.". [[Ziff-Davis Publishing]].
  4. (1984-03-13). "DOS 3.1 ASMB (Another Silly Microsoft Bug)". info-ibmpc@USC-ISIB.ARPA.
  5. (2018-04-30). "Realia SpaceMaker". OS/2 Museum.
  6. (2019-01-10). "An Update on Early Norton Utilities". PCjs.
  7. (2019-01-12). "Yep, Norton Did It". OS/2 Museum.
  8. (2018-03-23). "EXEPACK and the A20-Gate". OS/2 Museum.
  9. (2002-10-07). ["Re: masm .com (PSP) related trouble"](https://groups.google.com/d/msg/alt.lang.asm/PNOd9zfYow0/vXbab16j4XwJ).
  10. (2002-04-11). "Re: [fd-dev] ANNOUNCE: CuteMouse 2.0 alpha 1". freedos-dev.
  11. (2003-02-09). "LZEXE home page".
  12. (2000). "Data Compression: The Complete Reference". [[Springer-Verlag]].
  13. "DotBundle - Download an evaluation version".
  14. "Software Protection, Software Licensing, Software Virtualization".
  15. "WebtoolMaster Software News".
  16. "Archived copy".
  17. "Download | Obsidium Software Protection System".
  18. DotProtect http://site.yvansoftware.be/dotpacker1_0 {{Webarchive. link. (22 January 2011)
  19. (1999). "A Chat With Steve Kiene".
  20. "Google Code Archive - Long-term storage for Google Code Project Hosting".
  21. "624".
  22. "Lossless Data Compression Program: Hybrid LZ77 RLE".
  23. "ByteBoozer (PC)".
  24. "Crunchers to download".
  25. web.comhem.se/~u13114991/exo/
  26. (25 September 2021). "Askeksa/Shrinkler".
  27. "PackFire v1.2k by Neural".

::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::

exe-packers