UPX competitor

[Surfer]

Need advice, google doesn't help me in this question.

My opinion
1) Freeware: Upack
2) Shareware: PECompact
Aspack is totally crap.

Criteria: PE, compression ratio close to upx, fast decompression to RAM.

[Black_Fox]

Better check first if anti-virus software still lists anything packed with Upack as trojan.

[roytam1]

Better check first if anti-virus software still lists anything packed with Upack as trojan.

It does for Avira.

[Surfer]

Better check first if anti-virus software still lists anything packed with Upack as trojan.

Yep )
PECompact.
WinUpack.
Aspack.

[Surfer]

Strange results
No code has to be inserted here.

Can't test "Hard" modes now, because my netbook is so sloooow.
Original file http://rghost.net/1983020

Petite 2.3 with -9 still in progress, more than 2 hours %)

* Reading : C:\rToW\bin\rtorrent.exe
WARNING: there are 1299875 extra bytes attached to this file. They will be strip
ped from the file created by Petite, and it MAY NOT WORK.
Compressing :
1598424

[Shelwien]

May be better to strip that overlay from the test exe.

[chornobyl]

4692387 rtorrentUPXbestLZMA.exe

upx --best --lzma 1.exe

http://rghost.net/1985475

[Surfer]

Shelwien
How to do this ?
chornobyl
With which parameters ?

[Bulat Ziganshin]

--best doesn't use lzma. for the best compression one should use --lzma --best

[Shelwien]

> How to do this ?

For example, one possibility is compressing with
upx -1 --overlay=strip
then decompressing, and using the result for further testing

[roytam1]

Strip it first. GCC bundles debug symbols into the executable.

Code:

21/02/2010  04:36        43,829,155 rtorrent.exe
>strip rtorrent.exe
26/06/2010  11:55         2,609,152 rtorrent.exe

>\progra~1\univer~1\bin\upx --best --lzma rtorrent.exe
                       Ultimate Packer for eXecutables
                          Copyright (C) 1996 - 2010
UPX 3.05w       Markus Oberhumer, Laszlo Molnar & John Reiser   Apr 27th 2010

        File size         Ratio      Format      Name
   --------------------   ------   -----------   -----------
   2609152 ->    647168   24.80%    win32/pe     rtorrent.exe

Packed 1 file.

[Surfer]

Strip it first.

Thanks, TDM-GCC is great http://rghost.net/1989647

No code has to be inserted here.

Can somebody test UPX with additional --ultra-brute and petite23 ?

[Vacon]

Hello everyone,

Thanks, TDM-GCC is great http://rghost.net/1989647
[...]
Can somebody test UPX with additional --ultra-brute and petite23 ?

Yes, I can -> Athlon XP 1700+, WinXP, SP3, 1,25 GB Ram

UPX 3.05w Markus Oberhumer, Laszlo Molnar & John Reiser Apr 27th 2010

File size Ratio Format Name
-------------------- ------ ----------- -----------
2609152 -> 638464 24.47% win32/pe rtorrent-upx.exe

Packed 1 file.

Petite 2.3 default (with level set to -9 *s*l*o*w* as hell... I interrupted it after 1,5 hours ):

petite -ortorrent-petite.exe rtorrent.exe
Petite 2.3 - Copyright (c) 1998-2005 Ian Luck. All rights reserved.
---------------------------------------> see PETITE.TXT for details
* Reading : rtorrent.exe
Compressing :
.text : 2431932 -> 803700 (33.0%)
.data : 169385 -> 41562 (24.5%)
.idata : 7113 -> 1996 (28.1%)
Writing : rtorrent-petite.exe 2609152 -> 854938 (32.8%)

Best regards!

[Surfer]

10x Vacon
Table updated.
Petite seems like... hmm, can't compare it with something

[Bulat Ziganshin]

kkrunchy?

[Surfer]

No code has to be inserted here.
But any kkrunched file can't be runned

[Skymmer]

Try test versions of kkrunchy at http://www.farbrausch.de/~fg/kkrunchy/test/
But they use modified PAQ algo so they're completely symmetric. Also you can run UPX with

Code:

for %%m in (32 64 96 128 160 192 224 256 273) do (for %%n in (0 1 2 3 4 5 6 7 8) do (start "%%n" /B /WAIT "upx.exe" --force --lzma --best --crp-ms=999999 --crp-lzma-ds=67108864 --crp-lzma-fb=%%m --crp-lzma-lc=%%n --compress-exports=1 --strip-relocs=1 -o ".\ENUM\%%m_%%n.exe" Test.exe))

You can even try to enumerate other LZMA parameters with
crp-lzma-lp
crp-lzma-pb

[Surfer]

But they use modified PAQ algo so they're completely symmetric.

10x for explanation, this isn't interesting for me. Only fast decompression.

for %%m in (32 64 96 128 160 192 224 256 273) do (for %%n in (0 1 2 3 4 5 6 7 do (start "%%n" /B /WAIT "upx.exe" --force --lzma --best --crp-ms=999999 --crp-lzma-ds=67108864 --crp-lzma-fb=%%m --crp-lzma-lc=%%n --compress-exports=1 --strip-relocs=1 -o ".\ENUM\%%m_%%n.exe" Test.exe))

This cmd have error

[Bulat Ziganshin]

But any kkrunched file can't be runned

just wait a few hours...

[Skymmer]

This cmd have error

I suppose you need to create ENUM subdirectory in upx.exe dir first.

[Surfer]

I suppose you need to create ENUM subdirectory in upx.exe dir first.

Smallest file is 96_8.exe - 641536 bytes.
Anyway it is bigger, than --best --lzma --ultra-brute - 638464 bytes.

[Skymmer]

Well, --ultra-brute also applies different filters. You can try --all-filters or manully use --filter but I don't know exact syntax and accepted values.

[Skymmer]

636 416 with UPX.

[Surfer]

636 416 with UPX.

--all-filters --best --lzma ?

[Surfer]

MPRESS is a free, high-performance executable packer for PE32/PE32+/.NET/MAC-DARWIN executable formats!

MPRESS makes programs and libraries smaller, and decrease start time when the application loaded from a slow removable media or from the network. It uses in-place decompression technique, which allows to decompress the executable without memory overhead or other drawbacks; it also protects programs against reverse engineering by non-professional hackers. Programs compressed with MPRESS run exactly as before, with no runtime performance penalties.
MPRESS is absolutely free of charge software.
MPRESS uses own LZMAT - extremely fast data compression library.
Version 2.00 of the MATCODE Compressor has been released on 21st March 2009, now MPRESS has an optional LZMA compression.
in March 2011 Mr. DonDD has created and published his MPRESS GUI, see link below.

Features:

Advanced compression of .NET executable files (anyCPU,x86,AMD64,IA64 EXE)
Support for MS Framework 1.1/2.0/3.0/4.0
Does not require .NET Framework to be installed
Advanced compression of PE32/PE32+ (AMD64) executable files (EXE, DLL, OCX, etc.)
Optional LZMA compression
In-place decompression
Static TLS support
Support for mac-darwin-i386, mac-darwin-x86_64 and mac-darwin-ub applications
Very fast decompression: ~210 MB/sec on an AMD 2500+
Strip sensitive information (relocation, debug information, exceptions, etc.)
Compression of program code, data, and resources
Completely transparent, self-contained operation with UNICODE support
Command line interface allows to use MPRESS from a batch or from a make file
Full Windows 9x/NT/2000/XP/2003/Vista/2008 compatibility

http://www.matcode.com/mpress.htm

[Skymmer]

The design is obviously stollen from UPX. But its not a problem. The problem is that author of mpress is clearly the school-boy with high ambitions. I can judge it by his posts at cracklab.ru forum. You can see it for yourself.
http://cracklab.ru/f/index.php?actio...=3&topic=11443

[Surfer]

MPRESS's compression ratio in most situations better, than UPX --brute mode. Also it takes few comression time.

The problem is that author of mpress is clearly the school-boy with high ambitions. I can judge it by his posts at cracklab.ru forum. You can see it for yourself.
http://cracklab.ru/f/index.php?actio...=3&topic=11443

http://pastebin.com/W1VGHEgc

[Surfer]

Del

[encode]

The packer make use of its own compression algorithm, similar to LZ78, but faster and with no input data size limits.

This kid is far from compression world. If the compression is the same as in his LZMAT, then it's poorly designed byte-aligned LZ77.

[load]

MPRESS 2.19 got released.

BTW: author writes himself: LZMAT. It's very similar to well known LZ77, but has some advantages.

anyway, i like it. can compress a lot of executables... x86, x64, .NET, Mac... Ok, no DOS.

v2.19
- bugfix: support x64 on Windows 8


v2.18
- support for .NET Framework v4.0
- support for .NET x64
- bugfix: possible deadlock on the overloaded computer

v2.17
- new option -r to not compress resources
- bugfix: in processing of relocations

v2.15
- bugfix: compressed TYPELIB and REGISTRY resources of ActiveX components
- bugfix: crash on empty import directory entry

v2.12
- bugfix: crash when Open GL with some ATI adapters
- added compression filter for 32-bit and 64-bit DLLs