Menu
I Have been trying out different EXE packers recently. I tried out ASPack, UPX, mPress etc.. While trying out half a dozen packers, i observed that most of the packed EXE's can trigger false virus signatures. Even UPX is no exception. Still, my choice is UPX. Can anybody, please, suggest me what is the best possible compression / packing method available in UPX.?
I am quite satisfied with UPX --lzma myEXE.eXE still, would love to hear for you people on this. I am not comfortable with UPX --ultra --brute myEXE.EXE since it eats up hours to do the trick.
277
The winner by pure compression is 7z, which isn't surprising to us. We've seen 7z come on the top of file compression benchmarks time and time again. If you want to compress something to use as little space as possible, you should definitely use 7z.
7Z format provides even better compression at cost of slower speed than rar, but decompression is as fast as for zip and rar, making 7Z an excellent choice for content distribution case of use, where both reducing the content size as much as possible and allowing fast extraction are desired qualities.
upx yourfile.exe will compress the file specified on the command line. All UPX supported file formats can be unpacked using the -d switch, eg. upx -d yourfile.exe will uncompress the file you've just compressed. The -t command tests the integrity of the compressed and uncompressed data, eg.
UPX is an advanced executable file compressor. UPX will typically reduce the file size of programs and DLLs by around 50%-70%, thus reducing disk space, network load times, download times etc. The current version can compress executables for DOS, Linux/ELF (i386, amd64, ppc32) and some other files for different OS.
I used UPX a lot, and there was not a big difference between the versions.
The latest --lzma setting produces very good results, and --ultra --brute is indeed not worth the time spent. At best, 1% of better compression rate... you should better subsample your internal bitmaps or refactorize the code.
But, especially with Delphi applications, I do not use UPX any more. You spoke about anti-virus software false positive, and it is a huge problem. For instance, it sounds like if some "cheap" anti-virus software introduced very simple (and false) heuristic patterns, like "UPX+Delphi=potential malware" or "Delphi+size<300KB=potential malware".
If you try to submit such executable files to http://virustotal.com, you'll find out that about 8% of the anti-virus engines are doing such wrong guess.
I've seen some of my web sites flagged as "malware URI", because of this. I've seen some customers complaining about my deliveries to be infecting their computers. Not worth it.
To reduce the executable size, I therefore rely rather:
115
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
