Upx File Is Modified/hacked/protected
I've used before to reduce the size of my Windows executables, but I must admit that I am naive to any negative side effects this could have. What's the downside to all of this packing/unpacking?Are there scenarios in which anyone would recommend NOT UPX-ing an executable (e.g. When writing a DLL, Windows Service, or when targeting Vista or Win7)? I write most of my code in Delphi, but I've used UPX to compress C/C executables as well.On a side note, I'm not running UPX in some attempt to protect my exe from disassemblers, only to reduce the size of the executable and prevent cursory tampering.
The reason is there are downsides tousing EXE compressors. Most notably:Upon startup of a compressed EXE/DLL, all of the code isdecompressed from the disk image intomemory in one pass, which can causedisk thrashing if the system is low onmemory and is forced to access theswap file. In contrast, withuncompressed EXE/DLLs, the OSallocates memory for code pages ondemand (i.e. When they are executed).Multiple instances of a compressed EXE/DLL create multipleinstances of the code in memory. Ifyou have a compressed EXE thatcontains 1 MB of code (beforecompression) and the user starts 5instances of it, approximately 4 MB ofmemory is wasted.
Likewise, if youhave a DLL that is 1 MB and it is usedby 5 running applications,approximately 4 MB of memory iswasted. With uncompressed EXE/DLLs,code is only stored in memory once andis shared between instances.
Vietcong 2 cz tpb. Www.nosteam.ro- If you like and enjoy nosTEAM free games tell all your friends about nosteam.ro- To avoid download unwanted files set your browser to ASK every time where to save files!!- You have 'class not registered' error after install a nosTEAM patch or game: Install Firefox as Default internet browser- You have crc error when install a nosTEAM game: Stop torrent, Re-Check files then start torrent to complete download.- www.nosteam.ro is a Games forum and isn't hosting any kind of files.
Not all software is in a situation where VM page sharing between multiple-instances is an issue though, and some compressors allow skipping of shared sections. PECompact skips them by default, for instance. Also, concerning 'all the memory being loaded', that is true, but that memory will be paged back out if unused and needed elsewhere. In some situations it creates faster loads because the storage medium (usually HDD) overhead is lower and everything gets loaded 'at once' and is 'already there'.
So, there are exceptions, and to each his own. DISCLAIMER: I am the author of PECompact.–Nov 26 '10 at 3:36.
Jeremy: Shared sections are not so much the problem as the actual code sections. Code is normally memory mapped read-execute, which means that if you launch 10 programs, they will all use the same, identical phsyical memory pages, and the physical data is only loaded from disk once. The OS can also discard pages that contain code which has never been called if it runs low on memory, knowing that it can always trivially reload them from the image. None of that is the case with code that came from an exe packer, the respective pages must be backed by the swap file.–Mar 2 '11 at 1:35. There are three drawbacks:.
The whole code will be fully uncompressed in virtual memory, while in a regular EXE or DLL, only the code actually used is loaded in memory. This is especially relevant if only a small portion of the code in your EXE/DLL is used at each run.
If there are multiple instances of your DLL and EXE running, their code can't be shared across the instances, so you'll be using more memory. If your EXE/DLL is already in cache, or on a very fast storage medium, or if the CPU you're running on is slow, you will experience reduced startup speed as decompression will still have to take place, and you won't benefit from the reduced size. The only time size matters is during download off the Internet. If you are using UPX then you actually get worse performance than if you use (based on my testing 7-Zip is twice as good as UPX). Then when it is actually left compressed on the target computer your performance is decreased (see Lars' answer). So UPX is not a good solution for file size. Just 7zip the whole thing.As far as to prevent tampering, it is a FAIL as well.
Unpacking Upx Python
UPX supports decompressing too. If someone wants to modify the EXE then they will see it is compress with UPX and then uncompress it. The percentage of possible crackers you might slow down does not justify the effort and performance loss.A better solution would be to use binary signing or at least just a hash. A simple hash verification system is to take a hash of your binary and a secret value (usually a guid).
Only your EXE knows the secret value, so when it recalculates the hash for verification it can use it again. This isn't perfect (the secret value can be retrieved). The ideal situation would be to use a certificate and a signature. If your only interest is in decreasing the size of the executables, then have you tried comparing the size of the executable with and without runtime packages?
How To Unpack A File Using Upx
Granted you will have to also include the sizes of the packages overall along with your executable, but if you have multiple executables which use the same base packages, then your savings would be rather high.Another thing to look at would be the graphics/glyphs you use in your program. You can save quite a bit of space by consolidating them to a single Timagelist included in a global data module rather than have them repeated on each form.
I believe each image is stored in the form resource as hex, so that would mean that each byte takes up two bytes.you can shrink this a bit by loading the image from a RCData resource using a TResourceStream.