Jump to content

UPX Compress/Decompress Issue!


BTJB

Recommended Posts

I found that UPX leads to hard output modification! If you compress first and then decompress, the output file is not the same as it was before! It is now strong fragmented with modifications and with new additional data bytes. Is it disadvantage? Let me know please. It seems many crackers did similar change by re-compiling with such tools and the result is horrible! What is the point of UPX? Is it OK to return the app back to uncompressed?

  • Like 1
Link to comment
Share on other sites


 

Guessing this is like a destructive edit on a photoshop image.. which is irreversible when compressing an exe or dll..  Uncompressing yields a different output 

 

Not sure if there is a flag for an alternative compression algorithm inapp


 

Quote

 

UPX works by compressing the sections stored within the Section Table of the PE file. A strong indicator of UPX being used is the renaming of the header names (UPX0/UPX1). The main purpose of UPX is to reduce file size, this helps mask the malware as a .jpg or to spread through emails.

 

Source: https://labs.detectify.com/2016/04/12/using-reverse-engineering-techniques-to-see-how-a-common-malware-packer-works/

Quote

 

Edited by debebee
Added related literature
  • Like 1
Link to comment
Share on other sites


Israeli_Eagle

Long ago I also liked a lot UPX, but back then was already known the issues.
And nowadays we prefer speed and size is no problem anymore, so somehow UPX became useless.

Link to comment
Share on other sites


size is no problem.. LOL..i guess you think that those apps installed on your computer arent compressed with something..

whether it be upx or other.. pecompact, aspack, or some protector which includes a compression..

think you'd be surprised if you used a scanner to find out..

IF you want to scan i would suggest Nauz file detector v0.08

Link to comment
Share on other sites


Israeli_Eagle
6 hours ago, andy2004 said:

size is no problem.. LOL..i guess you think that those apps installed on your computer arent compressed with something..

whether it be upx or other.. pecompact, aspack, or some protector which includes a compression..

think you'd be surprised if you used a scanner to find out..

IF you want to scan i would suggest Nauz file detector v0.08

 

Fact is that most real software never uses such, has also no reason at all. Sure, sometimes we also have something like Denuvo, but that is a different topic as UPX. 
But I also have no clue which weird 'apps' you might mean. :whistle:

 

Edited by Israeli_Eagle
Link to comment
Share on other sites


@debebee I found another similar topic, but still cannot understand the answer. Maybe the code is same, but in different order...? Or maybe the file content is destroyed and there is no more correct preview? I found that the person UZ1 and other crackers did some big re-code instead to make small changes. Fore example, instead to make one byte change, the file is recompiled like UPX. :unsure: My friend ptoved the last statement.

Link to comment
Share on other sites


Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...