upx.1

压缩exe,dll,不错啊 压缩exe,dll,不错啊 压缩exe,dll,不错啊

Obviously \fB\s-1UPX\s0\fR won't work with executables that want to read data from
themselves (like some commandline utilities that ship with Win95/98/ME).
.PP
Compressed programs only work on a 286+.
.PP
Packed programs will be byte-identical to the original after uncompression.
.PP
Maximum uncompressed size: ~65100 bytes.
.PP
Extra options available for this executable format:
.PP
.Vb 1
\&  --8086              Create an executable that works on any 8086 CPU.
.Ve
.PP
.Vb 4
\&  --all-methods       Compress the program several times, using all
\&                      available compression methods. This may improve
\&                      the compression ratio in some cases, but usually
\&                      the default method gives the best results anyway.
.Ve
.PP
.Vb 4
\&  --all-filters       Compress the program several times, using all
\&                      available preprocessing filters. This may improve
\&                      the compression ratio in some cases, but usually
\&                      the default filter gives the best results anyway.
.Ve
.Sh "\s-1NOTES\s0 \s-1FOR\s0 \s-1DOS/EXE\s0"
.IX Subsection "NOTES FOR DOS/EXE"
dos/exe stands for all \*(L"normal\*(R" 16\-bit \s-1DOS\s0 executables.
.PP
Obviously \fB\s-1UPX\s0\fR won't work with executables that want to read data from
themselves (like some command line utilities that ship with Win95/98/ME).
.PP
Compressed programs only work on a 286+.
.PP
Extra options available for this executable format:
.PP
.Vb 1
\&  --8086              Create an executable that works on any 8086 CPU.
.Ve
.PP
.Vb 1
\&  --no-reloc          Use no relocation records in the exe header.
.Ve
.PP
.Vb 4
\&  --all-methods       Compress the program several times, using all
\&                      available compression methods. This may improve
\&                      the compression ratio in some cases, but usually
\&                      the default method gives the best results anyway.
.Ve
.Sh "\s-1NOTES\s0 \s-1FOR\s0 \s-1DOS/SYS\s0"
.IX Subsection "NOTES FOR DOS/SYS"
You can only compress plain sys files, sys/exe (two in one)
combos are not supported.
.PP
Compressed programs only work on a 286+.
.PP
Packed programs will be byte-identical to the original after uncompression.
.PP
Maximum uncompressed size: ~65350 bytes.
.PP
Extra options available for this executable format:
.PP
.Vb 1
\&  --8086              Create an executable that works on any 8086 CPU.
.Ve
.PP
.Vb 4
\&  --all-methods       Compress the program several times, using all
\&                      available compression methods. This may improve
\&                      the compression ratio in some cases, but usually
\&                      the default method gives the best results anyway.
.Ve
.PP
.Vb 4
\&  --all-filters       Compress the program several times, using all
\&                      available preprocessing filters. This may improve
\&                      the compression ratio in some cases, but usually
\&                      the default filter gives the best results anyway.
.Ve
.Sh "\s-1NOTES\s0 \s-1FOR\s0 \s-1DJGPP2/COFF\s0"
.IX Subsection "NOTES FOR DJGPP2/COFF"
First of all, it is recommended to use \fB\s-1UPX\s0\fR *instead* of \fBstrip\fR. strip has
the very bad habit of replacing your stub with its own (outdated) version.
Additionally \fB\s-1UPX\s0\fR corrects a bug/feature in strip v2.8.x: it
will fix the 4 KByte aligment of the stub.
.PP
\&\fB\s-1UPX\s0\fR includes the full functionality of stubify. This means it will
automatically stubify your \s-1COFF\s0 files. Use the option \fB\-\-coff\fR to
disable this functionality (see below).
.PP
\&\fB\s-1UPX\s0\fR automatically handles Allegro packfiles.
.PP
The \s-1DLM\s0 format (a rather exotic shared library extension) is not supported.
.PP
Packed programs will be byte-identical to the original after uncompression.
All debug information and trailing garbage will be stripped, though.
.PP
Extra options available for this executable format:
.PP
.Vb 2
\&  --coff              Produce COFF output instead of EXE. By default
\&                      UPX keeps your current stub.
.Ve
.PP
.Vb 4
\&  --all-methods       Compress the program several times, using all
\&                      available compression methods. This may improve
\&                      the compression ratio in some cases, but usually
\&                      the default method gives the best results anyway.
.Ve
.PP
.Vb 4
\&  --all-filters       Compress the program several times, using all
\&                      available preprocessing filters. This may improve
\&                      the compression ratio in some cases, but usually
\&                      the default filter gives the best results anyway.
.Ve
.Sh "\s-1NOTES\s0 \s-1FOR\s0 \s-1LINUX\s0 [general]"
.IX Subsection "NOTES FOR LINUX [general]"
Introduction
.PP
.Vb 4
\&  Linux/386 support in UPX consists of 3 different executable formats,
\&  one optimized for ELF excutables ("linux/elf386"), one optimized
\&  for shell scripts ("linux/sh386"), and one generic format
\&  ("linux/386").
.Ve
.PP
.Vb 2
\&  We will start with a general discussion first, but please
\&  also read the relevant docs for each of the individual formats.
.Ve
.PP
.Vb 2
\&  Also, there is special support for bootable kernels - see the
\&  description of the vmlinuz/386 format.
.Ve
.PP
General user's overview
.PP
.Vb 7
\&  Running a compressed executable program trades less space on a
\&  ``permanent'' storage medium (such as a hard disk, floppy disk,
\&  CD-ROM, flash memory, EPROM, etc.) for more space in one or more
\&  ``temporary'' storage media (such as RAM, swap space, /tmp, etc.).
\&  Running a compressed executable also requires some additional CPU
\&  cycles to generate the compressed executable in the first place,
\&  and to decompress it at each invocation.
.Ve
.PP
.Vb 6
\&  How much space is traded?  It depends on the executable, but many
\&  programs save 30% to 50% of permanent disk space.  How much CPU
\&  overhead is there?  Again, it depends on the executable, but
\&  decompression speed generally is at least many megabytes per second,
\&  and frequently is limited by the speed of the underlying disk
\&  or network I/O.
.Ve
.PP
.Vb 15
\&  Depending on the statistics of usage and access, and the relative
\&  speeds of CPU, RAM, swap space, /tmp, and filesystem storage, then
\&  invoking and running a compressed executable can be faster than
\&  directly running the corresponding uncompressed program.
\&  The operating system might perfrom fewer expensive I/O operations
\&  to invoke the compressed program.  Paging to or from swap space
\&  or /tmp might be faster than paging from the general filesystem.
\&  ``Medium-sized'' programs which access about 1/3 to 1/2 of their
\&  stored program bytes can do particulary well with compression.
\&  Small programs tend not to benefit as much because the absolute
\&  savings is less.  Big programs tend not to benefit proportionally
\&  because each invocation may use only a small fraction of the program,
\&  yet UPX decompresses the entire program before invoking it.
\&  But in environments where disk or flash memory storage is limited,
\&  then compression may win anyway.
.Ve
.PP
.Vb 6
\&  Currently, executables compressed by UPX do not share RAM at runtime
\&  in the way that executables mapped from a filesystem do.  As a
\&  result, if the same program is run simultaneously by more than one
\&  process, then using the compressed version will require more RAM and/or
\&  swap space.  So, shell programs (bash, csh, etc.)  and ``make''
\&  might not be good candidates for compression.
.Ve
.PP
.Vb 12
\&  UPX recognizes three executable formats for Linux: Linux/elf386,
\&  Linux/sh386, and Linux/386.  Linux/386 is the most generic format;
\&  it accommodates any file that can be executed.  At runtime, the UPX
\&  decompression stub re-creates in /tmp a copy of the original file,
\&  and then the copy is (re-)executed with the same arguments.
\&  ELF binary executables prefer the Linux/elf386 format by default,
\&  because UPX decompresses them directly into RAM, uses only one
\&  exec, does not use space in /tmp, and does not use /proc.
\&  Shell scripts where the underlying shell accepts a ``-c'' argument
\&  can use the Linux/sh386 format.  UPX decompresses the shell script
\&  into low memory, then maps the shell and passes the entire text of the
\&  script as an argument with a leading ``-c''.
.Ve
.PP
General benefits:
.PP
.Vb 4
\&  - UPX can compress all executables, be it AOUT, ELF, libc4, libc5,
\&    libc6, Shell/Perl/Python/... scripts, standalone Java .class
\&    binaries, or whatever...
\&    All scripts and programs will work just as before.
.Ve
.PP
.Vb 2
\&  - Compressed programs are completely self-contained. No need for
\&    any external program.
.Ve
.PP
.Vb 5
\&  - UPX keeps your original program untouched. This means that
\&    after decompression you will have a byte-identical version,
\&    and you can use UPX as a file compressor just like gzip.
\&    [ Note that UPX maintains a checksum of the file internally,
\&      so it is indeed a reliable alternative. ]
.Ve
.PP
.Vb 3
\&  - As the stub only uses syscalls and isn't linked against libc it
\&    should run under any Linux configuration that can run ELF
\&    binaries.
.Ve
.PP
.Vb 3
\&  - For the same reason compressed executables should run under
\&    FreeBSD and other systems which can run Linux binaries.
\&    [ Please send feedback on this topic ]
.Ve
.PP
General drawbacks:
.PP
.Vb 4
\&  - It is not advisable to compress programs which usually have many
\&    instances running (like `sh' or `make') because the common segments of
\&    compressed programs won't be shared any longer between different
\&    processes.
.Ve
.PP
.Vb 5
\&  - `ldd' and `size' won't show anything useful because all they
\&    see is the statically linked stub.  Since version 0.82 the section
\&    headers are stripped from the UPX stub and `size' doesn't even
\&    recognize the file format.  The file patches/patch-elfcode.h has a
\&    patch to fix this bug in `size' and other programs which use GNU BFD.
.Ve
.PP
General notes:
.PP
.Vb 2
\&  - As UPX leaves your original program untouched it is advantageous
\&    to strip it before compression.
.Ve
.PP
.Vb 2
\&  - If you compress a script you will lose platform independence -
\&    this could be a problem if you are using NFS mounted disks.
.Ve
.PP
.Vb 2
\&  - Compression of suid, guid and sticky-bit programs is rejected
\&    because of possible security implications.
.Ve
.PP
.Vb 2
\&  - For the same reason there is no sense in making any compressed
\&    program suid.
.Ve
.PP
.Vb 3
\&  - Obviously UPX won't work with executables that want to read data
\&    from themselves. E.g., this might be a problem for Perl scripts
\&    which access their __DATA__ lines.
.Ve
.PP
.Vb 4
\&  - In case of internal errors the stub will abort with exitcode 127.
\&    Typical reasons for this to happen are that the program has somehow
\&    been modified after compression.
\&    Running `strace -o strace.log compressed_file' will tell you more.
.Ve
.Sh "\s-1NOTES\s0 \s-1FOR\s0 \s-1LINUX/ELF386\s0"
.IX Subsection "NOTES FOR LINUX/ELF386"
Please read the general Linux description first.
.PP
The linux/elf386 format decompresses directly into \s-1RAM\s0,
uses only one exec, does not use space in /tmp,
and does not use /proc.
.PP
Linux/elf386 is automatically selected for Linux \s-1ELF\s0 exectuables.
.PP
Packed programs will be byte-identical to the original after uncompression.
.PP
How it works:
.PP
.Vb 9
\&  For ELF executables, UPX decompresses directly to memory, simulating
\&  the mapping that the operating system kernel uses during exec(),
\&  including the PT_INTERP program interpreter (if any).
\&  The brk() is set by a special PT_LOAD segment in the compressed
\&  executable itself.  UPX then wipes the stack clean except for
\&  arguments, environment variables, and Elf_auxv entries (this is
\&  required by bugs in the startup code of /lib/ld-linux.so as of
\&  May 2000), and transfers control to the program interpreter or
\&  the e_entry address of the original executable.
.Ve
.PP
.Vb 2
\&  The UPX stub is about 1700 bytes long, partly written in assembler
\&  and only uses kernel syscalls. It is not linked against any libc.
.Ve
.PP
Specific drawbacks:
.PP
.Vb 9
\&  - For linux/elf386 and linux/sh386 formats, you will be relying on
\&    RAM and swap space to hold all of the decompressed program during
\&    the lifetime of the process.  If you already use most of your swap
\&    space, then you may run out.  A system that is "out of memory"
\&    can become fragile.  Many programs do not react gracefully when
\&    malloc() returns 0.  With newer Linux kernels, the kernel
\&    may decide to kill some processes to regain memory, and you
\&    may not like the kernel's choice of which to kill.  Running
\&    /usr/bin/top is one way to check on the usage of swap space.
.Ve
.PP
Extra options available for this executable format:
.PP
.Vb 1
\&  (none)
.Ve
.Sh "\s-1NOTES\s0 \s-1FOR\s0 \s-1LINUX/SH386\s0"
.IX Subsection "NOTES FOR LINUX/SH386"
Please read the general Linux description first.
.PP
Shell scripts where the underling shell accepts a ``\-c'' argument
can use the Linux/sh386 format.  \fB\s-1UPX\s0\fR decompresses the shell script
into low memory, then maps the shell and passes the entire text of the
script as an argument with a leading ``\-c''.
It does not use space in /tmp, and does not use /proc.
.PP
Linux/sh386 is automatically selected for shell scripts that
use a known shell.
.PP
Packed programs will be byte-identical to the original after uncompression.
.PP
How it works:
.PP
.Vb 8
\&  For shell script executables (files beginning with "#!/" or "#! /")
\&  where the shell is known to accept "-c <command>", UPX decompresses
\&  the file into low memory, then maps the shell (and its PT_INTERP),
\&  and passes control to the shell with the entire decompressed file
\&  as the argument after "-c".  Known shells are sh, ash, bash, bsh, csh,
\&  ksh, tcsh, pdksh.  Restriction: UPX cannot use this method
\&  for shell scripts which use the one optional string argument after
\&  the shell name in the script (example: "#! /bin/sh option3\en".)
.Ve
.PP
.Vb 2
\&  The UPX stub is about 1700 bytes long, partly written in assembler
\&  and only uses kernel syscalls. It is not linked against any libc.
.Ve
.PP
Specific drawbacks:
.PP
.Vb 9
\&  - For linux/elf386 and linux/sh386 formats, you will be relying on
\&    RAM and swap space to hold all of the decompressed program during
\&    the lifetime of the process.  If you already use most of your swap
\&    space, then you may run out.  A system that is "out of memory"