win 64下upx加壳脱壳

NAME upx - compress or expand executable files SYNOPSIS upx [ *command* ] [ *options* ] *filename*... ABSTRACT The Ultimate Packer for eXecutables Copyright (c) 1996-2024 Markus Oberhumer, Laszlo Molnar & John Reiser https://upx.github.io UPX is a portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers **very** fast decompression. Your executables suffer no memory overhead or other drawbacks for most of the formats supported, because of in-place decompression. DISCLAIMER UPX comes with ABSOLUTELY NO WARRANTY; for details see the file COPYING. Please report all problems or suggestions to the authors. Thanks. SECURITY CONTEXT IMPORTANT NOTE: UPX inherits the security context of any files it handles. This means that packing, unpacking, or even testing or listing a file requires the same security considerations as actually executing the file. Use UPX on trusted files only! DESCRIPTION UPX is a versatile executable packer with the following features: - secure: as UPX is documented Open Source since many years any relevant Security/Antivirus software is able to peek inside UPX compressed apps to verify them - excellent compression ratio: typically compresses better than Zip, use UPX to decrease the size of your distribution ! - very fast decompression: more than 500 MB/sec on any reasonably modern machine - no memory overhead for your compressed executables for most of the supported formats because of in-place decompression - safe: you can list, test and unpack your executables. Also, a checksum of both the compressed and uncompressed file is maintained internally. - universal: UPX can pack a number of executable formats, including Windows programs and DLLs, macOS apps and Linux executables - portable: UPX is written in portable endian-neutral C++ - extendable: because of the class layout it's very easy to support new executable formats or add new compression algorithms - free: UPX is distributed with full source code under the GNU General Public License v2+, with special exceptions granting the free usage for commercial programs You probably understand now why we call UPX the "*ultimate*" executable packer. COMMANDS Compress This is the default operation, eg. upx yourfile.exe will compress the file specified on the command line. Decompress All UPX supported file formats can be unpacked using the -d switch, eg. upx -d yourfile.exe will uncompress the file you've just compressed. Test The -t command tests the integrity of the compressed and uncompressed data, eg. upx -t yourfile.exe check whether your file can be safely decompressed. Note, that this command doesn't check the whole file, only the part that will be uncompressed during program execution. This means that you should not use this command instead of a virus checker. List The -l command prints out some information about the compressed files specified on the command line as parameters, eg upx -l yourfile.exe shows the compressed / uncompressed size and the compression ratio of *yourfile.exe*. OPTIONS -q: be quiet, suppress warnings -q -q (or -qq): be very quiet, suppress errors -q -q -q (or -qqq): produce no output at all --help: prints the help --version: print the version of UPX --exact: when compressing, require to be able to get a byte-identical file after decompression with option -d. [NOTE: this is work in progress and is not supported for all formats yet. If you do care, as a workaround you can compress and then decompress your program a first time - any further compress-decompress steps should then yield byte-identical results as compared to the first decompressed version.] -k: keep backup files -o file: write output to file [ ...more docs need to be written... - type `upx --help' for now ] COMPRESSION LEVELS & TUNING UPX offers ten different compression levels from -1 to -9, and --best. The default compression level is -8 for files smaller than 512 KiB, and -7 otherwise. * Compression levels 1, 2 and 3 are pretty fast. * Compression levels 4, 5 and 6 achieve a good time/ratio performance. * Compression levels 7, 8 and 9 favor compression ratio over speed. * Compression level --best may take a long time. Note that compression level --best can be somewhat slow for large files, but you definitely should use it when releasing a final version of your program. Quick info for achieving the best compression ratio: * Try upx --brute --no-lzma myfile.exe or even upx --ultra-brute --no-lzma myfile.exe. * The option --lzma enables LZMA compression, which compresses better but is *significantly slower* at decompression. You probably do not want to use it for large files. (Note that --lzma is automatically enabled by --all-methods and --brute, use --no-lzma to override.) * Try if --overlay=strip works. * For win32/pe programs there's --strip-relocs=0. See notes below. OVERLAY HANDLING OPTIONS Info: An "overlay" means auxiliary data attached after the logical end of an executable, and it often contains application specific data (this is a common practice to avoid an extra data file, though it would be better to use resource sections). UPX handles overlays like many other executable packers do: it simply copies the overlay after the compressed image. This works with some files, but doesn't work with others, depending on how an application actually accesses this overlaid data. --overlay=copy Copy any extra data attached to the file. [DEFAULT] --overlay=strip Strip any overlay from the program instead of copying it. Be warned, this may make the compressed program crash or otherwise unusable. --overlay=skip Refuse to compress any program which has an overlay. ENVIRONMENT VARIABLE The environment variable UPX can hold a set of default options for UPX. These options are interpreted first and can be overwritten by explicit command line parameters. For example: for DOS/Windows: set UPX=-9 --compress-icons#0 for sh/ksh/zsh: UPX="-9 --compress-icons=0"; export UPX for csh/tcsh: setenv UPX "-9 --compress-icons=0" Under DOS/Windows you must use '#' instead of '=' when setting the environment variable because of a COMMAND.COM limitation. Not all of the options are valid in the environment variable - UPX will tell you. You can explicitly use the --no-env option to ignore the environment variable. NOTES FOR THE SUPPORTED EXECUTABLE FORMATS NOTES FOR ATARI/TOS This is the executable format used by the Atari ST/TT, a Motorola 68000 based personal computer which was popular in the late '80s. Support of this format is only because of nostalgic feelings of one of the authors and serves no practical purpose :-). See https://freemint.github.io for more info. Packed programs will be byte-identical to the original after uncompression. All debug information will be stripped, though. Extra options available for this executable format: --all-methods Compress the program several times, using all available compression methods. This may improve the compression ratio in some cases, but usually the default method gives the best results anyway. NOTES FOR BVMLINUZ/I386