Masm & UPX error

[dacid]

I have a problem compressing my MASM projects with UPX. About 80% give me "NotCompressibleException"...

What im using:

Windows Vista SP1 (x64)
Microsoft (R) Macro Assembler Version 6.14.8444
Microsoft (R) Incremental Linker Version 5.12.8078
UPX 3.03w

How im using it:

c:\masm32\bin\ml /c /coff /Cp /Ic:\masm32\include Project.asm
c:\masm32\bin\Link /SUBSYSTEM:CONSOLE /LIBPATH:c:\masm32\lib Project.obj
c:\upx\upx Project.exe

                       Ultimate Packer for eXecutables
                          Copyright (C) 1996 - 2008
UPX 3.03w       Markus Oberhumer, Laszlo Molnar & John Reiser   Apr 27th 2008

        File size         Ratio      Format      Name
   --------------------   ------   -----------   -----------
upx: Project1.exe: NotCompressibleException

Packed 1 file: 0 ok, 1 error.

Same with "-f" or "--force" ... any ideas?

[hutch--]

Unless UPX has improved a lot recently, I would advise that you use PEcompact instead. It is DEP safe and over a minimum threashold delivers very good results once the exe gets above about 10k.

[dacid]

Mmm seems that files under 4k cant be compressed with UPX.

Compressing a 2.560 bytes file with pecompact grows to 4.608 bytes  :lol

Anyways the license for freeware uses says:

"Compressed applications may be distributed freely as long as they are done so without any form of compensation"

I think this includes "donations" (via paypal, etc)  :(

[dacid]

is there any link option to round up the size to 4.096 bytes ?

[hutch--]

I dumped UPX years ago because of its sh*tty licence, it is finally an exe compressor and that does not buy its author the right to dictate to its users how they will use their programs. PE compact is a much better proposition without the restrictions.

As far as a minimum size that can be compressed, the size is dictated by the decompression stub size which must be there to decompress the exe into a runnable form. When you get under a certain size the exe grows larger as it holds the decompression stub but the ratio of compression cannot make up the stub size difference.

[dacid]

the license its from pecompact:

http://www.bitsum.com/pecompact_purchase.php

Maybe i can use the Pelle's linker Polink:

\masm32\bin\polink /SUBSYSTEM:WINDOWS /MERGE:.data=.text Test.obj

I only want to compress to prevents non technical people from changing copyright with a hex editor or something like that ;)

[BogdanOntanu]

I only want to compress to prevents non technical people from changing copyright with a hex editor or something like that ;)

Ha ha ha...

How does a "non technical" people use an hex editor to change a binary file?

Non technical people I saw are unaware that files even exist, they think there are 4 icons you have to click: Messenger, Internet, Word, and Excel.

Besides UPX himself does unpack UPX packed files ;)
At least PE compact does not unpack his own packed files.

You are way better by using your own simple XOR encryption for that task. Write a program that will XOR your strings area with a constant key after your executable is build. AT runtime the first action would be to again XOR that strings area with the very same constant key and you are done.

Of course this is very easy to bypass... but not by "non technical" people ;)

[dacid]

I think there is a line between people who can use a hex editor and people who knows who to manually unpack/debug/disam a file.


As you may know with a very simply modification in the packed file you can make UPX not able to unpack his own packed files ;) Of course you can restore the modified bytes... but again... the non technical people ;)

I dont try to hide anything bad,i can write my own encryptor with an easy algorithm like TEA plus 3 or 4 antidebug/disam/emulation tricks  if i want so. It will protect the "bad" program from AVs at least until they get a sample and update their engines to decrypt it. And, of course, i wont care about the licenses ...

As i said, i only want to "ofuscate" a little my projects... so im not looking for a protector but a compressor.

I find other freeware packers like: npack, mpress ...

[dacid]

take a look at this from MPRESS packer:

[5]  Why MPRESS does not have decompression option?

...
Most peaples are using packers not only to compress the application, but to protect their properties against decompilation and reverce engenering.
...

[6]  Can MPRESS protect my program against crackers?

A. MPRESS is not an envelope-protector, it is only a packer. But MPRESS is a good defense against non-professional hacker or reverce engeneres.

non professional !! ;)

[BlackVortex]

Just tried that mpress packer and I'm really not mpressed.

It's as easy to manually unpack as ... upx. Also the compression isn't good enough for my taste (I prefer upack for the absolutely ultimate compression)

My exes compress nicely with upx 3.03. I use latest polink.

And my upx batch-options are aggressive :   -i --ultra-brute  --compress-icons=1 --compress-exports=0 --overlay=strip

[Mark Jones]

I've had difficulty with UPX also.

I suggest, write your own PE compressor. Use Jeremy Collake's compression lib or something else (the more obscure, the better.) XOR each compressed byte with digits of PI or something (so it can't be brute-decompressed.) If you're really worried about someone debugging to bypass the packer, throw an IsDebuggerPresent routine in the middle of the decompression algorithm. If being debugged, alter the algorithm in a way which subtly alters the output... :bdg

Of course, the better a mousetrap someone builds, the harder the mice of the world plot and scheme to get to the cheese... I hear they are using night-vision goggles and virtual holographic projections these days...

[BlackVortex]

IsDebuggerPresent for anti-cracking ??
What is this, 1999 ?    :cheekygreen: :cheekygreen: :cheekygreen:

Seriously, best solution is not to keep the strings in plain format, just xor them. Also pack with rlpack free edition with modest options and stop wasting any more of your time on this, it's a lose/lose situation    :toothy

EDIT : http://rlpack.jezgra.net/download.html

[FairLight]

Hello !

UPXG (UPX Graphical) by Dirk Paehl can scramble your application. ;)

The scrambled app can't be unpacked !

My settings are:

- Reduce exe before compression
- Force compression of suspicous files
- UPX scramble
- Compression level: ultra-brutal

and under Options:

- Compress resources
- Create backup copy
- Strip relocations
- Compress exports
- Force compression

Is your exe smaller than ~ 16 kB then you cannot pack your app with UPX.

...

I'm using masm with RadAsm for writing asm-apps.

My project settings are for example:

Assemble: 3,O,$B\ML.EXE /c /coff /Cp /Gz /nologo /Sa /Sc /Sf /W2 /Zi /I"$I",2
Link: 5,O,$B\polink /SUBSYSTEM:WINDOWS /MACHINE:x86 /RELEASE /VERSION:5.1 /LIBPATH:"$L" /OUT:"$5",3,4
ASM-module: *.obj,O,$B\ML.EXE /c /coff /Cp /Gz /nologo /Sa /Sc /Sf /I"$I",*.asm


UPX packs applications very good. So good that the packed exe has the same size like an exe packed with "kkrunchy" from farbrausch (http://www.farbrausch.de/~fg/kkrunchy/).
But i don't know if "kkrunchy" scrambles the exe.

My-app without special settings linked: 289 kB
My-app with masm link and the switches above: 282 kB
My-app with polink and the switches above: 280 kB
My-app UPX-packed and scrambled: 69 kB
My-app kkrunchy-packed: 69 kB

Don't use /Merge:.text=.data ... etc. -> Your app will be recognized as virus by AntiVir like HEUR/Crypted !!!
Your exe may be 2 kB smaller with merging, but after packing it - it has the same size like the unmerged one, and your AntiVirus-app will force you to wipe or quarantine the app !

cul8'er.

[BlackVortex]

@ FairLight
Just tested that upxg. Yeah, upx can't decompress a scrambled upx exe, but manual unpacking again took me 15 seconds.

And don't be impressed with the compression, winupack compresses a lot better than upx.

[FairLight]

@BlackVortex: You are right !

Just tested WinUpack 0.39final and my exe is only 66 kB. ;)

But how can you unpack an upx-packed&scrambled file ?