search

upx / upx

UPX - the Ultimate Packer for eXecutables
https://upx.github.io
Other
14.21k stars 1.34k forks source link

Jom exe doesn't work compressed #804

Open tansy opened 5 months ago

tansy commented 5 months ago

What's the problem (or question)?

I don't know how relevant/important it is but this executable of jom.exe does not work compressed. It works decompressed, which is good sign, but not compressed.

What should have happened?

It should work compressed.

Do you have an idea for a solution?

How can we reproduce the issue?

$ upx jom.exe
$ jom.exe

Don't know if it's helpful, but earlier versions <= 1.1.2 work. With upx-3.9.6 too.

Please tell us details about your environment.

markus-oberhumer commented 5 months ago

Could you please test which versions of UPX do work for you? Thanks!

tansy commented 5 months ago

None works. Jom-1.1.3 gets compressed, and doesn't work compressed.

$ upx4 --version
upx 4.2.3
$ wine jom.exe -version
jom version 1.1.3

$ upx4 jom.exe

$ wine jom.exe -version

$ upx4 -d jom.exe
$ wine jom.exe -version
jom version 1.1.3

all earlier versions of jom:

$ wine jom.exe -version
jom version 1.1.2

$ upx4 jom.exe 

$ wine jom.exe -version
jom version 1.1.2

$ upx4 -d jom.exe
$ wine jom.exe -version
jom version 1.1.2
tansy commented 4 months ago

I tried to strace these files (in wine) if that's of any help. Put it here.

jreiser commented 4 months ago

It might pay to try some of these WinPE flag options:

$ upx --help
Options for win32/pe, win64/pe & rtm32/pe:
  --compress-exports=0    do not compress the export section
  --compress-exports=1    compress the export section [default]
  --compress-icons=0      do not compress any icons
  --compress-icons=1      compress all but the first icon
  --compress-icons=2      compress all but the first icon directory [default]
  --compress-icons=3      compress all icons
  --compress-resources=0  do not compress any resources at all
  --keep-resource=list    do not compress resources specified by list
  --strip-relocs=0        do not strip relocations
  --strip-relocs=1        strip relocations [default]

In general, an executable which tries to inspect itself at runtime will experience difficulties when packed by UPX. So try to learn if jom.exe does anything like this.

tansy commented 4 months ago

Neither works. They all are identical after compression, regardless those options.

Only difference is that upx-4.2.3: jom_1_1_3.exe: CantPackException: --strip-relocs is not allowed with ASLR (use with --force to remove).

Compressed file seems to not do some stuff. It can be seen in strace (reduced to only difference version here).

apankrat commented 4 months ago

For what it's worth - can't reproduce this issue on Windows 10. jom.exe compressed with 4.2.4 works just fine:

C:\Temp>jom.exe
Error: File Makefile doesn't exist.

C:\Temp>upx jom.exe
                       Ultimate Packer for eXecutables
                          Copyright (C) 1996 - 2024
UPX 4.2.4       Markus Oberhumer, Laszlo Molnar & John Reiser    May 9th 2024

        File size         Ratio      Format      Name
   --------------------   ------   -----------   -----------
   2750464 ->   1158656   42.13%    win32/pe     jom.exe

Packed 1 file.

C:\Temp>jom.exe
Error: File Makefile doesn't exist.

C:\Temp>

Compressing with 4.2.3 works as well.

Perhaps it's a Wine-specific issue?

tansy commented 3 months ago

I'm not in widows right now and switching to it is somewhat nuisance. When opportunity arises I will test it.

tansy commented 3 months ago

Checked it on Windows 7 and they seem to work there, so it is somewhat Wine related. Still it doesn't explain why uncompressed works and compressed doesn't (through Wine).

You may want to close it as I have no idea how to test it, and it is 'minor population' issue (not many people would use it through Wine).

markus-oberhumer commented 3 months ago

Good support for Wine is an explicit goal of UPX since the very beginning - e.g. see https://github.com/upx/upx/blob/3495d1affdc2c7dc18094f87d59ca5eb58f55f51/src/linker.cpp#L229-L230

So it would be nice if we can determine the cause of the problem.

tansy commented 3 months ago

From this test I can tell this:

That's all I got from that test. Not sure how can it help.

github-actions[bot] commented 2 weeks ago

This issue is stale because it has been open for 90 days with no activity. Please remove the stale label or add a comment or this issue will be closed in 30 days.