FileAlyzer has been one of my favorite tools for a long time. Through a few versions. FileAlyzer has never been able to properly decompress UPX'd EXE's for me.

I always get ther error 'Cannot open file "bla bla [decompressed].exe". The system cannot find the file specified.' and the decompressed instance of FileAlyzer's data never gets filled.

This happens while logged on as Administrator, when there is no question of weather FileAlyzer has file privileages to the current folder to create it's temporary decompressed file.

This problem followed me accross several computers with various software installed, and accross several versions of Windows. Leading me to side against a software, OS, or security Application conflict.

I took a peek at the new beta and was supprised that this problem didn't appear fixed. I'm hoping that when the new version is released this problem will be resolved.

Hmmm do you have the FileAlyzer.ini set up correctly? That may be the problem ;) We just use the external upx.exe for now; you need to point FileAlyzer to where to find it, e.g.:

[Tools]
UPX-File=C:\Apps\Packer\upx.exe
UPX-Param=-d -o "%1:s" "%0:s"Well, maybe FileAlyzer should show a warning and/or ask for upx.exe if it doesn't find them ;)

(we're going to integrate UPX unpacking at some point though :) )

edit: said and done; adjusted FileAlyzer so that it'll ask for the upx.exe executable if it's not set, and pre-fill the UPX params if necessary. Also finished implementation of UnPECompact (by yoda/2f2), though that is not a command line app, so there's some clicking needed by the user. New beta as soon as we've got the dissassembler finished (still want to add function names for imported functions).

I had no clue that it required configuring. It gave me a headache for awhile until I figured out I had too old of copy of UPX. Then I got it going. Thanks! And the decompiler looks great, I can't wait!

A version too old?
Hmm... I always tried with 1.90w from 2002 :D
So the command line parameters I mentioned should be compatible to old versions as well. If some file is packed with a newer version though... ;)

A version too old?
Hmm... I always tried with 1.90w from 2002 :D
So the command line parameters I mentioned should be compatible to old versions as well. If some file is packed with a newer version though... ;)

Hi all I am new to this forum. I am also facing problem while decompressing th UPXed file. I am using ver 2.02 and trying to decompress the file which I had compressed a little while ago. It says checksum error...... Any help???

Is it just this file, or also other files?
Can you decompress it on the command line, but not through FileAlyzer?
Did you apply any other compressors after UPX (such chains of tools are often hard to undo)?

Thanks for reply. I explain you how I am doing:--

I am using upx202w and goto command prompt of windows XP.
Goto the folder where the UPX202w is placed. copy paste the file to be compressed ( say backup.exe) to this folder.
Run in command line upx -9 backup.exe. Which is executed successfully. And I am able to use this compressed file on my XDA-2.
Now again I goto the command prompt and the folder.
run upx -d backup.exe.

I get error saying that checksum error....

Same thing happens for any compressed file I pickup for decompression (of course the one comressed using UPX)
I dont know how to use file analyser. I would ve glad if you write few lines about the procedure or guide me....

In that case it's an UPX problem I'm afraid. Maybe it's got to do with the compression level; is decompression also impossible with -1?

Anyway, important point regarding XDA: while UPX packing in general isn't always a perfect idea, on a small device like a XDA it's getting even more critical. The smaller size on the harddisk is often based on the cost of a larger size in memory (size of compressed plus size of uncompressed image), and since the XDA doesn't have that much memory, it may be not such a good idea. I would compare the memory usage of the uncompressed with the compressed application carefully.

Another point is that with UPX files, each instance of the application takes another full memory size, while uncompressed files can share sections, so multiple instances won't just multiple memory usage. But most WinMobile applications are intelligent enough to run in only one instance ;)

Thanks bro. for the reply. I have checked just now with level -1 compression then also it gives the same error.
1. Would you suggest me to download it again from the parent site?
2. How upx202d (dos) is different from upx202w(Windows)??
3. do you suggest me to try upx202d??

As far as using upx for XDA is concerned I agree with you as far as limited memory space is concerned. But I am using UPX to pack more S/W utilities inside the ROM. Though I have released many ROM on xda-developers.com but now I am trying to cook my own ROM with S/W UPXed in it. I hope I make my motives clear to you. I expect a solution from an expert like you bro...Thanks once again....

Thank you so much for that link, it helped me find out how to change the Bluetooth name of our test phone, and how to disable that silly Voicemail entry that Vodafone re-adds every time one disables it (Just renaming the HKLM\Software\Microsoft\Today\Items\"Voicemail" to "Anrufbeantworter" helps) :)

I just noticed that code-signed files cannot be compressed with UPX (which makes perfect sense, since code-signing includes a hash of the file contents). But then, Microsoft is very much moving into the direction of having everything code-signed, and especially on smartphones, every good application should be code-signed as well (Spybot-S&D isn't yet since the code-signing company we chose to contact was reorganizing its structures and everything was delayed somehow *g*).

That aside, I tested upx.exe 2.02w with a bunch of files, including an unsigned dev version of Spybot-S&D, using
upx -9 SpybotSD.exe
upx -d SpybotSD.exe
And a bunch of other files. No problem with any of these files.

So just a few ideas:
* you've tried this on a very special file that upx can't properly handle yet
* you're running some antivirus that is blocking proper upx calculation
* the UPX team may know more; we only decompress upx for malware analysis, they know the UPX code inside out ;)

The connection between FileAlyzer and UPX is just that FileAlyzer can decompress and show UPX compressed files if an external upx.exe exists, that's all. Except for the detection of UPX compression (which is quite simple), FileAlyzer doesn't do any UPX analysis.

Thank you very very much. here is the link for downloading one of the somany file which have been troubling me. --> ftp://xda:xda@ftp.xda-developers.com/Uploads/Himalaya/C_Shekhar_HIMA_AKU3.2_R40_P24/Backup_Utility.zip
I have norton antivirus 2005 on my PC and even the fire wall is off. I would request you to kindly try to compress and uncompress the file on your machine and let me know your observations. I shall be grateful....

Ya uncompression problem is happening with all the compressed file on my machine. I have downloaded the UPX202w once again from the parent site but unfortunately same results. I have submitted this issue to the UPX people also. Let me see what comes out.....Thanks once again..

Can't decompress that with UPX 2.02 either. Maybe it's some kind of WinCE problem; I did test only Win32 executables, but UPX even rejected to compress some WinCE executables I just tried (and for this one, rejected decompression as you mentioned).

I have received info from sourceforge.net (the UPX people). They have accepted that it is a UPX202 problem and does not exist in UPX290. They are planning to release 2.03 soon which has solutions to this as well. Thanks a lot bro for your interest in it and helping me out... I am greatful to you....

Worked fine for me after editing Filealyzer.ini to set the path to UPX.exe, on the one UPX compressed file I have (as far as I know): ADSSpy.exe v 1.11. Don't know why Merijn bothered to compress it: compressed is 37KB, uncompressed is 84KB. Then the download is a .zip at 30KB. :-)

Hello everyone,

PepiMK is right! The first thing you want to fix is the Path to UPX. If you have installed FileAlyser to the Default folder, just Copy & Paste this String over the one in "FileAlyser.ini":

UPX-File=C:\Program Files\Safer Networking\FileAlyser\upx.exe

Of course, you would then need a copy of UPX in FileAlyser's Folder. It's generally faster, since the OS, or FileAlyser doesn't have to search the HDD for it.

This should give you some insight into the dreaded "Can't find" error. When FileAlyser reports "System can't find the specified file":

1. Close the failed instance of FileAlyser, then click on the 'Hex dump' Tab, in the remaining FileAlyser instance (it should still be open).
2. Look at the Header info (Text); You should see two references called UPX0 and UPX1.
3. Keep looking downward until you see something like this:

....3.00.UPX!....

As you might guess, '3.00' indicates the version of UPX which was used to pack the file! If the UPX version you currently have is less than the one shown (on your system), that is probably the reason why the decompression fails.

However, I have had a few examples where the UPX version used to compress, was less than v0.99, and decompression failed because of an unknown reason. It is likely because of incompatabilities with the newer versions, or special custom builds (UPX *is* Open Source, BTW).

I would suggest that everyone upgrade to UPX v3.00 (or greater), because it now offers LZMA compression, as a new option. I plan on using it myself, and i'll bet other Users will, too! BTW, that is the same method used by the excellent 7-zip File Manager (Open Source Freeware).

Well, I hope this information helps!

Thanks, Patrick (and the Dev Team), for Spybot S&D, FileAlyser, FoldAlyser and RegAlyser!

Free Speech in action:
This Forum is illogically restrictive. Please, DO NOT consider joining it!

Not being allowed to Copy and Paste into the Posting box, caused me to botch the original Post, in the first place. If simple features like that where given preference over stupid Smilies and other unneccisary crap, I would not have had to redo this Post (for the most part).

BEWARE: THE SLACK PEOPLE THAT RUN THIS FORUM ONLY ALLOW YOU ONE DAY TO EDIT YOUR OWN POST!


Edited Forum Post:
PepiMK is right! The first thing that you want to fix is the Path to UPX. If you have installed FileAlyzer to the Default folder, just Copy and Paste this String over the one in "FileAlyzer.ini":

UPX-File=C:\Program Files\Safer Networking\FileAlyzer\upx.exe

Of course, you would then need a copy of UPX in FileAlyzer's Folder. It's generally faster, since the OS, or FileAlyzer doesn't have to search the Hard Drive for the UPX executable.

This should give you some insight into the dreaded "Can't find" error. When FileAlyzer reports "System can't find the specified file" (or similar):

1. Close the failed instance of FileAlyzer, then click on the 'Hex dump' Tab, in the remaining FileAlyzer instance (it should still be open).

2. Look at the Header information (Text); You should see two (or more) references called UPX0, UPX1, etc.

3. Keep looking downwards until you see something that looks like this:

....3.00.UPX!....

As you might guess, '3.00' indicates the version of UPX which was used to compress the file! If the UPX version you currently have is less than the one shown (on your system), then that is probably the reason why the decompression fails.

However, I have had a few examples where the UPX version which was used to compress, was less than v0.99, and decompression failed, because of an unknown reason. It is likely because of incompatabilities with the newer versions, or special custom builds (UPX is Open Source).

I would suggest that everyone upgrade to UPX v3.00 (or greater), because it now offers LZMA compression, as a new option. I plan on using it myself, and i'll bet other Users will, too! BTW, that is the same method used by the excellent 7-zip File Manager (Open Source Freeware).

Well, I hope this corrected information helps!

Thanks, to Patrick, PepiMK and Team Spybot (excluding the Forum Administrator), for ALL of your fine utilities!

BEWARE: THE SLACK PEOPLE THAT RUN THIS FORUM ONLY ALLOW YOU ONE DAY TO EDIT YOUR OWN POST!


Actually it is 15 minutes. Have a nice day. :greeting: