New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UPX is way, way broken by Darwin 16 / OS X Sierra. #4

Closed
geoff-codes opened this Issue Sep 15, 2016 · 112 comments

Comments

Projects
None yet
@geoff-codes

geoff-codes commented Sep 15, 2016

I'm not sure if this is already on your radar (and if so, well, I'd recommend you just let this issue sit open here until/unless there's a fix or workaround), but:

OS X Sierra (I refuse to say macOS) really abhors UPX. I don't think I've seen anything quite like this, but they've actually taken the time to code in some diagnostics that call you out by name.

Please do note I do say broken by, not merely broken on.

This is a one of maybe a dozen programs I have (i.e., built by other developers) which now act this very stubbornly act this way.

I should note:

  • SIP is disabled.
  • SecAssessment is (apparently) disabled. In layman's terms: Gatekeeper is "off", i.e. spctl --master-disable.
  • I'm not sure if these even do anything any more, but I also threw debug=0x14e amfi_get_out_of_my_way=0x1 cs_enforcement_disable=0x1 in my boot-args.
  • Again, I'm not really sure if there's any particular relevance, but there's only a couple of kernel security.mac switches that the system will let you change, and there was no smoking gun I could obviously find in there, either, but FWIW, I set sudo sysctl security.mac.qtn.sandbox_enforce=0.

Some program:

Process:               program [63584]
Path:                  /Volumes/VOLUME/*/program.app/Contents/MacOS/program
Identifier:            org.website.program
Version:               ???
Code Type:             X86-64 (Native)
Parent Process:        ??? [1]
Responsible:           program [63584]
User ID:               501

Date/Time:             2016-09-15 07:53:21.269 -0700
OS Version:            Mac OS X 10.12 (16A320)
Report Version:        12
Anonymous UUID:        8833382B-065F-9020-2102-BC778676C039


Time Awake Since Boot: 11000 seconds

System Integrity Protection: disabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_CRASH (SIGKILL)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    EXEC, [0xc] This UPX compressed binary contains an invalid Mach-O header and cannot be loaded.

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib          0x00007fffa0485bb2 __posix_spawn + 10
1   libsystem_kernel.dylib          0x00007fffa0480ef2 posix_spawn + 386
2   xpcproxy                        0x0000000106bcbd75 0x106bc9000 + 11637
3   xpcproxy                        0x0000000106bcc992 0x106bc9000 + 14738
4   libdyld.dylib                   0x00007fffa0357255 start + 1

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x000000000000000d  rbx: 0x0000000000000000  rcx: 0x00007fff59036388  rdx: 0x00007fff590363a0
  rdi: 0x0000000000000000  rsi: 0x00007f90400008e5  rbp: 0x00007fff59036430  rsp: 0x00007fff59036388
   r8: 0x00007f903f5020e0   r9: 0x00007f903f5020e0  r10: 0x00007f903f500250  r11: 0x0000000000000202
  r12: 0x00007f903f500250  r13: 0x00007f90400008e5  r14: 0x00007fff59036950  r15: 0x00007fff59036958
  rip: 0x00007fffa0485bb2  rfl: 0x0000000000000203  cr2: 0x00007fffa90270a8

Logical CPU:     0
Error Code:      0x020000f4
Trap Number:     133


Binary Images:
       0x106bc9000 -        0x106bcdffb  xpcproxy (2.0.0 - 972.1.5) <625A730D-D6CA-3B26-ABFC-E0FD9005BAB6> /usr/libexec/xpcproxy
       0x10f553000 -        0x10f5901c7  dyld (421.1) <A525EAEA-AF86-30C2-B360-3D093B4F0828> /usr/lib/dyld
    0x7fff9edc3000 -     0x7fff9edc4ff3  libSystem.B.dylib (1238) <168B3C56-081B-3998-9A44-681EB4C6828F> /usr/lib/libSystem.B.dylib
    0x7fff9eed4000 -     0x7fff9eed4ff3  libauto.dylib (187) <5BBF6A00-CC76-389D-84E7-CA88EDADE683> /usr/lib/libauto.dylib
    0x7fff9eef5000 -     0x7fff9ef4bff7  libc++.1.dylib (307.4) <BEE86868-F831-384C-919E-2B286ACFE87C> /usr/lib/libc++.1.dylib
    0x7fff9ef4c000 -     0x7fff9ef76fff  libc++abi.dylib (307.2) <1CEF8ABB-7E6D-3C2F-8E0A-E7884478DD23> /usr/lib/libc++abi.dylib
    0x7fff9fa65000 -     0x7fff9fe35d97  libobjc.A.dylib (706) <F9AFE665-A3A2-3285-9495-19803A565861> /usr/lib/libobjc.A.dylib
    0x7fffa027b000 -     0x7fffa027fff7  libcache.dylib (79) <84E55656-FDA9-3B29-9E4F-BE31B2C0AA3C> /usr/lib/system/libcache.dylib
    0x7fffa0280000 -     0x7fffa028afff  libcommonCrypto.dylib (60092.1.2) <79F738D8-0AD7-3DEA-AF80-E0F8B90B74E3> /usr/lib/system/libcommonCrypto.dylib
    0x7fffa028b000 -     0x7fffa0292fff  libcompiler_rt.dylib (62) <486BDE52-81B4-3446-BD72-23977CAE556F> /usr/lib/system/libcompiler_rt.dylib
    0x7fffa0293000 -     0x7fffa029bfff  libcopyfile.dylib (138) <0DA49B77-56EC-362D-98FF-FA78CFD986D6> /usr/lib/system/libcopyfile.dylib
    0x7fffa029c000 -     0x7fffa031eff3  libcorecrypto.dylib (442.1.3) <1CA8B679-810E-3C04-945A-4AC19372CDC7> /usr/lib/system/libcorecrypto.dylib
    0x7fffa031f000 -     0x7fffa0351fff  libdispatch.dylib (703.1.4) <12B1D95B-283D-325D-85AB-29A2FFD36987> /usr/lib/system/libdispatch.dylib
    0x7fffa0352000 -     0x7fffa0357ff3  libdyld.dylib (421.1) <CDFBDC9C-418C-369D-B433-F64B0630E640> /usr/lib/system/libdyld.dylib
    0x7fffa0358000 -     0x7fffa0358ffb  libkeymgr.dylib (28) <09CD7CA6-46D2-3A9F-B9F1-7C4CA5CA0D68> /usr/lib/system/libkeymgr.dylib
    0x7fffa0366000 -     0x7fffa0366fff  liblaunch.dylib (972.1.5) <DC31FDEA-FD81-335E-BAA8-5A7395D20772> /usr/lib/system/liblaunch.dylib
    0x7fffa0367000 -     0x7fffa036cfff  libmacho.dylib (894) <1EAE5ADD-490C-3B1F-9F97-447BA8E0E90F> /usr/lib/system/libmacho.dylib
    0x7fffa036d000 -     0x7fffa036fff3  libquarantine.dylib (85) <78EF62D8-C890-3FC0-937A-C2FD8CEF8992> /usr/lib/system/libquarantine.dylib
    0x7fffa0370000 -     0x7fffa0371ffb  libremovefile.dylib (45) <C4FC07FF-ED86-382E-B06F-33C34718080C> /usr/lib/system/libremovefile.dylib
    0x7fffa0372000 -     0x7fffa038aff7  libsystem_asl.dylib (349.1.1) <F0987490-8427-367F-B302-A05A7D61FEBF> /usr/lib/system/libsystem_asl.dylib
    0x7fffa038b000 -     0x7fffa038bff7  libsystem_blocks.dylib (67) <B8C3701D-5A91-3D35-999D-2DC8D5393525> /usr/lib/system/libsystem_blocks.dylib
    0x7fffa038c000 -     0x7fffa0419fe7  libsystem_c.dylib (1158.1.2) <5F260836-48E4-3F57-8553-62D2DA228A1F> /usr/lib/system/libsystem_c.dylib
    0x7fffa041a000 -     0x7fffa041dffb  libsystem_configuration.dylib (888.1.2) <67BB9D8B-2430-38AD-81A7-F0EC924B2590> /usr/lib/system/libsystem_configuration.dylib
    0x7fffa041e000 -     0x7fffa0421fff  libsystem_coreservices.dylib (41.1) <11F22E6C-0DCB-3699-A4F0-C99E301E56E9> /usr/lib/system/libsystem_coreservices.dylib
    0x7fffa0422000 -     0x7fffa043affb  libsystem_coretls.dylib (121.1.1) <8F7E9B12-400D-3276-A9C5-4546B0258554> /usr/lib/system/libsystem_coretls.dylib
    0x7fffa043b000 -     0x7fffa0441fff  libsystem_dnssd.dylib (765.1.2) <C5FF2025-C60B-39C6-B205-6BF1BC51D1B3> /usr/lib/system/libsystem_dnssd.dylib
    0x7fffa0442000 -     0x7fffa046bfff  libsystem_info.dylib (503) <C686B834-5E7D-382C-AF6E-44AB78EE83E2> /usr/lib/system/libsystem_info.dylib
    0x7fffa046c000 -     0x7fffa048eff7  libsystem_kernel.dylib (3789.1.32) <5C68A0D7-C3C9-3E52-B983-EDE9A28AB6FC> /usr/lib/system/libsystem_kernel.dylib
    0x7fffa048f000 -     0x7fffa04d6fe7  libsystem_m.dylib (3121.4) <E3370D16-EBAA-3C7F-AC56-2D6EAD7DB0A4> /usr/lib/system/libsystem_m.dylib
    0x7fffa04d7000 -     0x7fffa04f5ff7  libsystem_malloc.dylib (116) <3DD17B88-B7A4-38B9-9E95-AB88E1C3B647> /usr/lib/system/libsystem_malloc.dylib
    0x7fffa04f6000 -     0x7fffa054cfff  libsystem_network.dylib (856.1.8) <A8973360-956A-33BF-9971-14D59C84E0D1> /usr/lib/system/libsystem_network.dylib
    0x7fffa054d000 -     0x7fffa0556ff3  libsystem_networkextension.dylib (563.1.11) <1C551832-9360-36DD-A7BA-52B55A171720> /usr/lib/system/libsystem_networkextension.dylib
    0x7fffa0557000 -     0x7fffa0560ffb  libsystem_notify.dylib (165) <AF77D471-6B13-36BA-B144-7E7DDB9DBA9F> /usr/lib/system/libsystem_notify.dylib
    0x7fffa0561000 -     0x7fffa0569fe7  libsystem_platform.dylib (126.1.2) <884DDF42-3CAE-334A-82CE-965617130FB1> /usr/lib/system/libsystem_platform.dylib
    0x7fffa056a000 -     0x7fffa0574fff  libsystem_pthread.dylib (218.1.3) <050AE77B-4F4B-334A-A5BA-CF0D10AF5304> /usr/lib/system/libsystem_pthread.dylib
    0x7fffa0575000 -     0x7fffa0578fff  libsystem_sandbox.dylib (592.1.3) <90FEF628-316D-3F84-9EF4-F7F510A4FBBB> /usr/lib/system/libsystem_sandbox.dylib
    0x7fffa0579000 -     0x7fffa057afff  libsystem_secinit.dylib (24) <A54B8FEF-E792-3C54-8E0B-E80A376662F2> /usr/lib/system/libsystem_secinit.dylib
    0x7fffa057b000 -     0x7fffa0582fff  libsystem_symptoms.dylib (532.1.1) <B26F656E-94F9-3834-9B03-51C4FF11D1BF> /usr/lib/system/libsystem_symptoms.dylib
    0x7fffa0583000 -     0x7fffa05a3ff7  libsystem_trace.dylib (518.1.16) <C3CDF7BC-CA3D-34F5-ADF8-46AAAB0B47F8> /usr/lib/system/libsystem_trace.dylib
    0x7fffa05a4000 -     0x7fffa05a9ffb  libunwind.dylib (35.3) <9F7C2AD8-A9A7-3DE4-828D-B0F0F166AAA0> /usr/lib/system/libunwind.dylib
    0x7fffa05aa000 -     0x7fffa05d3ff7  libxpc.dylib (972.1.5) <2A901937-48E1-3BF2-83F1-2431156D82B7> /usr/lib/system/libxpc.dylib

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 5497
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=119.1M resident=0K(0%) swapped_out_or_unallocated=119.1M(100%)
Writable regions: Total=26.4M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=26.4M(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Kernel Alloc Once                    8K        2 
MALLOC                            18.2M        8 
MALLOC guard page                   16K        4 
STACK GUARD                       56.0M        2 
Stack                             8192K        2 
VM_ALLOCATE                          4K        2 
__DATA                            1460K       43 
__LINKEDIT                       111.3M        4 
__TEXT                            8084K       42 
shared memory                       12K        4 
===========                     =======  ======= 
TOTAL                            202.8M      103 

Model: MacBookPro11,2, BootROM MBP...
...

Additionally:

  • The same occurs with a clean build of upx from this new repo, on both i386 and amd64.

Process:               upx [59680]
Path:                  /Users/USER/*/upx
Identifier:            upx
Version:               ???
Code Type:             X86-64 (Native)
Parent Process:        fish [2114]
Responsible:           upxx [59680]
User ID:               501

Date/Time:             2016-09-15 06:58:07.394 -0700
OS Version:            Mac OS X 10.12 (16A320)
Report Version:        12
Anonymous UUID:        8833382B-065F-9020-2102-BC778676C039


Time Awake Since Boot: 7600 seconds

System Integrity Protection: disabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_CRASH (SIGKILL)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    EXEC, [0xc] This UPX compressed binary contains an invalid Mach-O header and cannot be loaded.

Application Specific Information:
crashed on child side of fork pre-exec

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib          0x00007fffa0486816 execve + 10
1   fish                            0x000000010d29e292 safe_launch_process(process_t*, char const*, char const* const*, char const* const*) + 34
2   fish                            0x000000010d29e182 exec_job(parser_t&, job_t*) + 10434
3   fish                            0x000000010d2ccc4a parse_execution_context_t::run_1_job(parse_node_t const&, block_t const*) + 1802
4   fish                            0x000000010d2cd005 parse_execution_context_t::run_job_list(parse_node_t const&, block_t const*) + 245
5   fish                            0x000000010d2d1b2d parse_execution_context_t::eval_node_at_offset(unsigned int, block_t const*, io_chain_t const&) + 365
6   fish                            0x000000010d2de800 parser_t::eval_block_node(unsigned int, io_chain_t const&, block_type_t) + 336
7   fish                            0x000000010d2de5a5 parser_t::eval_acquiring_tree(std::__1::basic_string<wchar_t, std::__1::char_traits<wchar_t>, std::__1::allocator<wchar_t> > const&, io_chain_t const&, block_type_t, moved_ref<parse_node_tree_t>) + 373
8   fish                            0x000000010d2dde8f parser_t::eval(std::__1::basic_string<wchar_t, std::__1::char_traits<wchar_t>, std::__1::allocator<wchar_t> > const&, io_chain_t const&, block_type_t) + 111
9   fish                            0x000000010d2ebae1 reader_run_command(parser_t&, std::__1::basic_string<wchar_t, std::__1::char_traits<wchar_t>, std::__1::allocator<wchar_t> > const&) + 417
10  fish                            0x000000010d2f413f reader_read(int, io_chain_t const&) + 1375
11  fish                            0x000000010d304711 main + 5681
12  libdyld.dylib                   0x00007fffa0357255 start + 1

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x000000000000000d  rbx: 0x00007fc716e0e3a0  rcx: 0x00007fff529a5458  rdx: 0x00007fc717026400
  rdi: 0x00007fff529a5ac1  rsi: 0x00007fc716e0e3a0  rbp: 0x00007fff529a58b0  rsp: 0x00007fff529a5458
   r8: 0x0000000000000303   r9: 0x0000000000000000  r10: 0x0000000000000000  r11: 0x0000000000000202
  r12: 0x00007fff529a5ac1  r13: 0x00007fc717026400  r14: 0x00007fc717026400  r15: 0x00007fff529a5ac1
  rip: 0x00007fffa0486816  rfl: 0x0000000000000203  cr2: 0x000000010d3295d8

Logical CPU:     0
Error Code:      0x0200003b
Trap Number:     133


Binary Images:
       0x10d258000 -        0x10d328ff3 +fish (0) <9EE6BE98-CD04-31D0-9C71-3BD3671623D1> /usr/local/bin/fish
       0x10d371000 -        0x10d3ceffb +libpcre2-32.0.dylib (0) <B11362C5-ECB1-33E3-B97D-5D086DBCE667> /usr/local/opt/pcre2/lib/libpcre2-32.0.dylib
       0x110b65000 -        0x110ba21c7  dyld (421.1) <A525EAEA-AF86-30C2-B360-3D093B4F0828> /usr/lib/dyld
    0x7fff9edc3000 -     0x7fff9edc4ff3  libSystem.B.dylib (1238) <168B3C56-081B-3998-9A44-681EB4C6828F> /usr/lib/libSystem.B.dylib
    0x7fff9eed4000 -     0x7fff9eed4ff3  libauto.dylib (187) <5BBF6A00-CC76-389D-84E7-CA88EDADE683> /usr/lib/libauto.dylib
    0x7fff9eef5000 -     0x7fff9ef4bff7  libc++.1.dylib (307.4) <BEE86868-F831-384C-919E-2B286ACFE87C> /usr/lib/libc++.1.dylib
    0x7fff9ef4c000 -     0x7fff9ef76fff  libc++abi.dylib (307.2) <1CEF8ABB-7E6D-3C2F-8E0A-E7884478DD23> /usr/lib/libc++abi.dylib
    0x7fff9f9ba000 -     0x7fff9f9ebff3  libncurses.5.4.dylib (51) <6B88562D-86DB-3EFA-8C55-0148C30DC642> /usr/lib/libncurses.5.4.dylib
    0x7fff9fa65000 -     0x7fff9fe35d97  libobjc.A.dylib (706) <F9AFE665-A3A2-3285-9495-19803A565861> /usr/lib/libobjc.A.dylib
    0x7fffa027b000 -     0x7fffa027fff7  libcache.dylib (79) <84E55656-FDA9-3B29-9E4F-BE31B2C0AA3C> /usr/lib/system/libcache.dylib
    0x7fffa0280000 -     0x7fffa028afff  libcommonCrypto.dylib (60092.1.2) <79F738D8-0AD7-3DEA-AF80-E0F8B90B74E3> /usr/lib/system/libcommonCrypto.dylib
    0x7fffa028b000 -     0x7fffa0292fff  libcompiler_rt.dylib (62) <486BDE52-81B4-3446-BD72-23977CAE556F> /usr/lib/system/libcompiler_rt.dylib
    0x7fffa0293000 -     0x7fffa029bfff  libcopyfile.dylib (138) <0DA49B77-56EC-362D-98FF-FA78CFD986D6> /usr/lib/system/libcopyfile.dylib
    0x7fffa029c000 -     0x7fffa031eff3  libcorecrypto.dylib (442.1.3) <1CA8B679-810E-3C04-945A-4AC19372CDC7> /usr/lib/system/libcorecrypto.dylib
    0x7fffa031f000 -     0x7fffa0351fff  libdispatch.dylib (703.1.4) <12B1D95B-283D-325D-85AB-29A2FFD36987> /usr/lib/system/libdispatch.dylib
    0x7fffa0352000 -     0x7fffa0357ff3  libdyld.dylib (421.1) <CDFBDC9C-418C-369D-B433-F64B0630E640> /usr/lib/system/libdyld.dylib
    0x7fffa0358000 -     0x7fffa0358ffb  libkeymgr.dylib (28) <09CD7CA6-46D2-3A9F-B9F1-7C4CA5CA0D68> /usr/lib/system/libkeymgr.dylib
    0x7fffa0366000 -     0x7fffa0366fff  liblaunch.dylib (972.1.5) <DC31FDEA-FD81-335E-BAA8-5A7395D20772> /usr/lib/system/liblaunch.dylib
    0x7fffa0367000 -     0x7fffa036cfff  libmacho.dylib (894) <1EAE5ADD-490C-3B1F-9F97-447BA8E0E90F> /usr/lib/system/libmacho.dylib
    0x7fffa036d000 -     0x7fffa036fff3  libquarantine.dylib (85) <78EF62D8-C890-3FC0-937A-C2FD8CEF8992> /usr/lib/system/libquarantine.dylib
    0x7fffa0370000 -     0x7fffa0371ffb  libremovefile.dylib (45) <C4FC07FF-ED86-382E-B06F-33C34718080C> /usr/lib/system/libremovefile.dylib
    0x7fffa0372000 -     0x7fffa038aff7  libsystem_asl.dylib (349.1.1) <F0987490-8427-367F-B302-A05A7D61FEBF> /usr/lib/system/libsystem_asl.dylib
    0x7fffa038b000 -     0x7fffa038bff7  libsystem_blocks.dylib (67) <B8C3701D-5A91-3D35-999D-2DC8D5393525> /usr/lib/system/libsystem_blocks.dylib
    0x7fffa038c000 -     0x7fffa0419fe7  libsystem_c.dylib (1158.1.2) <5F260836-48E4-3F57-8553-62D2DA228A1F> /usr/lib/system/libsystem_c.dylib
    0x7fffa041a000 -     0x7fffa041dffb  libsystem_configuration.dylib (888.1.2) <67BB9D8B-2430-38AD-81A7-F0EC924B2590> /usr/lib/system/libsystem_configuration.dylib
    0x7fffa041e000 -     0x7fffa0421fff  libsystem_coreservices.dylib (41.1) <11F22E6C-0DCB-3699-A4F0-C99E301E56E9> /usr/lib/system/libsystem_coreservices.dylib
    0x7fffa0422000 -     0x7fffa043affb  libsystem_coretls.dylib (121.1.1) <8F7E9B12-400D-3276-A9C5-4546B0258554> /usr/lib/system/libsystem_coretls.dylib
    0x7fffa043b000 -     0x7fffa0441fff  libsystem_dnssd.dylib (765.1.2) <C5FF2025-C60B-39C6-B205-6BF1BC51D1B3> /usr/lib/system/libsystem_dnssd.dylib
    0x7fffa0442000 -     0x7fffa046bfff  libsystem_info.dylib (503) <C686B834-5E7D-382C-AF6E-44AB78EE83E2> /usr/lib/system/libsystem_info.dylib
    0x7fffa046c000 -     0x7fffa048eff7  libsystem_kernel.dylib (3789.1.32) <5C68A0D7-C3C9-3E52-B983-EDE9A28AB6FC> /usr/lib/system/libsystem_kernel.dylib
    0x7fffa048f000 -     0x7fffa04d6fe7  libsystem_m.dylib (3121.4) <E3370D16-EBAA-3C7F-AC56-2D6EAD7DB0A4> /usr/lib/system/libsystem_m.dylib
    0x7fffa04d7000 -     0x7fffa04f5ff7  libsystem_malloc.dylib (116) <3DD17B88-B7A4-38B9-9E95-AB88E1C3B647> /usr/lib/system/libsystem_malloc.dylib
    0x7fffa04f6000 -     0x7fffa054cfff  libsystem_network.dylib (856.1.8) <A8973360-956A-33BF-9971-14D59C84E0D1> /usr/lib/system/libsystem_network.dylib
    0x7fffa054d000 -     0x7fffa0556ff3  libsystem_networkextension.dylib (563.1.11) <1C551832-9360-36DD-A7BA-52B55A171720> /usr/lib/system/libsystem_networkextension.dylib
    0x7fffa0557000 -     0x7fffa0560ffb  libsystem_notify.dylib (165) <AF77D471-6B13-36BA-B144-7E7DDB9DBA9F> /usr/lib/system/libsystem_notify.dylib
    0x7fffa0561000 -     0x7fffa0569fe7  libsystem_platform.dylib (126.1.2) <884DDF42-3CAE-334A-82CE-965617130FB1> /usr/lib/system/libsystem_platform.dylib
    0x7fffa056a000 -     0x7fffa0574fff  libsystem_pthread.dylib (218.1.3) <050AE77B-4F4B-334A-A5BA-CF0D10AF5304> /usr/lib/system/libsystem_pthread.dylib
    0x7fffa0575000 -     0x7fffa0578fff  libsystem_sandbox.dylib (592.1.3) <90FEF628-316D-3F84-9EF4-F7F510A4FBBB> /usr/lib/system/libsystem_sandbox.dylib
    0x7fffa0579000 -     0x7fffa057afff  libsystem_secinit.dylib (24) <A54B8FEF-E792-3C54-8E0B-E80A376662F2> /usr/lib/system/libsystem_secinit.dylib
    0x7fffa057b000 -     0x7fffa0582fff  libsystem_symptoms.dylib (532.1.1) <B26F656E-94F9-3834-9B03-51C4FF11D1BF> /usr/lib/system/libsystem_symptoms.dylib
    0x7fffa0583000 -     0x7fffa05a3ff7  libsystem_trace.dylib (518.1.16) <C3CDF7BC-CA3D-34F5-ADF8-46AAAB0B47F8> /usr/lib/system/libsystem_trace.dylib
    0x7fffa05a4000 -     0x7fffa05a9ffb  libunwind.dylib (35.3) <9F7C2AD8-A9A7-3DE4-828D-B0F0F166AAA0> /usr/lib/system/libunwind.dylib
    0x7fffa05aa000 -     0x7fffa05d3ff7  libxpc.dylib (972.1.5) <2A901937-48E1-3BF2-83F1-2431156D82B7> /usr/lib/system/libxpc.dylib

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 3690
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=120.7M resident=0K(0%) swapped_out_or_unallocated=120.7M(100%)
Writable regions: Total=81.5M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=81.5M(100%)

                                VIRTUAL   REGION
REGION TYPE                        SIZE    COUNT (non-coalesced)
===========                     =======  =======
Kernel Alloc Once                    8K        2
MALLOC                            73.5M       13
MALLOC guard page                   16K        4
STACK GUARD                       56.0M        2
Stack                             8192K        2
VM_ALLOCATE                          4K        2
__DATA                            1500K       45
__LINKEDIT                       111.5M        5
__TEXT                            9476K       44
shared memory                       12K        4
===========                     =======  =======
TOTAL                            259.7M      113

I think this is actually from after I started trying to hack on your code a bit, seeing if I could exorcise some of the stranger load command and MH_WHATEVER flags, which made no difference, at which point I realized this is probably something related the stubs, no?

I valiantly did try to build rebuild them, but no, I definitely do not have the right tools to do so. Although, in my defense, I'm pretty sure the issue is not that my copy off the stubtools is outdated, as the message says.

In any case, can I reasonably infer that this probably just boils down to the fact that they just aren't wanting to allow anything that "fully static", and not fully PIE? I think I might have come across a comment somewhere in this repo mentioning PIC or address randomization or something, but I've been up all night and I could have been imagining that or something.

In any case, I'm petty darn sure there's little point in my continuing to try to examine this myself any further. I would assume its reasonable to think that at some point there will be a version of UPX that works on a Mac again. But I wanted to ask, on a scale of probably-not-gonna-happen to you-dreamin-son, I was wondering if it you think it might be theoretically possible to seghack (swap out segments?) or otherwise patch (maybe using that crazy new LLVM macho-disassembly framework) to get existing UPX executables to run again?

Otherwise, maybe sometime next week I'll do a writeup on my awful kludge of a workaround.

The one sentence version is 1. grab an older Recovery Partition update pkg from the Apple SW update repos, extract it, do a block level copy of the partition into a mounted virtual disk...

@gingerbeardman

This comment has been minimized.

Show comment
Hide comment
@gingerbeardman

gingerbeardman Sep 15, 2016

I came here to post about this, but not in so many words :)

I came here to post about this, but not in so many words :)

@egraether

This comment has been minimized.

Show comment
Hide comment

👍

@Anubis88

This comment has been minimized.

Show comment
Hide comment
@Anubis88

Anubis88 Sep 16, 2016

I also wanted to report this. I hope this gets fixed soon.

I also wanted to report this. I hope this gets fixed soon.

@markus-oberhumer

This comment has been minimized.

Show comment
Hide comment
@markus-oberhumer

markus-oberhumer Sep 17, 2016

Contributor

We're aware of this issue - please see

https://sourceforge.net/p/upx/bugs/248/

Contributor

markus-oberhumer commented Sep 17, 2016

We're aware of this issue - please see

https://sourceforge.net/p/upx/bugs/248/

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Sep 17, 2016

Contributor

We're aware of the problem. I have a new version which compresses /bin/date so that the result runs on Sierra. The code is not quite ready for checkin. Lack of documentation from Apple has slowed progress. Yes, Sierra can run [some] non-PIE MH_EXECUTABLE files.

"...to get existing UPX executables to run again?" Decompress them: "upx -d my_app".

Contributor

jreiser commented Sep 17, 2016

We're aware of the problem. I have a new version which compresses /bin/date so that the result runs on Sierra. The code is not quite ready for checkin. Lack of documentation from Apple has slowed progress. Yes, Sierra can run [some] non-PIE MH_EXECUTABLE files.

"...to get existing UPX executables to run again?" Decompress them: "upx -d my_app".

@sampl3x

This comment has been minimized.

Show comment
Hide comment
@sampl3x

sampl3x Sep 19, 2016

All the apps that give the killed 9 error i try to do a upx -d gives:

upx: Patcher: NotPackedException: not packed by UPX

sampl3x commented Sep 19, 2016

All the apps that give the killed 9 error i try to do a upx -d gives:

upx: Patcher: NotPackedException: not packed by UPX

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Sep 19, 2016

Contributor

If the app was code signed after compression by UPX, then try removing the code signature before decompressing. If nothing else, a truncated copy can be done by using 'dd' and some parameters provided by output from "otool -hl". Code signing adds a large amount of data to the end of the file. UPX looks near the end of the file to find its marker for clues about where the compressed data lives.

Contributor

jreiser commented Sep 19, 2016

If the app was code signed after compression by UPX, then try removing the code signature before decompressing. If nothing else, a truncated copy can be done by using 'dd' and some parameters provided by output from "otool -hl". Code signing adds a large amount of data to the end of the file. UPX looks near the end of the file to find its marker for clues about where the compressed data lives.

@sampl3x

This comment has been minimized.

Show comment
Hide comment
@sampl3x

sampl3x Sep 19, 2016

Jreiser tnx for your quick replay...

How can i see it codesigned, is there a tool for that?
How can i remove the code signing, Is there a tool for that?

sampl3x commented Sep 19, 2016

Jreiser tnx for your quick replay...

How can i see it codesigned, is there a tool for that?
How can i remove the code signing, Is there a tool for that?

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Sep 19, 2016

Contributor

"otool -hl my_app" lists all the Mach-O headers including LC_CODE_SIGNATURE if present. Data member .fileoff indicates the start, and .filesize the end; and the region should be at the end of the file. Use 'dd' to make a copy that stops before the signature. Complain to Apple that the code signing tool does not have the feature of removing a signature.

Contributor

jreiser commented Sep 19, 2016

"otool -hl my_app" lists all the Mach-O headers including LC_CODE_SIGNATURE if present. Data member .fileoff indicates the start, and .filesize the end; and the region should be at the end of the file. Use 'dd' to make a copy that stops before the signature. Complain to Apple that the code signing tool does not have the feature of removing a signature.

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Sep 20, 2016

Contributor

Call for testers: current git tip, commit c678ccd, works for me: compress and run a copy of /bin/date on Sierra.

$ upx -f -o date.upx /bin/date
     28544 ->     17008   59.59%   Mach/AMD64   date.upx
$ ls -l /bin/date date.upx
-rwxr-xr-x  1 root     wheel  28544 Sep  6 21:43 /bin/date
-rwxr-xr-x  1 jreiser  staff  17008 Sep 19 21:16 date.upx
$ sum /bin/date date.upx
9372 28 /bin/date
62796 17 date.upx

The compressed version also runs after code signing. What does NOT work yet is decompression (upx -d). That's next.

Contributor

jreiser commented Sep 20, 2016

Call for testers: current git tip, commit c678ccd, works for me: compress and run a copy of /bin/date on Sierra.

$ upx -f -o date.upx /bin/date
     28544 ->     17008   59.59%   Mach/AMD64   date.upx
$ ls -l /bin/date date.upx
-rwxr-xr-x  1 root     wheel  28544 Sep  6 21:43 /bin/date
-rwxr-xr-x  1 jreiser  staff  17008 Sep 19 21:16 date.upx
$ sum /bin/date date.upx
9372 28 /bin/date
62796 17 date.upx

The compressed version also runs after code signing. What does NOT work yet is decompression (upx -d). That's next.

@rasky

This comment has been minimized.

Show comment
Hide comment
@rasky

rasky Sep 20, 2016

Was willing to try, but compilation fails on my Mac:

g++ -O2 -fno-strict-aliasing -fwrapv -Wall -W -Wcast-align -Wcast-qual -Wpointer-arith -Wshadow -Wwrite-strings -Werror -o p_armpe.o -c p_armpe.cpp
In file included from p_armpe.cpp:34:
./p_armpe.h:70:18: error: 'PackArmPe::processImports' hides overloaded virtual function [-Werror,-Woverloaded-virtual]
    virtual void processImports(unsigned, unsigned);
                 ^
./pefile.h:430:22: note: hidden overloaded virtual function 'PeFile32::processImports' declared here: different number of parameters (0 vs 2)
    virtual unsigned processImports();
                     ^
1 error generated.
make: *** [p_armpe.o] Error 1

rasky commented Sep 20, 2016

Was willing to try, but compilation fails on my Mac:

g++ -O2 -fno-strict-aliasing -fwrapv -Wall -W -Wcast-align -Wcast-qual -Wpointer-arith -Wshadow -Wwrite-strings -Werror -o p_armpe.o -c p_armpe.cpp
In file included from p_armpe.cpp:34:
./p_armpe.h:70:18: error: 'PackArmPe::processImports' hides overloaded virtual function [-Werror,-Woverloaded-virtual]
    virtual void processImports(unsigned, unsigned);
                 ^
./pefile.h:430:22: note: hidden overloaded virtual function 'PeFile32::processImports' declared here: different number of parameters (0 vs 2)
    virtual unsigned processImports();
                     ^
1 error generated.
make: *** [p_armpe.o] Error 1
@sampl3x

This comment has been minimized.

Show comment
Hide comment
@sampl3x

sampl3x Sep 20, 2016

What about files created with UPX a year ago, they still no run on Sierra right?

sampl3x commented Sep 20, 2016

What about files created with UPX a year ago, they still no run on Sierra right?

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Sep 20, 2016

Contributor

@sampl3x: Correct, Sierra still does not run old compressed output; I didn't change Sierra. The workaround is: de-compress what old upx produced, then re-compress with new upx. The typical problem is that the old compressed output was then code signed, which hides the location of the compressed data from the de-compressor in the old upx; and the Apple code sign utility does not have the feature of removing the signature that it installed. As I explained in this thread before, you can remove the signature yourself using "otool -hl" to find out where it is, then 'dd' to make a copy that stops before the signature. I will see if the decompressor in the new upx effectively can do this for you.

Contributor

jreiser commented Sep 20, 2016

@sampl3x: Correct, Sierra still does not run old compressed output; I didn't change Sierra. The workaround is: de-compress what old upx produced, then re-compress with new upx. The typical problem is that the old compressed output was then code signed, which hides the location of the compressed data from the de-compressor in the old upx; and the Apple code sign utility does not have the feature of removing the signature that it installed. As I explained in this thread before, you can remove the signature yourself using "otool -hl" to find out where it is, then 'dd' to make a copy that stops before the signature. I will see if the decompressor in the new upx effectively can do this for you.

@sampl3x

This comment has been minimized.

Show comment
Hide comment
@sampl3x

sampl3x Sep 20, 2016

jreieser, tnx for the explanation.

i try to remove the signature but i don't know how with the otool.
I tried your command line and get the following output example:

otool -hl patcher
patcher:
Mach header
magic cputype cpusubtype caps filetype ncmds sizeofcmds flags
0xfeedfacf 16777223 3 0x80 2 21 3768 0x00000085
Load command 0
cmd LC_SEGMENT_64

all way down to then end:

cmd LC_CODE_SIGNATURE

cmdsize 16
dataoff 276912
datasize 10592

And then what to do with DD with this output??

sampl3x commented Sep 20, 2016

jreieser, tnx for the explanation.

i try to remove the signature but i don't know how with the otool.
I tried your command line and get the following output example:

otool -hl patcher
patcher:
Mach header
magic cputype cpusubtype caps filetype ncmds sizeofcmds flags
0xfeedfacf 16777223 3 0x80 2 21 3768 0x00000085
Load command 0
cmd LC_SEGMENT_64

all way down to then end:

cmd LC_CODE_SIGNATURE

cmdsize 16
dataoff 276912
datasize 10592

And then what to do with DD with this output??

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Sep 20, 2016

Contributor

@sampl3x: First check that the signature is at the end of the file: "ls -l" should be equal to (.dataoff + .datasize). Then "dd if=my_app of=foo bs=276912 count=1" to produce new file 'foo' which contains the first 276912 bytes; that is, everything before the signature. Then "upx -d foo".

Contributor

jreiser commented Sep 20, 2016

@sampl3x: First check that the signature is at the end of the file: "ls -l" should be equal to (.dataoff + .datasize). Then "dd if=my_app of=foo bs=276912 count=1" to produce new file 'foo' which contains the first 276912 bytes; that is, everything before the signature. Then "upx -d foo".

@sampl3x

This comment has been minimized.

Show comment
Hide comment
@sampl3x

sampl3x Sep 20, 2016

Ill try it.

also i tried this: https://www.dropbox.com/s/wmeeodg91d1qef2/stripcodesig.zip

Seems to work also but still UPX says its not an upx compressed file.

sampl3x commented Sep 20, 2016

Ill try it.

also i tried this: https://www.dropbox.com/s/wmeeodg91d1qef2/stripcodesig.zip

Seems to work also but still UPX says its not an upx compressed file.

@RyuX51

This comment has been minimized.

Show comment
Hide comment
@RyuX51

RyuX51 Sep 20, 2016

3.92 (commit 3f7c1f9) works when trying to compress and run date, where 3.91 was not. Thank you.
Also still getting NotPackedException: not packed by UPX when trying to decompress old ones after removing the code signature.

RyuX51 commented Sep 20, 2016

3.92 (commit 3f7c1f9) works when trying to compress and run date, where 3.91 was not. Thank you.
Also still getting NotPackedException: not packed by UPX when trying to decompress old ones after removing the code signature.

@sampl3x

This comment has been minimized.

Show comment
Hide comment
@sampl3x

sampl3x Sep 20, 2016

I dont know how to upgrade UPX using brew. brew update doesnt update upx to 3.92.

sampl3x commented Sep 20, 2016

I dont know how to upgrade UPX using brew. brew update doesnt update upx to 3.92.

@RyuX51

This comment has been minimized.

Show comment
Hide comment
@RyuX51

RyuX51 Sep 20, 2016

No, 3.92 is still in development. You have it to build from the sources to test it. Or be patient a little more, it's already been merged into master. :)

RyuX51 commented Sep 20, 2016

No, 3.92 is still in development. You have it to build from the sources to test it. Or be patient a little more, it's already been merged into master. :)

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Sep 21, 2016

Contributor

"upx -d" to decompress packed Mach-O executables now works for me, for both old (upx 3.91, pre-Sierra) and new (soon-to-be upx 3.92, Sierra) compressed files, and both when code signed after compression or not signed. The commit is ad6914b which is now on branch 'devel'. The diff for that commit gives clues how upx detects where the compressed data lives.

If "upx -d my.app" does not work for you then please post the output from "otool -hl my.app".

Contributor

jreiser commented Sep 21, 2016

"upx -d" to decompress packed Mach-O executables now works for me, for both old (upx 3.91, pre-Sierra) and new (soon-to-be upx 3.92, Sierra) compressed files, and both when code signed after compression or not signed. The commit is ad6914b which is now on branch 'devel'. The diff for that commit gives clues how upx detects where the compressed data lives.

If "upx -d my.app" does not work for you then please post the output from "otool -hl my.app".

@sampl3x

This comment has been minimized.

Show comment
Hide comment
@sampl3x

sampl3x Sep 21, 2016

Is it possible you create a mac binary so i can test it?
Or how i can add the branch devel to brew..

sampl3x commented Sep 21, 2016

Is it possible you create a mac binary so i can test it?
Or how i can add the branch devel to brew..

@RyuX51

This comment has been minimized.

Show comment
Hide comment
@RyuX51

RyuX51 Sep 21, 2016

The output is from the untouched signed executable:

signed:
Mach header
magic cputype cpusubtype caps filetype ncmds sizeofcmds flags
0xfeedfacf 16777223 3 0x80 2 6 648 0x00000001
Load command 0
cmd LC_SEGMENT_64
cmdsize 72
segname __PAGEZERO
vmaddr 0x0000000000000000
vmsize 0x0000000000001000
fileoff 0
filesize 0
maxprot 0x00000000
initprot 0x00000000
nsects 0
flags 0x0
Load command 1
cmd LC_SEGMENT_64
cmdsize 152
segname __XHDR
vmaddr 0x0000000000001000
vmsize 0x0000000000001000
fileoff 0
filesize 4096
maxprot 0x00000007
initprot 0x00000007
nsects 1
flags 0x0
Section
sectname __xhdr
segname __XHDR
addr 0x0000000000001298
size 0x0000000000000000
offset 664
align 2^2 (4)
reloff 0
nreloc 0
flags 0x00000000
reserved1 0
reserved2 0
Load command 2
cmd LC_SEGMENT_64
cmdsize 152
segname __TEXT
vmaddr 0x000000010001b000
vmsize 0x0000000000008cac
fileoff 0
filesize 35608
maxprot 0x00000007
initprot 0x00000007
nsects 1
flags 0x0
Section
sectname __text
segname __TEXT
addr 0x000000010001b2c0
size 0x00000000000089ec
offset 704
align 2^2 (4)
reloff 0
nreloc 0
flags 0x00000000
reserved1 0
reserved2 0
Load command 3
cmd LC_SEGMENT_64
cmdsize 72
segname __LINKEDIT
vmaddr 0x0000000100024000
vmsize 0x0000000000003000
fileoff 36864
filesize 9840
maxprot 0x00000007
initprot 0x00000001
nsects 0
flags 0x0
Load command 4
cmd LC_UNIXTHREAD
cmdsize 184
flavor x86_THREAD_STATE64
count x86_THREAD_STATE64_COUNT
rax 0x0000000000000000 rbx 0x0000000000000000 rcx 0x0000000000000000
rdx 0x0000000000000000 rdi 0x0000000000000000 rsi 0x0000000000000000
rbp 0x0000000000000000 rsp 0x0000000000000000 r8 0x0000000000000000
r9 0x0000000000000000 r10 0x0000000000000000 r11 0x0000000000000000
r12 0x0000000000000000 r13 0x0000000000000000 r14 0x0000000000000000
r15 0x0000000000000000 rip 0x000000010002344c
rflags 0x0000000000000000 cs 0x0000000000000000 fs 0x0000000000000000
gs 0x0000000000000000
Load command 5
cmd LC_CODE_SIGNATURE
cmdsize 16
dataoff 36864
datasize 9840

RyuX51 commented Sep 21, 2016

The output is from the untouched signed executable:

signed:
Mach header
magic cputype cpusubtype caps filetype ncmds sizeofcmds flags
0xfeedfacf 16777223 3 0x80 2 6 648 0x00000001
Load command 0
cmd LC_SEGMENT_64
cmdsize 72
segname __PAGEZERO
vmaddr 0x0000000000000000
vmsize 0x0000000000001000
fileoff 0
filesize 0
maxprot 0x00000000
initprot 0x00000000
nsects 0
flags 0x0
Load command 1
cmd LC_SEGMENT_64
cmdsize 152
segname __XHDR
vmaddr 0x0000000000001000
vmsize 0x0000000000001000
fileoff 0
filesize 4096
maxprot 0x00000007
initprot 0x00000007
nsects 1
flags 0x0
Section
sectname __xhdr
segname __XHDR
addr 0x0000000000001298
size 0x0000000000000000
offset 664
align 2^2 (4)
reloff 0
nreloc 0
flags 0x00000000
reserved1 0
reserved2 0
Load command 2
cmd LC_SEGMENT_64
cmdsize 152
segname __TEXT
vmaddr 0x000000010001b000
vmsize 0x0000000000008cac
fileoff 0
filesize 35608
maxprot 0x00000007
initprot 0x00000007
nsects 1
flags 0x0
Section
sectname __text
segname __TEXT
addr 0x000000010001b2c0
size 0x00000000000089ec
offset 704
align 2^2 (4)
reloff 0
nreloc 0
flags 0x00000000
reserved1 0
reserved2 0
Load command 3
cmd LC_SEGMENT_64
cmdsize 72
segname __LINKEDIT
vmaddr 0x0000000100024000
vmsize 0x0000000000003000
fileoff 36864
filesize 9840
maxprot 0x00000007
initprot 0x00000001
nsects 0
flags 0x0
Load command 4
cmd LC_UNIXTHREAD
cmdsize 184
flavor x86_THREAD_STATE64
count x86_THREAD_STATE64_COUNT
rax 0x0000000000000000 rbx 0x0000000000000000 rcx 0x0000000000000000
rdx 0x0000000000000000 rdi 0x0000000000000000 rsi 0x0000000000000000
rbp 0x0000000000000000 rsp 0x0000000000000000 r8 0x0000000000000000
r9 0x0000000000000000 r10 0x0000000000000000 r11 0x0000000000000000
r12 0x0000000000000000 r13 0x0000000000000000 r14 0x0000000000000000
r15 0x0000000000000000 rip 0x000000010002344c
rflags 0x0000000000000000 cs 0x0000000000000000 fs 0x0000000000000000
gs 0x0000000000000000
Load command 5
cmd LC_CODE_SIGNATURE
cmdsize 16
dataoff 36864
datasize 9840

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Sep 21, 2016

Contributor

@RyuX51 I'd like to look at the file. Can you put it somewhere I can download it (such as dropbox, etc.) then send me the filename at my address given in the sources? Or, at only about 47KB, it might be small enough for email. Thanks.

Contributor

jreiser commented Sep 21, 2016

@RyuX51 I'd like to look at the file. Can you put it somewhere I can download it (such as dropbox, etc.) then send me the filename at my address given in the sources? Or, at only about 47KB, it might be small enough for email. Thanks.

@sampl3x

This comment has been minimized.

Show comment
Hide comment
@sampl3x

sampl3x Sep 21, 2016

jreiser can you share the UPX 3.9.2 mac binary?

sampl3x commented Sep 21, 2016

jreiser can you share the UPX 3.9.2 mac binary?

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Sep 21, 2016

Contributor

@sampl3x I develop on Linux. It will take a while to generate a mac binary.

Contributor

jreiser commented Sep 21, 2016

@sampl3x I develop on Linux. It will take a while to generate a mac binary.

@sampl3x

This comment has been minimized.

Show comment
Hide comment
@sampl3x

sampl3x Sep 21, 2016

Oke no problem, maybe someone else can tell me how to create it on a Mac so i can test it.

sampl3x commented Sep 21, 2016

Oke no problem, maybe someone else can tell me how to create it on a Mac so i can test it.

@jreiser

This comment has been minimized.

Show comment
Hide comment
@gingerbeardman

This comment has been minimized.

Show comment
Hide comment
@gingerbeardman

gingerbeardman Sep 21, 2016

Thanks for the binary

chmod +x upx.out
./upx.out

Thanks for the binary

chmod +x upx.out
./upx.out
@sampl3x

This comment has been minimized.

Show comment
Hide comment
@sampl3x

sampl3x Sep 21, 2016

Tnx jreiser!

sampl3x commented Sep 21, 2016

Tnx jreiser!

@Bicet

This comment has been minimized.

Show comment
Hide comment
@Bicet

Bicet Sep 21, 2016

I still have the problem with @jreiser's file :)
NotPackedException: not packed by UPX

thank you anyway

Bicet commented Sep 21, 2016

I still have the problem with @jreiser's file :)
NotPackedException: not packed by UPX

thank you anyway

@warking

This comment has been minimized.

Show comment
Hide comment
@warking

warking Sep 21, 2016

@sampl3x your executable "patcher" may NOT be UPX compressed at all. check with this:

hexdump -C path_to_your_patcher | grep -C 1 UPX

warking commented Sep 21, 2016

@sampl3x your executable "patcher" may NOT be UPX compressed at all. check with this:

hexdump -C path_to_your_patcher | grep -C 1 UPX

@sampl3x

This comment has been minimized.

Show comment
Hide comment
@sampl3x

sampl3x Sep 21, 2016

@warking I tried your command but but get no output.

Like Bicet i still get NotPackedException: not packed by UPX.

But when i run the app on Sierra i get: This UPX compressed binary contains an invalid Mach-O header and cannot be loaded.

sampl3x commented Sep 21, 2016

@warking I tried your command but but get no output.

Like Bicet i still get NotPackedException: not packed by UPX.

But when i run the app on Sierra i get: This UPX compressed binary contains an invalid Mach-O header and cannot be loaded.

@RyuX51

This comment has been minimized.

Show comment
Hide comment
@RyuX51

RyuX51 Sep 21, 2016

This excludes me then, too. There is no UPX_DATA or even UPX in the hexdump. I feel stupid never questioning if the file really is UPX compressed. The crash report from geoff-codes looks nearly identically to mine so I was curious and wanted to lend a hand but ended up wasting your time instead. I apologise.
So Termination Reason: EXEC, [0xc] This UPX compressed binary contains an invalid Mach-O header and cannot be loaded. is misleading, because Sierra falsely assumes an UPX compressed file where there is none.
Have a nice day. :)

RyuX51 commented Sep 21, 2016

This excludes me then, too. There is no UPX_DATA or even UPX in the hexdump. I feel stupid never questioning if the file really is UPX compressed. The crash report from geoff-codes looks nearly identically to mine so I was curious and wanted to lend a hand but ended up wasting your time instead. I apologise.
So Termination Reason: EXEC, [0xc] This UPX compressed binary contains an invalid Mach-O header and cannot be loaded. is misleading, because Sierra falsely assumes an UPX compressed file where there is none.
Have a nice day. :)

@Bicet

This comment has been minimized.

Show comment
Hide comment
@Bicet

Bicet Sep 21, 2016

So Termination Reason: EXEC, [0xc] This UPX compressed binary contains an invalid Mach-O header and cannot be loaded. is misleading, because Sierra falsely assumes an UPX compressed file where there is none.

this seems a good question...

Bicet commented Sep 21, 2016

So Termination Reason: EXEC, [0xc] This UPX compressed binary contains an invalid Mach-O header and cannot be loaded. is misleading, because Sierra falsely assumes an UPX compressed file where there is none.

this seems a good question...

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Sep 21, 2016

Contributor

@RyuX51 : Thank you for apologizing, but to me it seems possible that some "pirate" has deliberately removed the "UPX!" string that marks the pointer to the compressed data, and UPX does not look more closely. Your output from "otool -hl" is so close to what UPX generates that I would like to examine the file carefully. Would you please send it to me?

Contributor

jreiser commented Sep 21, 2016

@RyuX51 : Thank you for apologizing, but to me it seems possible that some "pirate" has deliberately removed the "UPX!" string that marks the pointer to the compressed data, and UPX does not look more closely. Your output from "otool -hl" is so close to what UPX generates that I would like to examine the file carefully. Would you please send it to me?

@Bicet

This comment has been minimized.

Show comment
Hide comment
@RyuX51

This comment has been minimized.

Show comment
Hide comment
@RyuX51

RyuX51 Sep 21, 2016

Of course, I'll send it right away.

RyuX51 commented Sep 21, 2016

Of course, I'll send it right away.

@l2dy l2dy referenced this issue Oct 31, 2016

Merged

Add upx-devel #2

@asmaloney

This comment has been minimized.

Show comment
Hide comment
@asmaloney

asmaloney Nov 2, 2016

@markus-oberhumer Do you have a rough estimate for the next release with this fix? I have two product releases on hold for this.

Thanks!

@markus-oberhumer Do you have a rough estimate for the next release with this fix? I have two product releases on hold for this.

Thanks!

@markus-oberhumer

This comment has been minimized.

Show comment
Hide comment
@markus-oberhumer

markus-oberhumer Nov 4, 2016

Contributor

I need green light from @jreiser and @ml1050 before a new release. I think there are still some open issues, though. In case of hurry you can use the current "devel" branch - Sierra issues may work perfectly for your binary (otherwise please file a bug report).

Contributor

markus-oberhumer commented Nov 4, 2016

I need green light from @jreiser and @ml1050 before a new release. I think there are still some open issues, though. In case of hurry you can use the current "devel" branch - Sierra issues may work perfectly for your binary (otherwise please file a bug report).

@asmaloney

This comment has been minimized.

Show comment
Hide comment
@asmaloney

asmaloney Nov 4, 2016

Understood - thank you for the update!

Understood - thank you for the update!

@korczis

This comment has been minimized.

Show comment
Hide comment
@korczis

korczis Nov 13, 2016

Is there any ETA for fix?

korczis commented Nov 13, 2016

Is there any ETA for fix?

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Nov 13, 2016

Contributor

Functional fixes (UPX and compressed executables run on MacOS "Sierra") have been committed to the 'devel' branch as early as Sept.21. Various updates have made de-compression work in more cases, including for "pirated" outputs which have tried to hide the use of UPX. Several pre-compiled binaries for x86_64 MacOS have been made available; look for "dropbox" in my posts above. The latest is today's:
https://www.dropbox.com/s/g9gzvm819t55tse/upx-2016-11-13.out?dl=0
Please try it, and report your experience here.

Contributor

jreiser commented Nov 13, 2016

Functional fixes (UPX and compressed executables run on MacOS "Sierra") have been committed to the 'devel' branch as early as Sept.21. Various updates have made de-compression work in more cases, including for "pirated" outputs which have tried to hide the use of UPX. Several pre-compiled binaries for x86_64 MacOS have been made available; look for "dropbox" in my posts above. The latest is today's:
https://www.dropbox.com/s/g9gzvm819t55tse/upx-2016-11-13.out?dl=0
Please try it, and report your experience here.

@markus-oberhumer markus-oberhumer added this to the v3.92 milestone Nov 17, 2016

@felice64

This comment has been minimized.

Show comment
Hide comment
@felice64

felice64 Nov 17, 2016

I tested it on this but the result is "permission denied"

MacBook-Pro-di-F:~ F$ /Users/F/Downloads/upx-2016-11-14.out -d /Users/F/Downloads/AutoCAD\ 2016\ for\ Mac\ +\ something/xf-adsk2016.dmg
-bash: /Users/F/Downloads/upx-2016-11-14.out: Permission denied
MacBook-Pro-di-F:~ F$

felice64 commented Nov 17, 2016

I tested it on this but the result is "permission denied"

MacBook-Pro-di-F:~ F$ /Users/F/Downloads/upx-2016-11-14.out -d /Users/F/Downloads/AutoCAD\ 2016\ for\ Mac\ +\ something/xf-adsk2016.dmg
-bash: /Users/F/Downloads/upx-2016-11-14.out: Permission denied
MacBook-Pro-di-F:~ F$

@NickSC

This comment has been minimized.

Show comment
Hide comment
@NickSC

NickSC Nov 17, 2016

chmod +x /Users/F/Downloads/upx-2016-11-14.out

NickSC commented Nov 17, 2016

chmod +x /Users/F/Downloads/upx-2016-11-14.out

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Nov 19, 2016

Contributor

On 11/17/2016 04:33 AM, Felice wrote:

Thanks. The problem is solved but now Iget this:

Exception Type: EXC_CRASH (SIGKILL)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Reason: EXEC, [0xc] This UPX compressed binary contains an invalid Mach-O header and cannot be loaded.

Please tell us which version of MacOS you are running (Sierra? El Capitan? ...).
What Version number does (apple) > About This Mac say?

What program was running when the "EXC_CRASH (SIGKILL)" occurred?

Please try compressing /bin/date, then running the compressed version:
upx-2016-11-14.out -f -o foo /bin/date
./foo

If a program crashes, then please run this command, and send a copy+paste of the output:
otool -hl the_program_which_crashes
If the crashing program was compressed by upx, then please also run
otool -hl the_never_compressed_program_file
and send the output.

All that additional information will help us understand your environment
and provide clues about what is going wrong and how to fix it.

Thank you,

Contributor

jreiser commented Nov 19, 2016

On 11/17/2016 04:33 AM, Felice wrote:

Thanks. The problem is solved but now Iget this:

Exception Type: EXC_CRASH (SIGKILL)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Reason: EXEC, [0xc] This UPX compressed binary contains an invalid Mach-O header and cannot be loaded.

Please tell us which version of MacOS you are running (Sierra? El Capitan? ...).
What Version number does (apple) > About This Mac say?

What program was running when the "EXC_CRASH (SIGKILL)" occurred?

Please try compressing /bin/date, then running the compressed version:
upx-2016-11-14.out -f -o foo /bin/date
./foo

If a program crashes, then please run this command, and send a copy+paste of the output:
otool -hl the_program_which_crashes
If the crashing program was compressed by upx, then please also run
otool -hl the_never_compressed_program_file
and send the output.

All that additional information will help us understand your environment
and provide clues about what is going wrong and how to fix it.

Thank you,

@jsssw2

This comment has been minimized.

Show comment
Hide comment
@jsssw2

jsssw2 Nov 19, 2016

@jreiser I'm trying to launch ableton and it keeps giving me the mac 0 thing, on the sierra os. Any ideas?

jsssw2 commented Nov 19, 2016

@jreiser I'm trying to launch ableton and it keeps giving me the mac 0 thing, on the sierra os. Any ideas?

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Nov 19, 2016

Contributor

@jssw2 Please provide more context. "launch ableton": Which ableton? The Live 9 suite with free 30-day trial, or something else? "the mac 0 thing": Please describe the symptom in more detail. Which program (such as the pathname), which invocation method (command line or double-click or ...), which parameters, where does the symptom appear (stderr, system log, ...), what is the exact quote of the complaint? Then please run "otool -hl executable_filename" on the program which complains, and on the corresponding original, never-compressed executable. If you don't have 'otool' then please run "od -Ax -tx4 executable_filename | sed 256q" instead. All this information is reasonably necessary to identify, find, and fix problems.

Contributor

jreiser commented Nov 19, 2016

@jssw2 Please provide more context. "launch ableton": Which ableton? The Live 9 suite with free 30-day trial, or something else? "the mac 0 thing": Please describe the symptom in more detail. Which program (such as the pathname), which invocation method (command line or double-click or ...), which parameters, where does the symptom appear (stderr, system log, ...), what is the exact quote of the complaint? Then please run "otool -hl executable_filename" on the program which complains, and on the corresponding original, never-compressed executable. If you don't have 'otool' then please run "od -Ax -tx4 executable_filename | sed 256q" instead. All this information is reasonably necessary to identify, find, and fix problems.

@jsssw2

This comment has been minimized.

Show comment
Hide comment
@jsssw2

jsssw2 Nov 20, 2016

@jreiser Its live 9 suite pirated, Crashed Thread: 0 Dispatch queue: com.apple.main-thread

Exception Type: EXC_CRASH (SIGKILL)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: EXEC, [0xc] This UPX compressed binary contains an invalid Mach-O header and cannot be loaded.

Thats what I'm seeing

jsssw2 commented Nov 20, 2016

@jreiser Its live 9 suite pirated, Crashed Thread: 0 Dispatch queue: com.apple.main-thread

Exception Type: EXC_CRASH (SIGKILL)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: EXEC, [0xc] This UPX compressed binary contains an invalid Mach-O header and cannot be loaded.

Thats what I'm seeing

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Nov 20, 2016

Contributor

@jsssw2 Take the file that was compressed by a previous version of upx, de-compress it using the new version ("upx-2016-11-14 -d ableton"), re-compress it ("upx-2016-11-14 ableton"), and then it should work. If not, then please provide the info requested 2 comments above (namely: output from otool or od, for both the de-compressed and re-compressed files.)

Contributor

jreiser commented Nov 20, 2016

@jsssw2 Take the file that was compressed by a previous version of upx, de-compress it using the new version ("upx-2016-11-14 -d ableton"), re-compress it ("upx-2016-11-14 ableton"), and then it should work. If not, then please provide the info requested 2 comments above (namely: output from otool or od, for both the de-compressed and re-compressed files.)

@jsssw2

This comment has been minimized.

Show comment
Hide comment
@jsssw2

jsssw2 Nov 20, 2016

@jreiser wait where do i get the new version of upx and how do i change it ? I have a mac btw.

jsssw2 commented Nov 20, 2016

@jreiser wait where do i get the new version of upx and how do i change it ? I have a mac btw.

@markus-oberhumer

This comment has been minimized.

Show comment
Hide comment
@markus-oberhumer

markus-oberhumer Nov 20, 2016

Contributor

@jsssw2 We're not interested into supporting any "hacked" or "pirate" executables, so please stop talking about those.

Contributor

markus-oberhumer commented Nov 20, 2016

@jsssw2 We're not interested into supporting any "hacked" or "pirate" executables, so please stop talking about those.

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Nov 21, 2016

Contributor

fixed on devel branch

Contributor

jreiser commented Nov 21, 2016

fixed on devel branch

@jreiser jreiser closed this Nov 21, 2016

@sephethus

This comment has been minimized.

Show comment
Hide comment
@sephethus

sephethus Nov 21, 2016

How do I install from devel branch?

How do I install from devel branch?

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Nov 21, 2016

Contributor

There is a pre-compiled binary upx-2016-11-14.out that was announced a week ago; look back in this Issue.
High-level overview: README.SRC and other files at the top level.

git clone https://github.com/upx/upx  # 52MiB
cd upx;  git checkout devel
cd src
export UPX_UCLDIR=...  # wherever you put ucl-1.03
make
Contributor

jreiser commented Nov 21, 2016

There is a pre-compiled binary upx-2016-11-14.out that was announced a week ago; look back in this Issue.
High-level overview: README.SRC and other files at the top level.

git clone https://github.com/upx/upx  # 52MiB
cd upx;  git checkout devel
cd src
export UPX_UCLDIR=...  # wherever you put ucl-1.03
make
@dylib

This comment has been minimized.

Show comment
Hide comment
@dylib

dylib Nov 21, 2016

@felice64: upx does not unpack .dmg files; rtfm!

dylib commented Nov 21, 2016

@felice64: upx does not unpack .dmg files; rtfm!

@sephethus

This comment has been minimized.

Show comment
Hide comment
@sephethus

sephethus Nov 21, 2016

@jreiser why do I get the error: No rule to make target .depend', needed byc_file.o'. Stop.

Seems to be a file missing.

@jreiser why do I get the error: No rule to make target .depend', needed byc_file.o'. Stop.

Seems to be a file missing.

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Nov 21, 2016

Contributor

@sephethus Works for me, in a new directory. In src/Makefile:

:g/BUILD_USE_DEPEND/p   # vi command to show all lines with that string
BUILD_USE_DEPEND    ?= 1     # defaults to 1
ifeq ($(BUILD_USE_DEPEND),1)  # two tests
ifeq ($(BUILD_USE_DEPEND),1)

Actual lines from Makefile:

ifeq ($(BUILD_USE_DEPEND),1)
./.depend: $(sort $(wildcard $(srcdir)/*.cpp $(srcdir)/*.h)) $(MAKEFILE_LIST)
        @rm -f $@
        @echo "Updating $@"
        @$(strip $(CXX) $(call ee,CPPFLAGS) $(call ee,CXXFLAGS) -MM) $(filter %.cpp,$^) > $@

My versions:

$ make --version
GNU Make 3.81
   [[snip]]
This program built for i386-apple-darwin11.3.0
$ c++ --version
Apple LLVM version 8.0.0 (clang-800.0.42.1)
Target: x86_64-apple-darwin16.3.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
$ 
Contributor

jreiser commented Nov 21, 2016

@sephethus Works for me, in a new directory. In src/Makefile:

:g/BUILD_USE_DEPEND/p   # vi command to show all lines with that string
BUILD_USE_DEPEND    ?= 1     # defaults to 1
ifeq ($(BUILD_USE_DEPEND),1)  # two tests
ifeq ($(BUILD_USE_DEPEND),1)

Actual lines from Makefile:

ifeq ($(BUILD_USE_DEPEND),1)
./.depend: $(sort $(wildcard $(srcdir)/*.cpp $(srcdir)/*.h)) $(MAKEFILE_LIST)
        @rm -f $@
        @echo "Updating $@"
        @$(strip $(CXX) $(call ee,CPPFLAGS) $(call ee,CXXFLAGS) -MM) $(filter %.cpp,$^) > $@

My versions:

$ make --version
GNU Make 3.81
   [[snip]]
This program built for i386-apple-darwin11.3.0
$ c++ --version
Apple LLVM version 8.0.0 (clang-800.0.42.1)
Target: x86_64-apple-darwin16.3.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
$ 
@dylib

This comment has been minimized.

Show comment
Hide comment
@dylib

dylib Nov 29, 2016

@sephethus: In the src/Makefile try commenting out:

CXXFLAGS += -fno-delete-null-pointer-checks

then it should build correctly, otherwise you might get:

clang: error: optimization flag '-fno-delete-null-pointer-checks' is not supported
make: *** Deleting file `.depend'
make: *** No rule to make target `.depend', needed by `c_file.o'.  Stop.

dylib commented Nov 29, 2016

@sephethus: In the src/Makefile try commenting out:

CXXFLAGS += -fno-delete-null-pointer-checks

then it should build correctly, otherwise you might get:

clang: error: optimization flag '-fno-delete-null-pointer-checks' is not supported
make: *** Deleting file `.depend'
make: *** No rule to make target `.depend', needed by `c_file.o'.  Stop.
@korczis

This comment has been minimized.

Show comment
Hide comment
@korczis

korczis Nov 29, 2016

korczis commented Nov 29, 2016

@lucasts

This comment has been minimized.

Show comment
Hide comment
@lucasts

lucasts Nov 30, 2016

Worked it out decompressing and compressing(both with devel bin)

lucasts commented Nov 30, 2016

Worked it out decompressing and compressing(both with devel bin)

@arctelix

This comment has been minimized.

Show comment
Hide comment
@arctelix

arctelix Dec 7, 2016

I'm getting the following errors when running make on the devel branch:

c++ -O2 -fno-strict-aliasing -fwrapv -funsigned-char -Wall -W -Wcast-align -Wcast-qual -Wmissing-declarations -Wpointer-arith -Wshadow -Wvla -Wwrite-strings -Werror -o upx.out c_file.o c_init.o c_none.o c_screen.o compress.o compress_lzma.o compress_ucl.o compress_zlib.o except.o file.o filter.o filteri.o help.o lefile.o linker.o main.o mem.o msg.o p_armpe.o p_com.o p_djgpp2.o p_elks.o p_exe.o p_lx_elf.o p_lx_exc.o p_lx_interp.o p_lx_sh.o p_mach.o p_ps1.o p_sys.o p_tmt.o p_tos.o p_unix.o p_vmlinx.o p_vmlinz.o p_w16ne.o p_w32pe.o p_w64pep.o p_wcle.o packer.o packer_c.o packer_f.o packhead.o packmast.o pefile.o s_djgpp2.o s_object.o s_vcsa.o s_win32.o snprintf.o stdcxx.o ui.o util.o work.o -lucl -lz
ld: library not found for -lucl
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [upx.out] Error 1

Any ideas what this is?

I have installed ucl v1.03 with brew and exported the variable:
export UPX_UCLDIR=/usr/local/Cellar/ucl/1.03

make --version
GNU Make 3.81
This program built for i386-apple-darwin11.3.0
c++ --version
Apple LLVM version 8.0.0 (clang-800.0.42.1)
Target: x86_64-apple-darwin16.1.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin

arctelix commented Dec 7, 2016

I'm getting the following errors when running make on the devel branch:

c++ -O2 -fno-strict-aliasing -fwrapv -funsigned-char -Wall -W -Wcast-align -Wcast-qual -Wmissing-declarations -Wpointer-arith -Wshadow -Wvla -Wwrite-strings -Werror -o upx.out c_file.o c_init.o c_none.o c_screen.o compress.o compress_lzma.o compress_ucl.o compress_zlib.o except.o file.o filter.o filteri.o help.o lefile.o linker.o main.o mem.o msg.o p_armpe.o p_com.o p_djgpp2.o p_elks.o p_exe.o p_lx_elf.o p_lx_exc.o p_lx_interp.o p_lx_sh.o p_mach.o p_ps1.o p_sys.o p_tmt.o p_tos.o p_unix.o p_vmlinx.o p_vmlinz.o p_w16ne.o p_w32pe.o p_w64pep.o p_wcle.o packer.o packer_c.o packer_f.o packhead.o packmast.o pefile.o s_djgpp2.o s_object.o s_vcsa.o s_win32.o snprintf.o stdcxx.o ui.o util.o work.o -lucl -lz
ld: library not found for -lucl
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [upx.out] Error 1

Any ideas what this is?

I have installed ucl v1.03 with brew and exported the variable:
export UPX_UCLDIR=/usr/local/Cellar/ucl/1.03

make --version
GNU Make 3.81
This program built for i386-apple-darwin11.3.0
c++ --version
Apple LLVM version 8.0.0 (clang-800.0.42.1)
Target: x86_64-apple-darwin16.1.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Dec 7, 2016

Contributor

The final command line should contain the substring

-L$(UPX_UCLDIR)/src/.libs/  -lucl  # expands to -L/usr/local/Cellar/ucl/1.03/src/.libs/  -lucl

so check the line in the Makefile

LIBS += $(addprefix -L,$(dir $(wildcard $(UPX_UCLDIR)/libucl$(libext) $(UPX_UCLDIR)/src/.libs/libucl$(libext))))
Contributor

jreiser commented Dec 7, 2016

The final command line should contain the substring

-L$(UPX_UCLDIR)/src/.libs/  -lucl  # expands to -L/usr/local/Cellar/ucl/1.03/src/.libs/  -lucl

so check the line in the Makefile

LIBS += $(addprefix -L,$(dir $(wildcard $(UPX_UCLDIR)/libucl$(libext) $(UPX_UCLDIR)/src/.libs/libucl$(libext))))
@arctelix

This comment has been minimized.

Show comment
Hide comment
@arctelix

arctelix Dec 7, 2016

That was it, the brew install looks like this:
/usr/local/Cellar/ucl/1.03/lib/libucl.a

So I changed the line as follows:

LIBS += $(addprefix -L,$(dir $(wildcard $(UPX_UCLDIR)/libucl$(libext) $(UPX_UCLDIR)/lib/libucl$(libext))))

And the build completed. Thanks!

arctelix commented Dec 7, 2016

That was it, the brew install looks like this:
/usr/local/Cellar/ucl/1.03/lib/libucl.a

So I changed the line as follows:

LIBS += $(addprefix -L,$(dir $(wildcard $(UPX_UCLDIR)/libucl$(libext) $(UPX_UCLDIR)/lib/libucl$(libext))))

And the build completed. Thanks!

@ilovezfs

This comment has been minimized.

Show comment
Hide comment
@ilovezfs

ilovezfs Dec 17, 2016

It seems this may have been closed prematurely. The pull request to Homebrew for the Sierra compatible version (3.92) is failing as described here: Homebrew/homebrew-core#7956 (comment)

UPX 3.92 fixes support for building/running on Sierra. The tests are currently not running: compressing executables is broken (every result returns NotCompressibleException), but decompressing executables works.

It seems this may have been closed prematurely. The pull request to Homebrew for the Sierra compatible version (3.92) is failing as described here: Homebrew/homebrew-core#7956 (comment)

UPX 3.92 fixes support for building/running on Sierra. The tests are currently not running: compressing executables is broken (every result returns NotCompressibleException), but decompressing executables works.

@sawall

This comment has been minimized.

Show comment
Hide comment
@sawall

sawall Apr 2, 2017

FWIW, I just pulled UPX 3.93 off of homebrew and upx -d fails when I try to extract an installer for a synth module. It's an alternative firmware (though one that is on the publisher's site, so not an illicit hack) so I wouldn't be surprised if it has been modified by hand in some way so it may be something you do not want to support. But I thought I'd throw it out as an example of an app that is intended to be legit that's breaking.

error:

$ upx -d Xaoc\ Firmware\ Update\ Tool\ OSX.app/Contents/MacOS/XAOC\ Firmware\ Update\ Tool
                   Ultimate Packer for eXecutables
                      Copyright (C) 1996 - 2017
UPX 3.93        Markus Oberhumer, Laszlo Molnar & John Reiser   Jan 29th 2017

         File size         Ratio      Format      Name
    --------------------   ------   -----------   -----------
upx: Xaoc Firmware Update Tool OSX.app/Contents/MacOS/XAOC Firmware Update Tool:     CantUnpackException: file header corrupted

file: the OS X installer inside of this: http://xaocdevices.com/manuals/xaoc_batumi_expert_fw.zip
info: http://xaocdevices.com/main/batumi/

edit: According to the author of the installer - this seems to be a conflict with a Python installer w/UPX. I can fix my own problem by running the python script by hand:

The updater application is a small Python script that is a UI built around a multi-platform tool to talk to STM32s (called "stm32loader"). The script works fine on many OSes, including MacOS Sierra. The problem is the way I bundled this script into a standalone application, using PyInstaller: this tool is not very sturdy and has known issues with backwards compatibility. At the time and with my knowledge it was my best choice; I'd probably do it differently now.

sawall commented Apr 2, 2017

FWIW, I just pulled UPX 3.93 off of homebrew and upx -d fails when I try to extract an installer for a synth module. It's an alternative firmware (though one that is on the publisher's site, so not an illicit hack) so I wouldn't be surprised if it has been modified by hand in some way so it may be something you do not want to support. But I thought I'd throw it out as an example of an app that is intended to be legit that's breaking.

error:

$ upx -d Xaoc\ Firmware\ Update\ Tool\ OSX.app/Contents/MacOS/XAOC\ Firmware\ Update\ Tool
                   Ultimate Packer for eXecutables
                      Copyright (C) 1996 - 2017
UPX 3.93        Markus Oberhumer, Laszlo Molnar & John Reiser   Jan 29th 2017

         File size         Ratio      Format      Name
    --------------------   ------   -----------   -----------
upx: Xaoc Firmware Update Tool OSX.app/Contents/MacOS/XAOC Firmware Update Tool:     CantUnpackException: file header corrupted

file: the OS X installer inside of this: http://xaocdevices.com/manuals/xaoc_batumi_expert_fw.zip
info: http://xaocdevices.com/main/batumi/

edit: According to the author of the installer - this seems to be a conflict with a Python installer w/UPX. I can fix my own problem by running the python script by hand:

The updater application is a small Python script that is a UI built around a multi-platform tool to talk to STM32s (called "stm32loader"). The script works fine on many OSes, including MacOS Sierra. The problem is the way I bundled this script into a standalone application, using PyInstaller: this tool is not very sturdy and has known issues with backwards compatibility. At the time and with my knowledge it was my best choice; I'd probably do it differently now.

@jreiser

This comment has been minimized.

Show comment
Hide comment
@jreiser

jreiser Apr 3, 2017

Contributor

Thank you for pointing out the XAOC case, and thank you especially for providing the test file.
That file was constructed by concatenating a large number of bytes onto the end of a much smaller output packed by UPX. Currrent atttempts at unpacking via "upx -d" recognize that the input is too large, and diagnose the problem as "file header corrupted". Perhaps UPX could be enhanced to unpack the case where arbitrary data has been appended to a packed file...

Contributor

jreiser commented Apr 3, 2017

Thank you for pointing out the XAOC case, and thank you especially for providing the test file.
That file was constructed by concatenating a large number of bytes onto the end of a much smaller output packed by UPX. Currrent atttempts at unpacking via "upx -d" recognize that the input is too large, and diagnose the problem as "file header corrupted". Perhaps UPX could be enhanced to unpack the case where arbitrary data has been appended to a packed file...

jreiser added a commit that referenced this issue Apr 3, 2017

@natebluewizard

This comment has been minimized.

Show comment
Hide comment
@natebluewizard

natebluewizard Apr 4, 2017

Just wanted to say thank you all for sharing your knowledge. I was having some issues with an app and reading through your rational commentary was all I needed to figure it out, I appreciate you not patronizing anyone in the process—your wisdom has been transmitted, intact!!

Respect,
nate

Just wanted to say thank you all for sharing your knowledge. I was having some issues with an app and reading through your rational commentary was all I needed to figure it out, I appreciate you not patronizing anyone in the process—your wisdom has been transmitted, intact!!

Respect,
nate

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment