☰

Created vondehi (markdown)

Anonymous committed 2019-04-26 00:04:16 +0000 commit 25687afdd09c4f201eb267235a2c401bec9cb188

				explain/vondehi.md
			
          @@ -0,0 +1,12 @@

          +## vondehi

          +

          +Vondehi is an in-memory unpacker for data compressed with `gzip` or `xz` (or

          +`xz` in LZMA1-mode). It basically performs these steps:

          +

          +1. Set up a memfd using the `memfd_create` syscall. This file descriptor works

          +   like a regular file, except the backing storage is RAM.

          +2. Fork, pipe the payload data to `zcat` or `xzcat`, which outputs everything

          +   to teh memfd from step 1.

          +3. Run `execveat` on the memfd.

          +

          +Of course, the code itself is hand-optimized x86 assembly, and is very crazy.

...	...	@@ -0,0 +1,12 @@
	1	+## vondehi
	2	+
	3	+Vondehi is an in-memory unpacker for data compressed with `gzip` or `xz` (or
	4	+`xz` in LZMA1-mode). It basically performs these steps:
	5	+
	6	+1. Set up a memfd using the `memfd_create` syscall. This file descriptor works
	7	+ like a regular file, except the backing storage is RAM.
	8	+2. Fork, pipe the payload data to `zcat` or `xzcat`, which outputs everything
	9	+ to teh memfd from step 1.
	10	+3. Run `execveat` on the memfd.
	11	+
	12	+Of course, the code itself is hand-optimized x86 assembly, and is very crazy.