Anonymous
4 years ago
parent
49e92405b8
commit
25687afdd0
1 changed files with 12 additions and 0 deletions
@ -0,0 +1,12 @@ |
||||
## vondehi |
||||
|
||||
Vondehi is an in-memory unpacker for data compressed with `gzip` or `xz` (or |
||||
`xz` in LZMA1-mode). It basically performs these steps: |
||||
|
||||
1. Set up a memfd using the `memfd_create` syscall. This file descriptor works |
||||
like a regular file, except the backing storage is RAM. |
||||
2. Fork, pipe the payload data to `zcat` or `xzcat`, which outputs everything |
||||
to teh memfd from step 1. |
||||
3. Run `execveat` on the memfd. |
||||
|
||||
Of course, the code itself is hand-optimized x86 assembly, and is very crazy. |
||||
Loading…
Reference in new issue