-
作用:
被用来将linux的vmlinuz
等文件解析为vmlinux
-
依赖执⾏⽂件:
trap readelf tr tail grep gunzip [unxz bunzip2 unlzma lzop lz4 unzstd]
-
依赖库:
libelf-dev(readelf)
-
位置:
usr/src/linux-headers-$(uname -r)/scripts/extract-vmlinux(wsl2没有)
-
使⽤:
./extract-vmlinux vmlinuz_path > vmlinux
-
分析如下:
#!/bin/sh # shell可执行文件的路径;调试时,保证该执行文件和执行脚本的执行文件一致,否则会导致调试和执行的结果不一致 # SPDX-License-Identifier: GPL-2.0-only # ---------------------------------------------------------------------- # extract-vmlinux - Extract uncompressed vmlinux from a kernel image # # Inspired from extract-ikconfig # (c) 2009,2010 Dick Streefland <dick@streefland.net> # # (c) 2011 Corentin Chary <corentin.chary@gmail.com> # # ---------------------------------------------------------------------- check_vmlinux() { # Use readelf to check if it's a valid ELF # TODO: find a better to way to check that it's really vmlinux # and not just an elf # readelf -h $1 执行成功将往下走 # > /dev/null 2>&1,标准输出重定向到/dev/null,标准错误重定向到标准输出 readelf -h $1 > /dev/null 2>&1 || return 1 cat $1 exit 0 } try_decompress() { # The obscure use of the "tr" filter is to work around older versions of # "grep" that report the byte offset of the line instead of the pattern. # Try to find the header ($1) and decompress from here # grep -abo "^$2" -a 把二进制文件当作为文本文件,-b 显示匹配字符串的偏移,如:34:matche_string,-o 只显示匹配到的字符串 # tr "$1\n$2" "\n$2=" < "$img" 将$img 文件中的 "$1\n$2" 替换为 "\n$2=" for pos in `tr "$1\n$2" "\n$2=" < "$img" | grep -abo "^$2"` do pos=${pos%%:*} # tail -c+$pos "$img" 显示除了前$pos个字节的所有字节 tail -c+$pos "$img" | $3 > $tmp 2> /dev/null check_vmlinux $tmp done } # Check invocation: me=${0##*/} img=$1 # $#(传入参数数量) -ne(不等于,后接个整数) 1 -o(或) !-s(文件存在并大小不为0) $img if [ $# -ne 1 -o ! -s "$img" ] then echo "Usage: $me <kernel-image>" >&2 exit 2 fi # Prepare temp files: tmp=$(mktemp /tmp/vmlinux-XXX) # 接收到0信号(退出,定义在signal.h),将执行"rm -f $tmp" trap "rm -f $tmp" 0 # That didn't work, so retry after decompression. try_decompress '\037\213\010' xy gunzip try_decompress '\3757zXZ\000' abcde unxz try_decompress 'BZh' xy bunzip2 try_decompress '\135\0\0\0' xxx unlzma try_decompress '\211\114\132' xy 'lzop -d' try_decompress '\002!L\030' xxx 'lz4 -d' try_decompress '(\265/\375' xxx unzstd # Finally check for uncompressed images or objects: check_vmlinux $img # Bail out: echo "$me: Cannot find vmlinux." >&2
-
总结:extract-vmlinux可以在任何Linux内核下运行,和linux内核不关联
extract-vmlinux 脚本分析
于 2022-04-10 14:31:33 首次发布