extract-vmlinux 脚本分析

喜欢底层-野原小新

已于 2022-05-05 11:16:06 修改

阅读量712

点赞数

分类专栏： shell 文章标签： linux 系统安全 unix

于 2022-04-10 14:31:33 首次发布

本文链接：https://blog.csdn.net/qq_40227064/article/details/124077719

版权

shell 专栏收录该内容

2 篇文章 0 订阅

订阅专栏

作用：
被用来将linux的vmlinuz等文件解析为 vmlinux
依赖执⾏⽂件：
trap readelf tr tail grep gunzip [unxz bunzip2 unlzma lzop lz4 unzstd]
依赖库：
libelf-dev(readelf)
位置：
usr/src/linux-headers-$(uname -r)/scripts/extract-vmlinux（wsl2没有）
使⽤：
./extract-vmlinux vmlinuz_path > vmlinux

分析如下：

#!/bin/sh # shell可执行文件的路径；调试时，保证该执行文件和执行脚本的执行文件一致，否则会导致调试和执行的结果不一致
# SPDX-License-Identifier: GPL-2.0-only
# ----------------------------------------------------------------------
# extract-vmlinux - Extract uncompressed vmlinux from a kernel image
#
# Inspired from extract-ikconfig
# (c) 2009,2010 Dick Streefland <dick@streefland.net>
#
# (c) 2011      Corentin Chary <corentin.chary@gmail.com>
#
# ----------------------------------------------------------------------

check_vmlinux()
{
	# Use readelf to check if it's a valid ELF
	# TODO: find a better to way to check that it's really vmlinux
	#       and not just an elf
	
	# readelf -h $1 执行成功将往下走
	# > /dev/null 2>&1,标准输出重定向到/dev/null,标准错误重定向到标准输出 
	readelf -h $1 > /dev/null 2>&1 || return 1

	cat $1
	exit 0
}

try_decompress()
{
	# The obscure use of the "tr" filter is to work around older versions of
	# "grep" that report the byte offset of the line instead of the pattern.

	# Try to find the header ($1) and decompress from here
	# grep -abo "^$2" -a 把二进制文件当作为文本文件，-b 显示匹配字符串的偏移，如：34:matche_string，-o 只显示匹配到的字符串
	# tr "$1\n$2" "\n$2=" < "$img" 将$img 文件中的 "$1\n$2" 替换为 "\n$2="
	for	pos in `tr "$1\n$2" "\n$2=" < "$img" | grep -abo "^$2"`
	do
		pos=${pos%%:*}
		# tail -c+$pos "$img" 显示除了前$pos个字节的所有字节
		tail -c+$pos "$img" | $3 > $tmp 2> /dev/null
		check_vmlinux $tmp
	done
}

# Check invocation:
me=${0##*/}
img=$1
# $#(传入参数数量) -ne(不等于，后接个整数) 1 -o(或) ！-s(文件存在并大小不为0) $img
if	[ $# -ne 1 -o ! -s "$img" ]
then
	echo "Usage: $me <kernel-image>" >&2
	exit 2
fi

# Prepare temp files:
tmp=$(mktemp /tmp/vmlinux-XXX)

# 接收到0信号(退出，定义在signal.h)，将执行"rm -f $tmp"
trap "rm -f $tmp" 0

# That didn't work, so retry after decompression.
try_decompress '\037\213\010' xy    gunzip
try_decompress '\3757zXZ\000' abcde unxz
try_decompress 'BZh'          xy    bunzip2
try_decompress '\135\0\0\0'   xxx   unlzma
try_decompress '\211\114\132' xy    'lzop -d'
try_decompress '\002!L\030'   xxx   'lz4 -d'
try_decompress '(\265/\375'   xxx   unzstd

# Finally check for uncompressed images or objects:
check_vmlinux $img

# Bail out:
echo "$me: Cannot find vmlinux." >&2