'Extract vmlinux from vmlinuz or bzImage
I want to generate System.map from vmlinuz,cause most of machines don't have the file System.map.In fact,vmlinuz are compressed to vmlinuz or bzImage.
It's any tool or script can do this?
I tried:
dd if=/boot/vmlinuz skip=`grep -a -b -o -m 1 -e $'\x1f\x8b\x08\x00' /boot/vmlinuz | cut -d: -f 1` bs=1 | zcat > /tmp/vmlinux
It was failed:
zcat: stdin: not in gzip format
32769+0 records in
32768+0 records out
Solution 1:[1]
To extract the uncompressed kernel from the kernel image, you can use the extract-vmlinux script from the scripts directory in the kernel tree (available at least in kernel version 3.5) (if you get an error like
mktemp: Cannot create temp file /tmp/vmlinux-XXX: Invalid argument
you need to replace $(mktemp /tmp/vmlinux-XXX) by $(mktemp /tmp/vmlinux-XXXXXX) in the script). The command is /path/to/kernel/tree/scripts/extract-vmlinux <kernel image> >vmlinux.
If the extracted kernel binary contains symbol information, you should¹ be able to create the System.map file using the mksysmap script from the same subdirectory. The command here is NM=nm /path/to/kernel/tree/scripts/mksysmap vmlinux System.map.
¹ The kernel images shipped with my distribution seem to be stripped, so the script was not able to get the symbols.
Solution 2:[2]
As Abrixas2 wrote, you will need a kernel image with symbol information in order to create System.map files and a packed vmlinuz image is not likely to have symbols in it. I can, however, verify that the script in your original post works with '-e' replaced with '-P' and '$' dropped, i.e.,
$ dd if=vmlinuz-3.8.0-19-generic skip=`grep -a -b -o -m 1 -P '\x1f\x8b\x08\x00' vmlinuz-3.8.0-19-generic | cut -d: -f 1` bs=1 | zcat > /tmp/vmlinux gzip: stdin: decompression OK, trailing garbage ignored
Solution 3:[3]
I'm on ubuntu linux.
you can change $'\037\213\010\000' to "$(echo '\037\213\010\000')" in sh
bash$ N=$(grep -abo -m1 $'\037\213\010\000' vmlinuz-4.13.0-37-generic | awk -F: '{print $1+1}') &&
tail -c +$N vmlinuz-4.13.0-37-generic | gzip -d > /tmp/vmlinuz
Solution 4:[4]
try this :
dd if=vmlinuz bs=1 skip=24584 | zcat > vmlinux
with
24584 = 24576 + 8
when
od -A d -t x1 vmlinuz | grep '1f 8b 08 00'
gives
....... 0 1 2 3 . . . . 8
0024576 24 26 27 00 ae 21 16 00 1f 8b 08 00 7f 2f 6b 45
enjoy !
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Abrixas2 |
| Solution 2 | wjandrea |
| Solution 3 | |
| Solution 4 | hong tong |