vmlinux-to-elf
vmlinux-to-elf copied to clipboard
marin-m
A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)
I think it would be nice with a `--arch` argument for kallsyms-finder and vmlinux-to-elf to immediately skip the architecture guessing. Usually we already know the arch beforehand, so just supplying...
Extracted from the amd64 netinst iso [vmlinuz.txt](https://github.com/marin-m/vmlinux-to-elf/files/14963955/vmlinuz.txt) ``` File "\kallsyms_finder.py", line 719, in find_kallsyms_markers raise ValueError('Could not guess the architecture register ' + ValueError: Could not guess the architecture register...
I receive the following error when trying to use the project on Linux v6.5.0, which is Ubuntu's kernel. ```$ ./vmlinux-to-elf ./vmlinuz-6.5.0-17-generic vmlinux [+] Kernel successfully decompressed in-memory (the offsets that...
Did the install instructions in the README, I guess its not added to PATH. Whats the easiest way to do this? The README should probably reflect this.
The package should be built and published to pypi.org for easier installation and portability
The current codebase uses [clubby789/python-lzo](https://github.com/clubby789/python-lzo) which is not maintained and wasn't updated for over 3 years. There is a maintained version of it: [jd-boyd/python-lzo](https://github.com/jd-boyd/python-lzo) which is also published to [pypi](https://pypi.org/project/python-lzo/).
References : > https://github.com/glandium/extract-symvers > https://llseek.github.io/kernel/2015/08/08/linux-module-versioning.html
Unfortunately, kallsyms-finder get wrong addresses for symbols (aarch64) Kernel, right kallsyms from proc, and wrong kallsyms-finder output attached. [kernel_and_kallsyms.zip](https://github.com/user-attachments/files/19185501/kernel_and_kallsyms.zip)
