try:
from vmlinuz_decompressor import obtain_raw_kernel_from_file
from elf_symbolizer import ElfSymbolizer
except ImportError:
from vmlinux_to_elf.vmlinuz_decompressor import obtain_raw_kernel_from_file
from vmlinux_to_elf.elf_symbolizer import ElfSymbolizer
if __name__ == '__main__':
args = ArgumentParser(
description='Turn a raw or compressed kernel binary, ' +
'or a kernel ELF without symbols, into a fully analyzable ELF whose ' +
'symbols were extracted from the kernel symbol table')
args.add_argument(
'input_file',
help='Path to the vmlinux/vmlinuz/zImage/' +
'bzImage/kernel.bin/kernel.elf file to make into an analyzable .ELF')
args.add_argument('output_file',
help='Path to the analyzable ' + '.ELF to output')
args = args.parse_args()
with open(args.input_file, 'rb') as kernel_bin:
ElfSymbolizer(obtain_raw_kernel_from_file(kernel_bin.read()),
args.output_file)
if __name__ == '__main__':
args = ArgumentParser(
description="Find the kernel's embedded symbol table from a raw " +
"or stripped ELF kernel file, and print these to the standard output with their "
+ "addresses")
args.add_argument('input_file',
help="Path to the kernel file to extract symbols from")
args.add_argument(
'--bit-size',
help='Force overriding the input kernel ' +
'bit size, providing 32 or 64 bit (rather than auto-detect)',
type=int)
args = args.parse_args()
with open(args.input_file, 'rb') as kernel_bin:
try:
kallsyms = KallsymsFinder(
obtain_raw_kernel_from_file(kernel_bin.read()), args.bit_size)
except ArchitectureGuessError:
exit(
'[!] The architecture of your kernel could not be guessed ' +
'successfully. Please specify the --bit-size argument manually '
+ '(use --help for its precise specification).')
kallsyms.print_symbols_debug()
print('Symbol types', '=>', sorted(symbol_types))
print()
# Print symbols
for symbol_address, symbol_name in zip(self.kernel_addresses,
self.symbol_names):
print(repr(symbol_name).ljust(128), '0x%08x' % symbol_address)
if __name__ == '__main__':
args = ArgumentParser(
description="Find the kernel's embedded symbol table from a raw " +
"or stripped ELF kernel file, and print these to the standard output with their "
+ "addresses")
args.add_argument('input_file',
help="Path to the kernel file to extract symbols from")
args = args.parse_args()
with open(args.input_file, 'rb') as kernel_bin:
kallsyms = KallsymsFinder(
obtain_raw_kernel_from_file(kernel_bin.read()))
kallsyms.print_symbols_debug()
args = ArgumentParser(description = "Find the kernel's embedded symbol table from a raw " +
"or stripped ELF kernel file, and print these to the standard output with their " +
"addresses")
args.add_argument('input_file', help = "Path to the kernel file to extract symbols from")
args.add_argument('--bit-size', help = 'Force overriding the input kernel ' +
'bit size, providing 32 or 64 bit (rather than auto-detect)', type = int)
args = args.parse_args()
with open(args.input_file, 'rb') as kernel_bin:
try:
kallsyms = KallsymsFinder(obtain_raw_kernel_from_file(kernel_bin.read()), args.bit_size)
except ArchitectureGuessError:
exit('[!] The architecture of your kernel could not be guessed ' +
'successfully. Please specify the --bit-size argument manually ' +
'(use --help for its precise specification).')
kallsyms.print_symbols_debug()
if not exists(TEST_KERNELS_PATH):
exit(('[!] In order to use this script, please ' +
'create a file at %s, containing to path ' +
'to one kernel to extract per line. Quitting.') % (TEST_KERNELS_PATH))
makedirs(ELF_KERNELS_OUTPUT_PATH, exist_ok = True)
for file_name in filter(None, map(str.strip, open(TEST_KERNELS_PATH, 'r'))):
print('Testing ' + file_name)
with open(file_name, 'rb') as fd:
contents = fd.read()
raw_data = obtain_raw_kernel_from_file(contents)
try:
ElfSymbolizer(raw_data, ELF_KERNELS_OUTPUT_PATH + '/' + slugify(file_name) + '.elf')
except Exception:
print('=> No symbols!')
print_exc()