Home > Industries > Computer

Analysis on how to extract the Vmlinuz-2.6.31-14-generic from the PC on the computer vmlinux

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Analysis on how to extract the Vmlinuz-2.6.31-14-generic from the PC on the computer vmlinux
[Email protected]:~$ vim/boot/grub/grub.cfg
We can see that the kernel of the system we entered is
Linux/boot/vmlinuz-2.6.31-14-generic
Find 1F 8B 08 This is the mark header of Gzip
I found the content for
0000 366c:1f 8B 8C 4 a D8 EC 3 a 7F 74 53 55
0x0000366c equals 13932.
[Email protected]:~$ dd Bs=1 skip=13932 if=/boot/vmlinuz-2.6.31-14-generic of=vmlinux.gz
[Email protected]:~$ file vmlinux.gz
Vmlinux.gz:gzip compressed data, from Unix, last Modified:fri Oct 22:17:48, max compression
[Email protected]:~$ gunzip vmlinux.gz
[Email protected]:~$ ll Vmlinux
-rw-r--r--1 Luther Luther 7.9M 2010-05-16 12:06 vmlinux
[Email protected]:~$ vim linux-2.6.33.4/arch/x86/kernel/vmlinux_32.lds. S
Vim Arch/x86/configs/i386_defconfig The parameters we get [luther.gliethttp]
config_page_offset=0xc0000000
config_physical_start=0x100000
#define __page_offset _ac (Config_page_offset, UL)
#define LOAD_OFFSET __page_offset its value is 0xc0000000
/* Physical address where kernel should be loaded. */
#define LOAD_PHYSICAL_ADDR (Config_physical_start \
+ (config_physical_align-1)) \
& ~ (config_physical_align-1))
SECTIONS
{
. = Load_offset + load_physical_addr; 0xC0000000 + 0x100000 = 0xc0100000 is the final address
phys_startup_32 = Startup_32-load_offset;
[Email protected]:~$ objdump-ds vmlinux |more
Vmlinux:file format elf32-i386
Disassembly of section. Text.head:
c0100000 <.text.head>:
C0100000:f6 testb $0x40,0x211 (%esi)
c0100007:75 jne 0xc010001d
c0100009:0f 8e Lgdtl 0x748e22
C0100010:b8-XX mov $0x18,%eax
c0100015:8e D8 mov%eax,%ds
c0100017:8e C0 mov%eax,%es
c0100019:8e E0 mov%eax,%fs
c010001b:8e E8 mov%eax,%gs
C010001D:FC CLD
c010001e:31 C0 XOR%eax,%eax
C0100020:BF A0 Bayi XX mov $0x81a000,%edi
[Email protected]:~$ vbindiff vmlinux
0000 1000:f6-A-one-in-a-0F (8E) [email protected] .... T.
0000 1010:b8-XX 8E D8 8E C0 8E E0 8E E8 FC to C0 ....... 1.
0000 1020:BF A0 Bayi A0 B9 F9 8A xx C1 E9 F3 .......) .....
0000 1030:ab BF C0 7C-B9 xx xx FC F3 A5 8B 35 ... V| ..... 5
0000 1040:e8 7C F6 0C BF E0 2A 7C xx B9 00 02. x|.!. T... *|....
0000 1050:00 F3 A5 (Bayi 3D C6 7C) A1 f.= .... X|...R.
0000 1060:FC 04 85 80 22, 3D 7C. X|. =... . S ... "
0000 1070:7c 2D (xx) C0 FF E0 0F 0B BF xx 00 8A | -..... ........
0000 1080:ba A0 Bayi xx B8, xx 8D 4F 0A 89 ....... Og ...
0000 1090:8a 0C XX C2 B9 xx xx 05 00 .............
0000 10a0:10 xx E2 F8 BD A4 xx E8, DC bayi C7 ...... 9.R ...
0000 10b0:00 (C0) 3D A5, C1 E8 0C A3, F0 ... T.......
0000 10c0:81 B8 B0 bayi A3 FC AF bayi xx E9 6D 6B ... g ...... mkF
And Vmlinux's first 0x1000 byte is the ELF flag header data, the real effective kernel data starts from 0x1000
[Email protected]:~$ vim Linux-2.6.33.4/arch/x86/boot/compressed/vmlinux_32.lds
Output_format ("elf32-i386", "elf32-i386", "elf32-i386")
Output_arch (i386)
ENTRY (STARTUP_32)
SECTIONS
{
/* Be careful parts of head_32.s assume startup_32 are at
* Address 0.
*/
. = 0;
. Text.head: {
_head =. ;
* (. text.head)//File header information
_ehead =. ;
}
. rodata.compressed: {
* (. rodata.compressed)
}
. Text: {
_text =.; /* Text *//kernel effective execution of code machine code from 0x1000
* (. Text)
* (. text.*)
_etext =. ;
}
......
}
Let's actually walk through the walkthrough, we read the kernel code released into memory
[Email protected]:~$ cat/proc/iomem |grep Code
00100000-00575553:kernel Code
0x00100000 equals 1048576.
0x00575553 equals 5723475.
[Email protected]:~$ sudo dd bs=1 skip=1048576 count=208 if=/dev/mem 2>/dev/null | Xxd-g 1
0000000:f6-All-in-one, 0f, 8e (email protected). T.
0000010:b8 8e D8 8e C0 8e E0 8e E8 FC to C0 ......... 1.
0000020:BF A0 Bayi B9 A0 8a xx F9 C1 E9, F3 ......) .....
0000030:ab BF c0 7c B9 xx xx FC F3 A5 8b 35 ... V| ..... 5
0000040:e8 7c f6 0c BF e0 2a 7c xx b9 00 02. x|.!. T...*| ....
0000050:00 f3 A5, Bayi 3d C6 7c, Geneva, A1 1c f.= .... X|...R.
0000060:FC (7c) 3d (22) (0e 8b 04 85 80). X|. =....s ... "
0000070:7c 2d xx c0 ff E0 0f 0b BF 00 | -.............
0000080:ba A0 Bayi xx B8, xx xx 8d 4f, 89, 0a, ..... Og ...
0000090:8a 0c xx C2 b9 xx xx 00, AB 05 ............
00000A0:10 XX E2 f8 BD a4 xx E8, DC, C7 ...... 9.R ...
00000b0:00 xx C0 3d a5 c1 e8 0c A3 ....... T.......
00000c0:81 B8 b0 a3 FC af Bayi XX E9 6d 6b ... g.........mkf

Analysis on how to extract the Vmlinuz-2.6.31-14-generic from the PC on the computer vmlinux

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
get the permalink how to extract files on android how to extract file on android how to extract files on android phone how to extract zip files on chromebook how to extract files on android phone how to extract tar gz on windows
Related Article
Lenovo computer Update BIOS reboot prompts "Secure Flash auth...
Computer storage unit Byte, KB, MB, GB, TB, PB, EB, ZB, YB, D...
Clear trojans on your computer
Computer Information Processing
It takes 3 minutes to shut down useless services on your comp...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More