长沙网站制作公司地址,白狐网站建设,网站开发设计资讯,深圳网站导航文章目录 前言一、centos7 给 vmlinux 添加符号二、ubuntu22.04 给 vmlinux 添加符号 前言
使用内核源码下的script文件#xff1a;scripts/extract-vmlinux 可以从/boot/vmlinuz 提取出来 内核镜像文件vmlinux#xff1a;
# ./extract-vmlinux vmlinuz-3.10.0-693.el7.x86… 文章目录 前言一、centos7 给 vmlinux 添加符号二、ubuntu22.04 给 vmlinux 添加符号 前言
使用内核源码下的script文件scripts/extract-vmlinux 可以从/boot/vmlinuz 提取出来 内核镜像文件vmlinux
# ./extract-vmlinux vmlinuz-3.10.0-693.el7.x86_64 vmlinux
# nm vmlinux
nm: vmlinux无符号Linux 给 vmlinux 添加符号 这里有两个开源的项目这里我分别已centos7 和 ubuntu22.04演示。
一、centos7 给 vmlinux 添加符号
# cat /etc/os-release
NAMECentOS Linux
VERSION7 (Core)
IDcentos# uname -r
3.10.0-693.el7.x86_64参考https://github.com/elfmaster/kdress
# git clone https://github.com/elfmaster/kdress
# cd kdress/
# make
gcc -O2 build_ksyms.c -o build_ksyms
gcc -O2 kunpress.c -o kunpress
# ./kdress vmlinuz-3.10.0-693.el7.x86_64 vmlinux System.map-3.10.0-693.el7.x86_64[] vmlinux has been successfully extracted
[] vmlinux has been successfully instrumented with a complete ELF symbol table.# nm vmlinux | grep \sys_call_table\
ffffffff816beee0 R sys_call_table
# cat /boot/System.map-3.10.0-693.el7.x86_64 | grep \sys_call_table\
ffffffff816beee0 R sys_call_table# gdb -q vmlinux
Reading symbols from /root/vmlinux/kdress/vmlinux...(no debugging symbols found)...done.
(gdb) print sys_call_table
$1 (data variable, no debug info *) 0xffffffff816beee0 sys_call_table
(gdb) x/gx 0xffffffff816beee0
0xffffffff816beee0 sys_call_table: 0xffffffff812019e0
(gdb) x/10i 0xffffffff812019e00xffffffff812019e0 sys_read: callq 0xffffffff816b6c80 __fentry__0xffffffff812019e5 sys_read5: push %rbp0xffffffff812019e6 sys_read6: mov %rsp,%rbp0xffffffff812019e9 sys_read9: push %r140xffffffff812019eb sys_read11: mov %rdx,%r140xffffffff812019ee sys_read14: push %r130xffffffff812019f0 sys_read16: mov %rsi,%r130xffffffff812019f3 sys_read19: lea -0x30(%rbp),%rsi0xffffffff812019f7 sys_read23: push %r120xffffffff812019f9 sys_read25: push %rbx
(gdb) x/gx 0xffffffff816beee08
0xffffffff816beee8 sys_call_table8: 0xffffffff81201ac0
(gdb) x/10i 0xffffffff81201ac00xffffffff81201ac0 sys_write: callq 0xffffffff816b6c80 __fentry__0xffffffff81201ac5 sys_write5: push %rbp0xffffffff81201ac6 sys_write6: mov %rsp,%rbp0xffffffff81201ac9 sys_write9: push %r140xffffffff81201acb sys_write11: mov %rdx,%r140xffffffff81201ace sys_write14: push %r130xffffffff81201ad0 sys_write16: mov %rsi,%r130xffffffff81201ad3 sys_write19: lea -0x30(%rbp),%rsi0xffffffff81201ad7 sys_write23: push %r120xffffffff81201ad9 sys_write25: push %rbx系统调用编号请参考https://elixir.bootlin.com/linux/v3.10/source/arch/x86/syscalls/syscall_64.tbl
二、ubuntu22.04 给 vmlinux 添加符号
# cat /etc/os-release
PRETTY_NAMEUbuntu 22.04.4 LTS
NAMEUbuntu
VERSION_ID22.04# uname -r
5.15.0-122-generic参考项目https://github.com/marin-m/vmlinux-to-elf
sudo apt install python3-pip liblzo2-dev
sudo pip3 install --upgrade lz4 zstandard githttps://github.com/clubby789/python-lzob4e39df
sudo pip3 install --upgrade githttps://github.com/marin-m/vmlinux-to-elfUsage:
./vmlinux-to-elf input_kernel.bin output_kernel.elf# whereis vmlinux-to-elf
vmlinux-to-elf: /usr/local/bin/vmlinux-to-elfx# vmlinux-to-elf vmlinuz-5.15.0-122-generic vmlinux_sym
[] Kernel successfully decompressed in-memory (the offsets that follow will be given relative to the decompressed binary)
[] Version string: Linux version 5.15.0-122-generic (builddlcy02-amd64-034) (gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #132-Ubuntu SMP Thu Aug 29 13:45:52 UTC 2024 (Ubuntu 5.15.0-122.132-generic 5.15.163)
[] Guessed architecture: x86_64 successfully in 9.65 seconds
[] Found kallsyms_token_table at file offset 0x017b69d0
[] Found kallsyms_token_index at file offset 0x017b6d80
[] Found kallsyms_markers at file offset 0x017b60c0
[] Found kallsyms_names at file offset 0x015e3c98
[] Found kallsyms_num_syms at file offset 0x015e3c90
[i] Negative offsets overall: 99.736 %
[i] Null addresses overall: 0.00135036 %
[] Found kallsyms_offsets at file offset 0x01553250
[] Successfully wrote the new ELF kernel to vmlinux_sym# nm vmlinux_sym | grep \sys_call_table\
ffffffff82200320 D sys_call_table
# cat /boot/System.map-5.15.0-122-generic | grep \sys_call_table\
ffffffff82200320 D sys_call_table
