lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Dec 2008 13:37:59 +0200 From: "Martin Schlemmer" <Martin.Schlemmer@....ac.za> To: "Willy Tarreau" <w@....eu>, "Martin Schlemmer" <Martin.Schlemmer@....ac.za> Cc: <linux-kernel@...r.kernel.org> Subject: Re: Initramfs from existing vmlinuz >>> On 2008/12/24 at 01:34 AM, Willy Tarreau <w@....eu> wrote: > On Wed, Dec 24, 2008 at 12:28:53AM +0200, Martin Schlemmer wrote: Hi Willy >> I had a bit of an accident, and wondered if somebody already had to try to > extract the initramfs image from an existing vmlinuz? >> >> I did try google, but either my search terms was not right, or nobody > really touched on the subject before, because all the results mostly dealt > with an external image. >> >> Any advice will be appreciated. > > yes, it happens to me from time to time. > You first have to extract and uncompress the ELF image from vmlinuz. For > this, look for the gzip signature 1F 8B 08 in your vmlinuz, and feed all > data starting from this point to zcat. Either you do the same on the > resulting file -and you may find several compressed images- or you simply > pass it through "objdump -h". It will show you a .init.ramfs section. Use > the fourth field as the file offset, and dump from that position. You'll > find your initramfs, likely starting with 1F 8B 08 since it's supposed > to be compressed with gzip. > > You need an hex editor, dd, zcat and objdump for this. It's not much > complicated once you have the tools, but it might require a few attempts > before finding the right image (I tend to find config.gz before initramfs). > Appreciated, I should be able to go from here now - just getting the starting point is sometimes the main issue. Thanks M -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists