lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 24 Dec 2008 13:37:59 +0200
From:	"Martin Schlemmer" <Martin.Schlemmer@....ac.za>
To:	"Willy Tarreau" <w@....eu>,
	"Martin Schlemmer" <Martin.Schlemmer@....ac.za>
Cc:	<linux-kernel@...r.kernel.org>
Subject: Re: Initramfs from existing vmlinuz

>>> On 2008/12/24 at 01:34 AM, Willy Tarreau <w@....eu> wrote:
> On Wed, Dec 24, 2008 at 12:28:53AM +0200, Martin Schlemmer wrote:

Hi Willy

>> I had a bit of an accident, and wondered if somebody already had to try to 
> extract the initramfs image from an existing vmlinuz?
>> 
>>  I did try google, but either my search terms was not right, or nobody 
> really touched on the subject before, because all the results mostly dealt 
> with an external image.
>> 
>> Any advice will be appreciated.
> 
> yes, it happens to me from time to time.
> You first have to extract and uncompress the ELF image from vmlinuz. For
> this, look for the gzip signature 1F 8B 08 in your vmlinuz, and feed all
> data starting from this point to zcat. Either you do the same on the
> resulting file -and you may find several compressed images- or you simply
> pass it through "objdump -h". It will show you a .init.ramfs section. Use
> the fourth field as the file offset, and dump from that position. You'll
> find your initramfs, likely starting with 1F 8B 08 since it's supposed
> to be compressed with gzip.
> 
> You need an hex editor, dd, zcat and objdump for this. It's not much
> complicated once you have the tools, but it might require a few attempts
> before finding the right image (I tend to find config.gz before initramfs).
> 

Appreciated, I should be able to go from here now - just getting the starting point is sometimes the main issue.


Thanks

M


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists