Re: Disassemble vmlinuz (i386)

[Horst von Brand]

Russ Weight <rweight@xxxxxxxxxx> said:
> 	Admittedly, you would have to be pretty desparate to want
> to disassemble vmlinuz... but I was... and I did.  There may
> be other (better?) ways to do this, but since I didn't find
> a complete recipe for this in my web searches, I'll post what
> I did in case it might be helpful to others.

When I needed to do stuff like this, I went back to the vmlinux
(uncompressed) which was lying around in the build directory. Or even to
the individual .o files.

> 	Note that this was done on a 2.4.9 kernel.
> 
> - Russ
> 
> 
> The short version:
> ==================
> (1) Strip the header and decompress the kernel

Or grab the uncompressed version (if available).

> (2) Write a small C program to copy the decompressed kernel
>     into a shared memory segment.

Placing it into a file and objdump(1) should give most of what you are
after... and you might also start gdb(1) on the file. Dunno if the weird
startup code/placement messes it up, but worth a try.

> (3) Run the C program under gdb - stop at a breakpoint after the
>     copy and then use the gdb "disassemble" command to disassemble
> 	the kernel from shared memory.
> (4) Clean up the addresses. If you pick a good virtual address
>     for the shared memory segment, then the cleanup can be a fairly
> 	simple search & replace.

May I ask what you were after?
-- 
Dr. Horst H. von Brand                   User #22616 counter.li.org
Departamento de Informatica                     Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria              +56 32 654239
Casilla 110-V, Valparaiso, Chile                Fax:  +56 32 797513
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/