当前位置：首页 > news >正文

贵州省建设厅官方网站安防网站源码

news 2025/11/6 7:56:13

贵州省建设厅官方网站,安防网站源码,wordpress在哪里,雄县没有做网站的公司文章目录前言一、centos7 给 vmlinux 添加符号二、ubuntu22.04 给 vmlinux 添加符号前言使用内核源码下的script文件：scripts/extract-vmlinux 可以从/boot/vmlinuz 提取出来内核镜像文件vmlinux： # ./extract-vmlinux vmlinuz-3.10.0-693.el7.x86…

文章目录

前言
一、centos7 给 vmlinux 添加符号
二、ubuntu22.04 给 vmlinux 添加符号

前言

使用内核源码下的script文件：scripts/extract-vmlinux 可以从/boot/vmlinuz 提取出来内核镜像文件vmlinux：

# ./extract-vmlinux vmlinuz-3.10.0-693.el7.x86_64 > vmlinux
# nm vmlinux
nm: vmlinux：无符号

Linux 给 vmlinux 添加符号这里有两个开源的项目，这里我分别已centos7 和 ubuntu22.04演示。

一、centos7 给 vmlinux 添加符号

# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"# uname -r
3.10.0-693.el7.x86_64

参考：https://github.com/elfmaster/kdress

# git clone https://github.com/elfmaster/kdress
# cd kdress/
# make
gcc -O2 build_ksyms.c -o build_ksyms
gcc -O2 kunpress.c -o kunpress
# ./kdress vmlinuz-3.10.0-693.el7.x86_64 vmlinux System.map-3.10.0-693.el7.x86_64[+] vmlinux has been successfully extracted
[+] vmlinux has been successfully instrumented with a complete ELF symbol table.

# nm vmlinux | grep '\<sys_call_table\>'
ffffffff816beee0 R sys_call_table
# cat /boot/System.map-3.10.0-693.el7.x86_64 | grep '\<sys_call_table\>'
ffffffff816beee0 R sys_call_table

# gdb -q vmlinux
Reading symbols from /root/vmlinux/kdress/vmlinux...(no debugging symbols found)...done.
(gdb) print &sys_call_table
$1 = (<data variable, no debug info> *) 0xffffffff816beee0 <sys_call_table>
(gdb) x/gx 0xffffffff816beee0
0xffffffff816beee0 <sys_call_table>:    0xffffffff812019e0
(gdb) x/10i 0xffffffff812019e00xffffffff812019e0 <sys_read>:       callq  0xffffffff816b6c80 <__fentry__>0xffffffff812019e5 <sys_read+5>:     push   %rbp0xffffffff812019e6 <sys_read+6>:     mov    %rsp,%rbp0xffffffff812019e9 <sys_read+9>:     push   %r140xffffffff812019eb <sys_read+11>:    mov    %rdx,%r140xffffffff812019ee <sys_read+14>:    push   %r130xffffffff812019f0 <sys_read+16>:    mov    %rsi,%r130xffffffff812019f3 <sys_read+19>:    lea    -0x30(%rbp),%rsi0xffffffff812019f7 <sys_read+23>:    push   %r120xffffffff812019f9 <sys_read+25>:    push   %rbx
(gdb) x/gx 0xffffffff816beee0+8
0xffffffff816beee8 <sys_call_table+8>:  0xffffffff81201ac0
(gdb) x/10i 0xffffffff81201ac00xffffffff81201ac0 <sys_write>:      callq  0xffffffff816b6c80 <__fentry__>0xffffffff81201ac5 <sys_write+5>:    push   %rbp0xffffffff81201ac6 <sys_write+6>:    mov    %rsp,%rbp0xffffffff81201ac9 <sys_write+9>:    push   %r140xffffffff81201acb <sys_write+11>:   mov    %rdx,%r140xffffffff81201ace <sys_write+14>:   push   %r130xffffffff81201ad0 <sys_write+16>:   mov    %rsi,%r130xffffffff81201ad3 <sys_write+19>:   lea    -0x30(%rbp),%rsi0xffffffff81201ad7 <sys_write+23>:   push   %r120xffffffff81201ad9 <sys_write+25>:   push   %rbx

系统调用编号请参考：https://elixir.bootlin.com/linux/v3.10/source/arch/x86/syscalls/syscall_64.tbl

二、ubuntu22.04 给 vmlinux 添加符号

# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"# uname -r
5.15.0-122-generic

参考项目：https://github.com/marin-m/vmlinux-to-elf

sudo apt install python3-pip liblzo2-dev
sudo pip3 install --upgrade lz4 zstandard git+https://github.com/clubby789/python-lzo@b4e39df
sudo pip3 install --upgrade git+https://github.com/marin-m/vmlinux-to-elf

Usage:
./vmlinux-to-elf <input_kernel.bin> <output_kernel.elf>

# whereis vmlinux-to-elf
vmlinux-to-elf: /usr/local/bin/vmlinux-to-elf

x# vmlinux-to-elf vmlinuz-5.15.0-122-generic vmlinux_sym
[+] Kernel successfully decompressed in-memory (the offsets that follow will be given relative to the decompressed binary)
[+] Version string: Linux version 5.15.0-122-generic (buildd@lcy02-amd64-034) (gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #132-Ubuntu SMP Thu Aug 29 13:45:52 UTC 2024 (Ubuntu 5.15.0-122.132-generic 5.15.163)
[+] Guessed architecture: x86_64 successfully in 9.65 seconds
[+] Found kallsyms_token_table at file offset 0x017b69d0
[+] Found kallsyms_token_index at file offset 0x017b6d80
[+] Found kallsyms_markers at file offset 0x017b60c0
[+] Found kallsyms_names at file offset 0x015e3c98
[+] Found kallsyms_num_syms at file offset 0x015e3c90
[i] Negative offsets overall: 99.736 %
[i] Null addresses overall: 0.00135036 %
[+] Found kallsyms_offsets at file offset 0x01553250
[+] Successfully wrote the new ELF kernel to vmlinux_sym

# nm vmlinux_sym | grep '\<sys_call_table\>'
ffffffff82200320 D sys_call_table
# cat /boot/System.map-5.15.0-122-generic | grep '\<sys_call_table\>'
ffffffff82200320 D sys_call_table