Linux kernel 解压缩LinuxZimage
我正在试着解压一个zImage。我有一个从闪存芯片上卸下的固件二进制文件。通过binwalk对其进行分析,得出以下结论:Linux kernel 解压缩LinuxZimage,linux-kernel,reverse-engineering,compression,disassembly,firmware,Linux Kernel,Reverse Engineering,Compression,Disassembly,Firmware,我正在试着解压一个zImage。我有一个从闪存芯片上卸下的固件二进制文件。通过binwalk对其进行分析,得出以下结论: $ binwalk flash_dump.bin DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 352832 0x56240 Linux kern
$ binwalk flash_dump.bin
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
352832 0x56240 Linux kernel ARM boot executable zImage (big-endian)
10617408 0xA20240 Linux kernel ARM boot executable zImage (big-endian)
10630468 0xA23544 device tree image (dtb)
我尝试将第一个Linux zImage分开:
$ dd if=flash_dump.bin of=zImage bs=1 skip=352832 count=10264576
10264576+0 records in
10264576+0 records out
10264576 bytes (10 MB, 9.8 MiB) copied, 13.7267 s, 748 kB/s
确保它仍然是zImage:
$ file zImage
zImage: Linux kernel ARM boot executable zImage (big-endian)
正在搜索gZip头:
$ arm-none-eabi-objdump -EB -b binary -D -m armv5t zImage | grep 8b1f
15e4c: b81c8b1f ldmdalt ip, {r0, r1, r2, r3, r4, r8, r9, fp, pc}
401f8: 0b3d2bfe bleq 0xf8b1f8
我似乎找不到gZip头
如何解压缩zImage?我想通过像IDA Pro这样的反汇编程序查看它。zImage是big endian(参见binwalk结果)。你应该改用grep搜索
1f8b
。zImage是big-endian(参见binwalk结果)。你应该改为申请1f8b
。你怎么知道没有找到它?这有帮助吗?-你怎么知道你没找到它?这有用吗-