vmlinux-to-elf

vmlinux-to-elf is a tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)

Features:

- Take a raw binary blob or ELF kernel file as an input.

- Automatically detect and unpack the main compression formats used for the Linux kernel.

- Find and extract the embedded kernel symbols table (kallsyms) from the input file.

- Infer the instruction set architecture, endianness, bit size, relying upon other things on common function prologue signatures.

- Infer the entry point of the kernel from the symbols contained in the kallsyms table.

- Provide basic inference for the kernel base address.

- Unpack certain types of Android boot.img files, starting with an "ANDROID!" or "UNCOMPRESSED_IMG" magic.

- Produce an .ELF file fully analyzable with IDA Pro or Ghidra as an output.