vmlinux-to-elf is a tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)
Features:
- Take a raw binary blob or ELF kernel file as an input.
- Automatically detect and unpack the main compression formats used for the Linux kernel.
- Find and extract the embedded kernel symbols table (kallsyms) from the input file.
- Infer the instruction set architecture, endianness, bit size, relying upon other things on common function prologue signatures.
- Infer the entry point of the kernel from the symbols contained in the kallsyms table.
- Provide basic inference for the kernel base address.
- Unpack certain types of Android boot.img files, starting with an "ANDROID!" or "UNCOMPRESSED_IMG" magic.
- Produce an .ELF file fully analyzable with IDA Pro or Ghidra as an output.
Ensure that no data is overridden in the packed kallsyms zone when applying ARM64 relocations (issue #95)
Add support for the Linux 7.0 kernel (PR #97 thanks to @bahorn)
Fix detecting the boundaries of the elf64_rela array
Use 0x20000 instead of 0x10000 as a default kernel base address alignment when inferring from ARM64 relocations (issue #95)
Use 0x2000 instead of 0x1000 as a default kernel base address alignment when inferring from symbol table (issue #67)
