vmlinux-to-elf is a tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)
Features:
- Take a raw binary blob or ELF kernel file as an input.
- Automatically detect and unpack the main compression formats used for the Linux kernel.
- Find and extract the embedded kernel symbols table (kallsyms) from the input file.
- Infer the instruction set architecture, endianness, bit size, relying upon other things on common function prologue signatures.
- Infer the entry point of the kernel from the symbols contained in the kallsyms table.
- Provide basic inference for the kernel base address.
- Unpack certain types of Android boot.img files, starting with an "ANDROID!" or "UNCOMPRESSED_IMG" magic.
- Produce an .ELF file fully analyzable with IDA Pro or Ghidra as an output.
Implement an UI information row + button to export the decompressed and unpacked kernel
Print useful information about the packing or compression method used through GUI and CLI
Correctly pipe the "kallsyms-finder" output to stdout instead of stderr
