search

marin-m / vmlinux-to-elf

A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)
GNU General Public License v3.0
1.37k stars 131 forks source link

error on Aarch64 linux 5.8-RC5 kernel #15

Closed skochinsky closed 4 years ago

skochinsky commented 4 years ago

When analysing Image.gz provided by Arch Linux:

[+] Version string: Linux version 5.8.0-rc5-1-ARCH (builduser@leming) (aarch64-unknown-linux-gnu-gcc (GCC) 9.3.0, GNU ld (GNU Binutils) 2.34) #1 SMP Sun Jul 12 20:12:51 MDT 2020
[+] Guessed architecture: aarch64 successfully in 0.00 seconds
[+] Found kallsyms_token_table at file offset 0x0159d840
Traceback (most recent call last):
  File "C:\Work\git\vmlinux-to-elf\vmlinux_to_elf\main.py", line 65, in <module>
    args.base_address, args.file_offset
  File "C:\Work\git\vmlinux-to-elf\vmlinux_to_elf\elf_symbolizer.py", line 44, in __init__
    kallsyms_finder = KallsymsFinder(file_contents, bit_size)
  File "C:\Work\git\vmlinux-to-elf\vmlinux_to_elf\kallsyms_finder.py", line 194, in __init__
    self.find_kallsyms_token_index()
  File "C:\Work\git\vmlinux-to-elf\vmlinux_to_elf\kallsyms_finder.py", line 473, in find_kallsyms_token_index
    raise ValueError('This structure is not a kallsyms_token_table')
ValueError: This structure is not a kallsyms_token_table
marin-m commented 4 years ago

Hello,

Once of the string prefixes contained in the kallsyms_token_table table has a length of 19 characters ("d__compound_literal") which is unusual. I have increased the maximum character limit for the string fragments contained in this table in commit 21e2e54. Thanks