search

marin-m / vmlinux-to-elf

A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)
GNU General Public License v3.0
1.37k stars 131 forks source link

4.9.65 vmlinux failed to process #37

Open tdrkDev opened 2 years ago

tdrkDev commented 2 years ago

I am trying to decompile Android device's stock ROM vmlinux and at first I wanted to use your script to improve decompilation quality. When I try to process vmlinux, I get 'ElfNullSection' object has no attribute 'symbol_table' exception.

After adding some code for debugging, I see that self.symtab_section (what is set to self.elf_file.sections[self.section_header.sh_link] value) is a ElfNullSection instead of ElfSection. That's all I got, I'm not good at Python, so I can't fix it by myself...

$ vmlinux-to-elf vmlinuxEng vmlinuxEng.elf
[+] Version string: Linux version 4.9.65+ (flyme@Mz-Builder-L23) (gcc version 4.9.x 20150123 (prerelease) (GCC) ) #1 SMP PREEMPT Wed Jul 25 17:45:44 CST 2018

[+] Guessed architecture: aarch64 successfully in 41.76 seconds
[+] Found relocations table at file offset 0x1dc38f0 (count=233684)
[+] Found kernel text candidate: 0xffffff8008080000
[+] Successfully applied 233684 relocations.
[+] Found kallsyms_token_table at file offset 0x01869e00
[+] Found kallsyms_token_index at file offset 0x0186a300
[+] Found kallsyms_markers at file offset 0x01868a00
[+] Found kallsyms_names at file offset 0x01699100
[+] Found kallsyms_num_syms at file offset 0x01699000
[i] Negative offsets overall: 0 %
[i] Null addresses overall: 0 %
[+] Found kallsyms_offsets at file offset 0x015ffffc
Traceback (most recent call last):
  File "/usr/bin/vmlinux-to-elf", line 63, in <module>
    ElfSymbolizer(
  File "/usr/lib/python3.10/site-packages/vmlinux_to_elf/elf_symbolizer.py", line 49, in __init__
    kernel = ElfFile.from_bytes(BytesIO(file_contents))
  File "/usr/lib/python3.10/site-packages/vmlinux_to_elf/utils/elf.py", line 166, in from_bytes
    obj.unserialize(data)
  File "/usr/lib/python3.10/site-packages/vmlinux_to_elf/utils/elf.py", line 186, in unserialize
    section.post_unserialize()
  File "/usr/lib/python3.10/site-packages/vmlinux_to_elf/utils/elf.py", line 928, in post_unserialize
    relocation.associated_symbol = self.symtab_section.symbol_table[relocation.r_info_sym]
AttributeError: 'ElfNullSection' object has no attribute 'symbol_table'
tdrkDev commented 2 years ago

vmlinux section headers

There are 41 section headers, starting at offset 0x1182c880:

Section Headers:
  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0
  [ 1] .head.text        PROGBITS         ffffff8008080000  00010000
       0000000000001000  0000000000000000  AX       0     0     4096
  [ 2] .text             PROGBITS         ffffff8008081000  00011000
       0000000001186e98  0000000000000008  AX       0     0     2048
  [ 3] .rodata           PROGBITS         ffffff8009300000  01200000
       0000000000945998  0000000000000000  WA       0     0     1048576
  [ 4] .eh_frame         PROGBITS         ffffff8009c45998  01b45998
       0000000000000048  0000000000000000   A       0     0     8
  [ 5] __bug_table       PROGBITS         ffffff8009c459e0  01b459e0
       0000000000019b00  0000000000000000   A       0     0     4
  [ 6] .pci_fixup        PROGBITS         ffffff8009c5f4e0  01b5f4e0
       0000000000002778  0000000000000000   A       0     0     8
  [ 7] __ksymtab         PROGBITS         ffffff8009c61c58  01b61c58
       00000000000197f0  0000000000000000   A       0     0     8
  [ 8] __ksymtab_gpl     PROGBITS         ffffff8009c7b448  01b7b448
       0000000000011390  0000000000000000   A       0     0     8
  [ 9] __kcrctab         PROGBITS         ffffff8009c8c7d8  01b8c7d8
       000000000000cbf8  0000000000000000   A       0     0     8
  [10] __kcrctab_gpl     PROGBITS         ffffff8009c993d0  01b993d0
       00000000000089c8  0000000000000000   A       0     0     8
  [11] __ksymtab_strings PROGBITS         ffffff8009ca1d98  01ba1d98
       00000000000359dd  0000000000000000   A       0     0     1
  [12] __param           PROGBITS         ffffff8009cd7778  01bd7778
       0000000000004f38  0000000000000000   A       0     0     8
  [13] __modver          PROGBITS         ffffff8009cdc6b0  01bdc6b0
       0000000000000950  0000000000000000   A       0     0     8
  [14] __ex_table        PROGBITS         ffffff8009cdd000  01bdd000
       00000000000045c0  0000000000000000   A       0     0     8
  [15] .notes            NOTE             ffffff8009ce15c0  01be15c0
       0000000000000024  0000000000000000   A       0     0     4
  [16] .init.text        PROGBITS         ffffff8009cf0000  01bf0000
       000000000007d0d0  0000000000000000  AX       0     0     16
  [17] .exit.text        PROGBITS         ffffff8009d6d0d0  01c6d0d0
       000000000000702c  0000000000000000  AX       0     0     4
  [18] .init.data        PROGBITS         ffffff8009d74100  01c74100
       000000000011ecd8  0000000000000000  WA       0     0     256
  [19] .data..percpu     PROGBITS         ffffff8009e93000  01d93000
       000000000000d700  0000000000000000  WA       0     0     128
  [20] .altinstructions  PROGBITS         ffffff8009ea0700  01da0700
       000000000001a388  0000000000000000   A       0     0     1
  [21] .altinstr_re[...] PROGBITS         ffffff8009ebaa88  01dbaa88
       0000000000008e68  0000000000000000  AX       0     0     4
  [22] .rela             RELA             ffffff8009ec38f0  01dc38f0
       0000000000559440  0000000000000018   A       0     0     8
  [23] .data             PROGBITS         ffffff800a420000  02320000
       000000000029cff0  0000000000000000  WA       0     0     4096
  [24] .got.plt          PROGBITS         ffffff800a6bcff0  025bcff0
       0000000000000018  0000000000000008  WA       0     0     8
  [25] .mmuoff.data[...] PROGBITS         ffffff800a6bd800  025bd800
       0000000000000020  0000000000000000  WA       0     0     2048
  [26] .mmuoff.data.read PROGBITS         ffffff800a6be000  025be000
       0000000000000008  0000000000000000  WA       0     0     8
  [27] .pecoff_edat[...] PROGBITS         ffffff800a6be008  025be008
       00000000000001f8  0000000000000000  WA       0     0     1
  [28] .bss              NOBITS           ffffff800a6bf000  025be200
       0000000000c5c3b0  0000000000000000  WA       0     0     4096
  [29] .comment          PROGBITS         0000000000000000  025be200
       0000000000000027  0000000000000001  MS       0     0     1
  [30] .debug_line       PROGBITS         0000000000000000  025be227
       0000000000e485e8  0000000000000000           0     0     1
  [31] .debug_info       PROGBITS         0000000000000000  0340680f
       000000000b3bd589  0000000000000000           0     0     1
  [32] .debug_abbrev     PROGBITS         0000000000000000  0e7c3d98
       000000000042e290  0000000000000000           0     0     1
  [33] .debug_aranges    PROGBITS         0000000000000000  0ebf2030
       000000000002f260  0000000000000000           0     0     16
  [34] .debug_ranges     PROGBITS         0000000000000000  0ec21290
       000000000088b6b0  0000000000000000           0     0     16
  [35] .debug_frame      PROGBITS         0000000000000000  0f4ac940
       000000000035d960  0000000000000000           0     0     8
  [36] .debug_str        PROGBITS         0000000000000000  0f80a2a0
       00000000004a8d97  0000000000000001  MS       0     0     1
  [37] .debug_loc        PROGBITS         0000000000000000  0fcb3037
       0000000001307590  0000000000000000           0     0     1
  [38] .shstrtab         STRTAB           0000000000000000  10fba5c7
       00000000000001c8  0000000000000000           0     0     1
  [39] .symtab           SYMTAB           0000000000000000  10fba790
       00000000004f1f58  0000000000000018          40   177998     8
  [40] .strtab           STRTAB           0000000000000000  114ac6e8
       0000000000380193  0000000000000000           0     0     1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
  L (link order), O (extra OS processing required), G (group), T (TLS),
  C (compressed), x (unknown), o (OS specific), E (exclude),
  D (mbind), p (processor specific)