Recently, we wrote an article on how to unpack initrd or initramfs to view content in Linux. After that, I thought I should write an article on the extraction of VMlinuz.
Obviously, you might wonder, why extract VMLinuz? What is the use of it? Extraction of assembly code may be helpful when you want to debug where the problem occurred and how the specific function is executed.
And in this article, you will see how to extract the vmlinuz file and disassemble (read) the vmlinuz file in Linux.
What is vmlinuz?
A vmlinuz is a compressed Linux kernel image that is capable of booting the system and loading the kernel into memory. Eventually, it helps you to use your daily applications.
Moreover, vmlinux is a statically linked executable file, which means the kernel supports object file formats such as ELF, COFF, and a.out.
People get confused between VMlinuz and VMlinux because of the same name, but both are different. VMlinux is an uncompressed and non-bootable version of VMlinuz.
To explain it to you, let’s bifurcate vmlinuz. The VM acronym stands for Virtual Memory, and Linuz is a compressed version of Linux.
You can find Vmlinuz in the /boot directory, name conventions included with the kernel version.For example vmlinuz-5.10.0-11-amd64.
The first and foremost step is to download a script that helps you extract VMLinuz into an object file format like ELF.
Afterward, we can use the objdump command to disassemble the VMLinuz.
And objdump is part of GNU Binutils. First, check whether the Binutils is installed. If not, we can download it from the package manager.
$ objdump --version
$ sudo apt install binutils // Debian/Ubuntu
$ sudo dnf install binutils // AlmaLinux/Fedora
A script is already available on Github under the Linux project, and you just need to pass a couple of commands to download a script to use.
$ wget -O extract-vmlinux https://raw.githubusercontent.com/torvalds/linux/master/scripts/extract-vmlinux
Once the script is downloaded, you are ready to extract the file. Before that, create a temporary directory where you will extract VMLinuz.
$ mkdir /tmp/extract-kernel
$ cd extract-kernel
After that, copy the current kernel into a newly created folder, and check the
$ sudo cp /boot/vmlinuz-$(uname -r) .
$ file vmlinuz-5.10.0-9-amd64
vmlinuz-5.10.0-9-amd64: Linux kernel x86 boot executable bzImage, version 5.10.0-9-amd64 ([email protected]) #1 SMP Debian 5.10.70-1 (2021-09-30), RO-rootFS, swap_dev 0x6, Normal VGA
The next and last step for extraction is to pass the following code, which we will first extract the compressed kernel. After that, it will check the file type.
$ sudo bash extract-vmlinux vmlinuz-$(uname -r) > vmlinuz
$ file vmlinuz
vmlinuz: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=23eb9b22614b52c9c3e7105ac116a67ce749404d, stripped
As per the output file is decompressed successfully into an ELF object.
Disassemble vmlinuz file using objdump
You cannot read this file using cat or any other text editor; even if you do, it will print ambiguous data, which is not possible for us to read. So to cater to this request, we can use objdump, which is capable of reading object files.
You have extracted the compressed kernel from the above step into the object file. Let’s read the object file using the below command.
$ cd extract-kernel
$ objdump -D vmlinuz | less
Don’t miss to pipe data through less to read the content.
vmlinuz: file format elf64-x86-64
Disassembly of section .text:
ffffffff81000000: 48 8d 25 51 3f 60 01 lea 0x1603f51(%rip),%rsp # 0xffffffff82603f58
ffffffff81000007: 48 8d 3d f2 ff ff ff lea -0xe(%rip),%rdi # 0xffffffff81000000
ffffffff8100000e: 56 push %rsi
ffffffff8100000f: e8 4c 04 00 00 callq 0xffffffff81000460
That’s all to extract and disassemble the VMlinuz file in Linux.
If you face any difficulty while following our article, please let us know in the comment section.
A man with a tech effusive who has explored some of the amazing technology stuff and is exploring more. While moving towards, I had a chance to work on Android development, Linux, AWS, and DevOps with several open-source tools.