How do I uncompress vmlinuz to vmlinux?

linux compression gzip linux-kernel 7-zip

I have already tried uncompress, gzip, and all other solutions that come up as google results and these have not worked for me.

To get just the image search for the GZ signature - 1f 8b 08 00.

> od -A d -t x1 vmlinuz | grep '1f 8b 08 00'
0024576 24 26 27 00 ae 21 16 00 1f 8b 08 00 7f 2f 6b 45

so the image begins at 24576+8 => 24584. Then just copy the image from the point and decompress it -

> dd if=vmlinuz bs=1 skip=24584 | zcat > vmlinux
1450414+0 records in
1450414+0 records out
1450414 bytes (1.5 MB) copied, 6.78127 s, 214 kB/s

Got these instructions verbatim from a forum online: http://www.codeguru.com/forum/showthread.php?t=415186

This process does not work for me and end up giving errors that states file not found 0024576 and all subsequent numbers.

How do I proceed extracting vmlinux from vmlinuz?

Thank you.

EDITED: This is a reverse engineering question. I have no access to the distro to install any RPM or recompile. I start with nothing but vmlinuz.


Maybe you misunderstood what the author of that post meant.

  1. The vmlinuz file contains other things besides the gzipped content, so you need to find out where the gzipped content starts. To do that, use:

    od -A d -t x1 vmlinuz | grep '1f 8b 08 00'

    What this does is to show you where in that file you can find the gzip header. The output looks like:

    0024576 24 26 27 00 ae 21 16 00 1f 8b 08 00 7f 2f 6b 45

    This means that at 0024576 (at least for the author of the post, yours might be somewhere completely different) in the vmlinuz file, you will find the binary values "24 26 27 00 ae 21 16 00 1f 8b 08 00 7f 2f 6b 45". You're looking for 1f 8b 08 00, which can be found from character 9 onwards, or, at 0024576 + 8 (start counting from 0) = 24584.

  2. Now that you know where the gzipped content starts (at position 24584) you can use dd to extract that gzipped content and ungzip it. To do that, use:

    dd if=vmlinuz bs=1 skip=24584 | zcat > vmlinux

    The first command will seek to that position and copy everything to stdout. zcat then will uncompress everything it gets from stdin and will output the uncompressed string to stdout. Then the > will redirect zcat's output to a new file named vmlinux.


The kernel sources now contain a script for this, extract-vmlinux. You don't need to roll your own.

See this SO answer.


Actually, before generating the vmlinuz file, most symbols are stripped. So you cannot rebuild a true vmlinux from vmlinuz, the file will not be as useful for debugging.


I ran into simple problem - looking for correct version of vmlinux for crash. Instead of trying to decompress vmlinuz to vmlinux.

The better solution is: install the RPM: kernel-debuginfo, that RPM contains proper vmlinux file.

Pay attention to the rpm name, there are multiple similar (confusing) names. Gotta be: kernel-debuginfo-$(version).rpm


Modern kernels are not always (in fact, not generally) gzip compressed. They may use bzip2 or LZMA. A quick web search didn't help me find the magic strings for those compression methods--you might be better off checking several kernel images to find the invariant header that includes the decompression code.

Related

How to reset a broken TTY?
How does a computer know which device is connected to the usb port?
Is it possible to use global IP addresses without internet?
Can two drives connected to a USB hub bypass the computer when sharing data?
Can I make a video not downloadable? [closed]
How to convert an unknown file to MP3?
What key on a Mac keyboard corresponds to the ⇥ symbol?
zsh post command function/hook
Uninstalling Python 3 on a Mac
Is it safe to remove USB media when a computer is suspended?
Prevent Windows System %PATH% from being prepended to user %PATH?
How to set default display for new windows in Gnome 3