问题描述

限时删除！！

我正在处理shell脚本.我有一个预建的zImage.是否有可能知道创建zImage的内核版本?

I am working on a shell script. I have a pre-built zImage. is it possible to know the kernel version from which this zImage was created?

我尝试使用更新的命令@ 从压缩的内核映像，但两个命令均失败.

I have tried with the commands updated @ Getting uname information from a compressed kernel image, but both commands are failing.

$ dd if=zImage bs=1 skip=$(LC_ALL=C grep -a -b -o $'\x1f\x8b\x08\x00\x00\x00\x00\x00' zImage | \
  cut -d ':' -f 1) | zcat | grep -a 'Linux version'

dd: unrecognized operand `3165585'
Try `dd --help' for more information.

gzip: stdin: unexpected end of file

$ dd if=zImage bs=1 skip=$(LC_ALL=C grep -a -b -o $'\xFD\x37\x7A\x58\x5A\x00' zImage | \
  head -n 1 | cut -d ':' -f 1) | xzcat | grep -a 'Linux version'

xzcat: (stdin): File format not recognized

您能指导我从zImage识别内核版本吗?

Can you guide me to identify the kernel version from zImage.

推荐答案

检查内核压缩算法

您的zImage很可能是使用LZMA压缩器压缩的.您可以在下一个文件中检查它:

Check kernel compression algorithm

Most likely your zImage was compressed using LZMA compressor. You can check it in next files:

• 在.config文件中(如果您是自己构建内核的话)
• 在/boot/config-`uname -r`文件中(如果您使用的是发行版)
在/proc/config.gz文件中(如果启用了CONFIG_IKCONFIG_PROC)

• in .config file (if you built kernel by yourself)
• in /boot/config-`uname -r` file (if you are using your distribution)
• in /proc/config.gz file (if CONFIG_IKCONFIG_PROC is enabled)

寻找CONFIG_KERNEL_*参数:

$ cat .config | grep '^CONFIG_KERNEL_[^_]\+='

如果设置了CONFIG_KERNEL_LZMA=y，则表示使用LZMA压缩器.

If you have CONFIG_KERNEL_LZMA=y set, it means LZMA compressor is used.

LZMA格式具有 5d 00 00标头签名.因此，可以通过以下方式在zImage文件中找到压缩后的Image文件的位置:

LZMA format has 5d 00 00 header signature. So one can find position of compressed Image file in zImage file this way:

$ grep -P -a -b -m 1 --only-matching '\x5D\x00\x00' zImage | cut -f 1 -d :

要提取压缩的Image:

$ pos=$(grep -P -a -b -m 1 --only-matching '\x5D\x00\x00' zImage | cut -f 1 -d :)
$ dd if=arch/arm/boot/zImage of=piggy.lzma bs=1 skip=$pos

现在确保piggy.lzma实际上是LZMA存档:

Now make sure that piggy.lzma is actually LZMA archive:

$ file piggy.lzma

解压缩piggy.lzma:

$ unlzma -c piggy.lzma > Image

查找Linux版本

现在您已经打开Image的包装，您可以使用strings工具找到Linux版本:

Find the Linux version

Now that you have unpacked Image, you can find the Linux version using strings tool:

$ strings Image | grep 'Linux version'

应该会给你这样的东西:

which should give you something like this:

这篇关于从压缩的内核映像获取内核版本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！

1403页，肝出来的..