Hello, is there a way to extract an initramfs from a running kernel? and from a kernel lying on a disk? If yes, how? Thanks Eurolines : Voyagez au meilleur prix : http://www.alinto.com/pub/
On Fri Oct 12 02:43:00 PDT 2007, octane indice wrote:> is there a way to extract an initramfs from a running kernel?No, the initramfs is part of the .init section and discarded near the end of boot.> and from a kernel lying on a disk?yes> If yes, how?If you have the original unstripped vmlinux objcopy -j .init.ramfs -O binary vmlinux initramfs will create a file called initramfs. If you have some other format, you need to extract and uncompress the kernel. If the elf header has been stripped, then look at System.map to find the limits __initramfs_start and __initramfs_end. milton
* Sat, Oct 13, 2007 at 12:20:28PM -0500:> On Fri Oct 12 02:43:00 PDT 2007, octane indice wrote: > > is there a way to extract an initramfs from a running kernel? > > No, the initramfs is part of the .init section and discarded near the > end of boot.Well, from early userspace perspective -- kind of yes. If bootloader allows boot options, then "rdinit=/bin/sh" can be used. And content of initramfs can be screened by `echo *` && `cat`. Or even saved somewhere, if drivers are there. :) ____
Replying to Milton Miller <miltonm at bga.com> :> > and from a kernel lying on a disk? > yes > > If yes, how? > If you have the original unstripped vmlinux > objcopy -j .init.ramfs -O binary vmlinux initramfs > will create a file called initramfs. > If you have some other format, you need to extract and > uncompress the kernel. If the elf header has been > stripped, then look at System.map > to find the limits __initramfs_start and __initramfs_end.Ok, my original goal was to hide some sensitive data on it, giving me the ability to do some sanity check before booting. If anybody can find it, read my passwords and checks, it's useless.. Eurolines : Voyagez au meilleur prix : http://www.alinto.com/pub/