Add x86 (i386) architecture support to vmlinux.py #64
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Extended the kallsyms parser to support x86/i386 Android kernels in addition to existing ARM and ARM64 support. Changes: - Architecture detection: Added fuzzy_x86() heuristic and pattern matching for x86 kernel identification (searches for i386/i486/i586/i686/x86 strings) - Address handling: Added x86-specific base address (0xC0000000) for kernel space validation and symbol table parsing - Miasm emulation: Added x86_32 CPU support with proper register handling (EAX, EBX, ECX, EDX, ESI, EDI, ESP) and x86 calling convention (return address on stack) - Syscall table detection: Added x86 syscall pattern (sys_restart_syscall, sys_exit, sys_fork, sys_read) - Tool integration: * IDA Pro: Set processor type to "metapc" for x86 kernels * Radare2: Set architecture to "x86" instead of "arm" * Updated plugin description to indicate ARM/x86 support - Symbol filtering: Added x86-specific address range checks (< 0xF0000000) - Vermagic detection: Added x86 vermagic pattern matching Tested successfully with Intel Atom Android kernel (me302c_vmlinux): - Correctly identified as x86 architecture - Extracted 78,515 kernel symbols - Located sys_call_table and other critical symbols - Proper address ranges (0xC1200000-0xC2448000) This enables kallsyms extraction and reverse engineering of x86-based Android kernels commonly found on Intel Atom tablets and devices.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Extended the kallsyms parser to support x86/i386 Android kernels in addition to existing ARM and ARM64 support.
Changes:
Tested successfully with Intel Atom Android kernel (me302c_vmlinux):
This enables kallsyms extraction and reverse engineering of x86-based Android kernels commonly found on Intel Atom tablets and devices.
Note: The
me302c_vmlinux(from my ASUS FHD 10 ME302C) is not part of the commit because I am legally unsure about that because of copyright etc. It was taken fromWW_ME302C-V5.0.21-0-ota-user(found on ASUS support website) >boot.img>bzImage. I am working on an RE toolset for that device (unpublished so far), but you should be able to unpack with osm0sis/mboot