I want to generate System.map from vmlinuz,cause most of machines don't have the file System.map.In fact,vmlinuz are compressed to vmlinuz or bzImage.
It's any tool or script can do this?
I tried:
dd if=/boot/vmlinuz skip=`grep -a -b -o -m 1 -e $'\x1f\x8b\x08\x00' /boot/vmlinuz | cut -d: -f 1` bs=1 | zcat > /tmp/vmlinux
It was failed:
zcat: stdin: not in gzip format
32769+0 records in
32768+0 records out
To extract the uncompressed kernel from the kernel image, you can use the extract-vmlinux script from the scripts directory in the kernel tree (available at least in kernel version 3.5) (if you get an error like
mktemp: Cannot create temp file /tmp/vmlinux-XXX: Invalid argument
you need to replace $(mktemp /tmp/vmlinux-XXX) by $(mktemp /tmp/vmlinux-XXXXXX) in the script). The command is /path/to/kernel/tree/scripts/extract-vmlinux <kernel image> >vmlinux.
If the extracted kernel binary contains symbol information, you should¹ be able to create the System.map file using the mksysmap script from the same subdirectory. The command here is NM=nm /path/to/kernel/tree/scripts/mksysmap vmlinux System.map.
¹ The kernel images shipped with my distribution seem to be stripped, so the script was not able to get the symbols.
As Abrixas2 wrote, you will need a kernel image with symbol information in order to create System.map files and a packed vmlinuz image is not likely to have symbols in it. I can, however, verify that the script in your original post works with '-e' replaced with '-P' and '$' dropped, i.e.,
$ dd if=vmlinuz-3.8.0-19-generic skip=`grep -a -b -o -m 1 -P '\x1f\x8b\x08\x00' vmlinuz-3.8.0-19-generic | cut -d: -f 1` bs=1 | zcat > /tmp/vmlinux
gzip: stdin: decompression OK, trailing garbage ignored
I'm on ubuntu linux.
you can change $'\037\213\010\000' to "$(echo '\037\213\010\000')" in sh
bash$ N=$(grep -abo -m1 $'\037\213\010\000' vmlinuz-4.13.0-37-generic | awk -F: '{print $1+1}') &&
tail -c +$N vmlinuz-4.13.0-37-generic | gzip -d > /tmp/vmlinuz
try this :
dd if=vmlinuz bs=1 skip=24584 | zcat > vmlinux
with
24584 = 24576 + 8
when
od -A d -t x1 vmlinuz | grep '1f 8b 08 00'
gives
....... 0 1 2 3 . . . . 8
0024576 24 26 27 00 ae 21 16 00 1f 8b 08 00 7f 2f 6b 45
enjoy !
Related
I want to use curl to make a bunch of http requests in parallel for some performance testing of a server.
The request requires a MAC address, which I would like to count upwards in the following way.
00:00:00:00:AA:BB
^ ^
| \___ count from 00 to ff (hex)
\______ count from 00 to ff (hex)
BB shall overflow to AA when it is getting larger than 0xFF
What I got so far is, incrementing BB and send the request in a parallel way.
printf "%02x\n" {0..255} | xargs -I{} -P4 -- \
curl -s \
http://nginx/api/onboard/01:02:03:04:00:{}
This works fine, but I need to request more than 256 times.
xargs is BusyBox v1.31.1
I found a solution. It is actually not xargs related as I thought first.
printf "%04x\n" {0..1000} | \
sed -r 's/([[:xdigit:]]{2})([[:xdigit:]]{2})/\1:\2/g' | \
xargs -I{} -P4 -- \
curl -k -s \
https://nginx/api/onboard/21:12:12:12:{}
I'm creating the needed part of the MAC with a combination of printf and sed. There is probably a better way but it solves my problem.
This problem occurs only on suse, it works on ubuntu and even on windows through babun
My point is to replace a word in several files with another word.
This is what I'm trying:
$ grep -Inrs MY_PATTERN src/ | cut -d: -f1 | xargs sed -i 's/MY_PATTERN/NEW_WORD/g'
sed: can't read path/to/a/found/file_1: No such file or directory
sed: can't read path/to/a/found/file_2: No such file or directory
sed: can't read path/to/a/found/file_3: No such file or directory
...
Knowing that
$ grep -Inrs MY_PATTERN src/ | cut -d: -f1
path/to/a/found/file_1
path/to/a/found/file_2
path/to/a/found/file_3
UPDATE1
This doesn't work either
$ grep -lZ -Irs MY_PATTERN src/ | xargs -0 ls
ls: cannot access path/to/a/found/file_1: No such file or directory
ls: cannot access path/to/a/found/file_2: No such file or directory
ls: cannot access path/to/a/found/file_3: No such file or directory
...
$ ls -al path/to/a/found/file_1 | cat -vet
-rw-r--r-- 1 webme 886 Feb 1 13:36 path/to/a/found/file_1$
UPDATE2
$ whoami
webme
$ uname -a
Linux server_vm_id_34 3.0.101-68-default #1 SMP Tue Dec 1 16:21:37 UTC 2015 (ed01a9f) x86_64 x86_64 x86_64 GNU/Linux
UPDATE3
$ grep --version
grep (GNU grep) 2.7
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by Mike Haertel and others, see <http://git.sv.gnu.org/cgit/grep.git/tree/AUTHORS>.
$ xargs --version
xargs (GNU findutils) 4.4.0
Copyright (C) 2007 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by Eric B. Decker, James Youngman, and Kevin Dalley.
Built using GNU gnulib version e5573b1bad88bfabcda181b9e0125fb0c52b7d3b
# My project path /home/users/webme/projects/my_project
$ df -T
dl360d-01:/homeweb/users/webme nfs 492625920 461336576 31289344 94% /home/users/webme
$ id
uid=1689(webme) gid=325(web) groups=325(web)
$ mount -v
/dev/vda2 on / type btrfs (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
debugfs on /sys/kernel/debug type debugfs (rw)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,mode=1777)
devpts on /dev/pts type devpts (rw,mode=0620,gid=5)
/dev/vda1 on /boot type ext3 (rw,acl,user_xattr)
/dev/vdb on /appwebinet type xfs (rw)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
dl360d-01:/homeweb/users on /homeweb/users type nfs (rw,soft,bg,addr=xx.xx.xx.xx)
dl360d-01:/appwebinet/tools/list on /appwebinetdev/tools/list type nfs (ro,soft,sloppy,addr=xx.xxx.xx.xx)
dl360d-01:/homeweb/users/webme on /home/users/webme type nfs (rw,soft,bg,addr=xx.xxx.xx.xx)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
none on /var/lib/ntp/proc type proc (ro,nosuid,nodev)
I don't have exportfs, neither I have it in sudo zypper install exportfs
I'd suggest keeping it simple:
$ grep -lZ -Irs foo * | xargs -0 sed -i 's/foo/bar/g'
grep -l outputs matching file names only, which is really what you want in this pipeline. grep -Z terminates each matching file name with a NUL, which xargs -0 can pick up. This allows for file names with embedded white-space to pass between the grep and the xargs unfettered.
# show the structure
$ tree
.
└── path
└── to
└── a
└── found
├── file_1
├── file_2
└── file_3
# show the contents
$ grep . path/to/a/found/file_*
path/to/a/found/file_1:a foo bar
path/to/a/found/file_2:a foo bar
path/to/a/found/file_3:a foo bar
# try it out
$ grep -lZ -Irs foo * | xargs -0 ls -l
-rw-rw-r-- 1 bishop bishop 10 Feb 13 09:13 path/to/a/found/file_1
-rw-rw-r-- 1 bishop bishop 10 Feb 13 09:13 path/to/a/found/file_2
-rw-rw-r-- 1 bishop bishop 10 Feb 13 09:13 path/to/a/found/file_3
bishop's helpful answer is the simplest and most robust solution in this case.
This answer may still be of interest for (a) a discussion of the -d vs. the -n options, and (b) how to preview the command(s) that xargs would execute.
From what I understand, SUSE uses GNU utilities, so you can use xargs -d'\n':
grep -Inrs MY_PATTERN src/ | cut -d: -f1 | xargs -d'\n' sed -i 's/MY_PATTERN/NEW_WORD/g'
xargs -d'\n' ensures that each input line as a whole is treated as its own argument (preserving the integrity of filenames with spaces), while still passing as many arguments as possible (typically, all) at once.
(By contrast, -n 1 would break arguments by whitespace, and call the target command with 1 argument at a time.)
If you want to preview the command that would be executed, use an aux. bash command:
grep -Inrs MY_PATTERN src/ | cut -d: -f1 |
xargs -d'\n' bash -c 'printf "%q " "$#"' _ sed -i 's/MY_PATTERN/NEW_WORD/g'
Read on for an explanation.
Optional background information.
xargs has its own option, -p, for previewing the command(s) to execute and prompting for confirmation, but the preview doesn't reflect argument boundaries in the way you'd have to indicate them when calling the command directly from the shell.
A quick example:
$ echo 'hi, there' | xargs -p -d '\n' printf '%s'
printf %s hi, there ?...
What xargs will actually execute is the equivalent of printf '%s' 'hi, there', but that is not reflected in -p's prompt.
Workaround:
$ echo 'hi, there' | xargs -d '\n' bash -c 'printf "%q " "$#"' _ printf '%s'
printf %s hi\,\ there
The generic auxiliary bash command - bash -c 'printf "%q " "$#"' _, inserted just before the target command - quotes the arguments that xargs passes - on demand, only if necessary - in a way that would be required for the shell to recognize each as a single argument, and joins them with spaces.
The net result is that a shell command is printed that is the equivalent of what xargs would execute (though, as you can see, there is no guarantee that the input quoting style is retained).
I was following some instructions on the OSSEC site on how to install it on CentOS.
# wget -q -O – https://www.atomicorp.com/installers/atomic | sh
# yum install ossec-hids ossec-hids-server (or ossec-hids-client for the agent)
After I ran the first command, I noticed a file named - appear in my folder. The second command doesn't work as Yum says it can't find the package. But now this strange file - can't be removed. It is actually a pointer to stdout.
Can anyone help please get rid of it? Thanks
This is happening because the dash (-) you have used in not the regular - used to indicate STDOUT:
% printf '–' | hexdump -C
00000000 e2 80 93 |...|
00000003
% printf '\xe2\x80\x93\n'
–
Regular -:
% printf '-' | hexdump -C
00000000 2d |-|
00000001
% printf '\x2d\n'
-
So you need to use regular - to indicate STDOUT for saving the content.
To remove the created file, use Hex value:
rm -- $'\xe2\x80\x93'
I got this curious problem with Alpine. I want to check the checksum of a file inside a bash console. It works under CentOS but not under Alpine. Where is the error?
Under CentOS
$ sha1sum /bin/tini
fa23d1e20732501c3bb8eeeca423c89ac80ed452 /bin/tini
$ echo "fa23d1e20732501c3bb8eeeca423c89ac80ed452 /bin/tini" | sha1sum -c -
/bin/tini: OK
Under Alpine
$ sha1sum /bin/tini
fa23d1e20732501c3bb8eeeca423c89ac80ed452 /bin/tini
$ echo "fa23d1e20732501c3bb8eeeca423c89ac80ed452 /bin/tini" | sha1sum -c -
sha1sum: WARNING: 1 of 1 computed checksums did NOT match
Could you try adding 1 space (total 2) between the checksum and the path:
$ echo "fa23d1e20732501c3bb8eeeca423c89ac80ed452 /bin/tini" | sha1sum -c -
I've tried with /bin/busybox:
# sha1sum /bin/busybox
71bdaf6e52759f7f277c89b694c494f472ca2dfb /bin/busybox
# echo '71bdaf6e52759f7f277c89b694c494f472ca2dfb /bin/busybox' | sha1sum -c -
sha1sum: WARNING: 1 of 1 computed checksums did NOT match
# echo '71bdaf6e52759f7f277c89b694c494f472ca2dfb /bin/busybox' | sha1sum -c -
/bin/busybox: OK
The error is because sha1sum expects its own output as input when called with -c and its output uses 2 spaces.
I had this issue while installing kubectl on Alpine Linux v3.13:
echo "$(<kubectl.sha256) kubectl" | sha256sum -c
sha256sum: WARNING: 1 of 1 computed checksums did NOT match
My two-part fix:
the default shell (ash) responds to echo "$(<file.txt)" with an empty new line whereas bash responds with the contents of the file (expected behavior).
Alpine's version of sha256sum wants two spaces between the hash and the file name (Ubuntu accepts one space).
bash
echo "$(<kubectl.sha256) kubectl" | sha256sum -c
kubectl: OK
I would like to view the contents of a file in the current directory, but in binary from the command line. How can I achieve this?
xxd does both binary and hexadecimal.
bin:
xxd -b file
hex:
xxd file
hexdump -C yourfile.bin
unless you want to edit it of course. Most linux distros have hexdump by default (but obviously not all).
vi your_filename
hit esc
Type :%!xxd to view the hex strings, the n :%!xxd -r to return to normal editing.
As a fallback there's always od -xc filename
sudo apt-get install bless
Bless is GUI tool which can view, edit, seach and a lot more.
Its very light weight.
If you want to open binary files (in CentOS 7):
strings <binary_filename>
$ echo -n 'Hello world!' | hd
00000000 48 65 6c 6c 6f 20 77 6f 72 6c 64 21 |Hello world!|
0000000c
Hexyl formats nicely: sudo apt install hexyl
See Improved Hex editing in the Vim Tips Wiki.
You can open emacs (in terminal mode, using emacs -nw for instance), and then use Hexl mode: M-x hexl-mode.
https://www.gnu.org/software/emacs/manual/html_node/emacs/Editing-Binary-Files.html
To get the output all in a single line in Hexadecimal:
xxd -p yourfile.bin | tr -d '\n'
to convert a file to its binary codes(hexadecimal representation) we say:
xxd filename #
e.g:
xxd hello.c #
to see all the contents and codes in a binary file , we could use commands like readelf and objdump, hexdump ,... .
for example if we want to see all the convert all the contents of a binary file(executable, shared libraries, object files) we say:
hexdump binaryfilename
e.g.
hexdump /bin/bash
but readelf is the best utility for analyzing elf(executable and linking format) files. so if we say:
readelf -a /bin/bash
all the contents in the binary file bash would be shown to us, also we could provide different flags for readelf to see all the sections and headers of an elf file separately, for example if we want to see only the elf header we say:
readelf -h /bin/bash
for reading all the segments of the file:
readelf -l /bin/bash
for reading all the sections of the file:
readelf -S /bin/sh
but again as summary , for reading a normal file like "hello.c" and a binary file like bash in path /bin/bash in linux we say:
xxd hello.c
readelf -a /bin/bash
You can use hexdump binary file
sudo apt-get install hexdump
hexdump -C yourfile.bin