Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mephi42/ida-kallsyms

IDA script for parsing kallsyms
https://github.com/mephi42/ida-kallsyms

Last synced: about 2 months ago
JSON representation

IDA script for parsing kallsyms

Awesome Lists containing this project

README 

        
# ida-kallsyms



IDA script for parsing kallsyms.



## Usage



* `git clone https://github.com/mephi42/ida-kallsyms.git`

* Open the kernel in IDA, let the autoanalysis finish.

* From `File` → `Script file...` (Alt+F7 / Alt+F9) run

  `ida-kallsyms/ida-kallsyms.py` script.



## Usage with Ghidra



* `git clone https://github.com/mephi42/ida-kallsyms.git`

* Open the kernel in Ghidra, let the autoanalysis finish.

* Go to `Window` → `Script manager`.

* Once: press `Script Directories` button and add `ida-kallsyms`.

* In `Filter` edit box, type `kallsyms`.

* Double-click `ghidra-kallsyms.py` and wait.



## Stand-alone usage



* `git clone https://github.com/mephi42/ida-kallsyms.git`

* `ida-kallsyms/find-kallsyms vmlinux >vmlinux.kallsyms`

* The resulting `vmlinux.kallsyms` file can be imported into IDA using

  `ida-kallsyms-import.py` script.



# build-vmlinux



Script for obtaining function signatures and struct layouts. Works by building

a Linux Kernel that is similar to the one being analyzed and extracting debug

information from it.



## Usage



* Load kallsyms into IDA as described above.

* `ida-kallsyms/build-vmlinux --like vmlinux`



  This will run for a while and generate `vmlinux.like.json` file.



  Check out `ida-kallsyms/build-vmlinux --help` in case you already have

  `binutils-gdb` / `gcc` / `linux` local git repos or a `.config` that

  matches `vmlinux`.

* Import `vmlinux.like.json` into IDA using `ida-kallsyms/ida-like-import.py`

  script.

* If there are import errors, check `vmlinux.like.json.log` file.