I have a vmlinuz ELF image file. I need to get the kernel version from the image file without disassembling it. Is it possible to get kerenel version from offsets of that compressed image file? The file is ELF 64-bit MSB executable, statically linked, not stripped.
Is it possible to get kernel version from ELF image file without disassemble or using grep or strings?
855 Views Asked by Manish Purohit At
1
There are 1 best solutions below
Related Questions in LINUX
- Is there some way to use printf to print a horizontal list of decrementing hex digits in NASM assembly on Linux
- Why does Hugo generate different taxonomy-related HTML on different OS's?
- Writes in io_uring do not advance the file offset
- Why `set -o pipefail` gives different output even though the pipe is not failing
- what really controls the permissions: UID or eUID?
- Compiling eBPF program in Docker fails due to missing '__u64' type
- Docker container unable to make HTTPS requests to external API
- Whow to use callback_query_handler in Python 3.10
- Create kea runtime directory at startup in Yocto image
- Problem on CPU scheduling algorithms in OS
- How to copy files into the singularity sandbox?
- Android kernel error: undefined reference to `get_hw_version_platform'
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- Issue with launching application after updating ElectronJs to version 28.0.0 on Windows and Linux
Related Questions in LINUX-KERNEL
- Android kernel error: undefined reference to `get_hw_version_platform'
- Is there a need for BPF Linux namespace?
- Facing fatal errors while running "yum update" command on CentOS 7/Cloudlinux 7
- crash utility itself crashes while decoding kdump generated from null pointer dereference in kernel module
- How to compile the Linux kernel with -O0 for more detailed debug?
- Linux support for parallel Pixel data Image sensor
- Can't upgrade to newest version of linux-image-6.5.0-26-generic
- How to protect a page so that it cannot be write in mips arch?
- How to extract the .img file into normal kernel source file in the linux?
- Storage size of struct hash_desc desc; isn't known
- How can I intercept failed file openning calls?
- struct nameidata-Linux Kernel Module
- How to modify a 'struct msghdr' in Linux Kernel Module?
- How to allocate 500MB+ physically contiguous memory in a Linux kernel module and copy data to that memory from a userspace process?
- Hyper Threading: nosmt in grub configuration
Related Questions in KERNEL
- Simulate WeChat scanning short connection redirection, but the QQ display result is different from WeChat?
- Validating a client from kernel in Windows
- Yocto kernel patch fails with git am
- Nuke BlinkScript: Why does the convolution kernel scale down the image?
- EKS AMI kernel debug symbols
- Unexpected OS Shutdown
- create_ap wlan0: Could not connect to kernel driver
- QEMU i386 pmio addresses
- Simple programming of VGA cursor
- How to compile and install kernel modules with dependencies and device tree?
- android camera driver rotate 90°
- Is there any way to get the WiFi contention window (CW) min and max value in Linux 80211 subsystem?
- How to reduce cached memory used by Linux kernel on embedded linux platform
- How can I get current cpufreq in kernel code?
- Print Inode or file data, using path name
Related Questions in KERNEL-MODULE
- crash utility itself crashes while decoding kdump generated from null pointer dereference in kernel module
- How to modify a 'struct msghdr' in Linux Kernel Module?
- How to allocate 500MB+ physically contiguous memory in a Linux kernel module and copy data to that memory from a userspace process?
- Something's wrong with the makefile indentation? (Makefile:x: *** missing separator. Stop.)
- How to setup configfs for a custom Linux kernel module
- How to reduce reserved memory allocated by Linux kernel during boot time
- How do I use RDMA in the kernel so that I can communicate with user-space RDMA?
- How to get full mountpoint path name by the sturct fc_context
- Do kernel and kernel modules have their own task_struct?
- How external kernel module look for exported symbol during modpost
- kernel log trace file entries issue
- memcpy() - unable to handle kernel NULL pointer dereference
- Making a few charecter device in linux
- insmod fails - module does not seem to match running kernel but I cannot figure out why
- Can't get vermagic to match on Linux NVMe driver
Related Questions in EFL
- direct2d: optimizing the rendering of several BGRA rectangles on a bitmap
- Tizen: Set text of part in group which is in EDC file
- Generating Inline Plots with Matplotlib Using Terminology (EFL by enlightenment.org)
- Can I change the image file of an existing Evas_Object?
- How can I add touch to a watch face (EFL)
- Is it possible to get kernel version from ELF image file without disassemble or using grep or strings?
- How to manually collapse a frame in Enlightment library
- Tizen Native: Callback set for hardware buttons are not called
- EFL - window hirarchy
- EFL - custom button
- Elm_image random crashes
- Tizen Native Genlist Background
- Jagged edge Image on rotating with Evas map
- How to get Text Input (Tizen Native App)
- Problems building evil library (efl) for posix dependencies in cygwin
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
As previously mentioned, the version number is hardcoded into the compressed image file. First it depends on the compression algorithm used to compress the content, how to decompress it. Decompressing files in linux could be challenging due to the combination of compression algorithms and the correlated tool options (not to forget a newer version of tar for newer algorithms). For files with
So if you have access to the file utility (should also run on windows), run the following to receive the version string and additional information of your file named e.g. vmlinuz-4.x.y-z-a.
Another possibility to reverse-engineer would be to read all strings of the binary file vmlinuz-4.x.y-z-a and grep for a part of the possible solution.