You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This worked and served well for ARM32 kernels. Thank You!!!
It was able to find and extract kallsyms (offset + function name). It was limited to known 6 patterns of kallsyms locations, but still was better than nothing.
Now, new devices are coming (Samsung S6 Series, for example) based on ARM64 (aarch64). It is UBOOT images, with uncompressed kernel. The tool does not work anymore.
I was trying to do some manual work and figured out following:
0xffffffc000206000 is offset of the first 3 kallsyms functions, so I was able to find where kallsyms_addresses table starts.
It was found at aarch64.img at offset from 0xc19800 to 0xc96088 (size is 510088 or 0x7C888). There are 0xF911 (63761) symbols (11 F9 00 00), and kallsyms_num_syms is located at 0xc96090 (after 0x78 (120) zero bytes after table ends).
Next data block of something starts at 0xc96190
Looks like all sections inside kernel are 32-byte aligned.
I was able to find some text part at 0x007d5f90.
Something that looks like some table (maybe not related) at 0x08403504.
Another table at 0x00e8eb20 - 0x00eb6a00.
Not found:
kallsyms_names - a list of length-prefixed byte arrays that encode indexes into the token table
kallsyms_token_table - a list of 256 zero-terminated tokens from which symbol names are built
kallsyms_token_index - 256 shorts pointing to the corresponding entry in kallsyms_token_table
Hope this helps..
Also, can you advise any good reading on topic?
The text was updated successfully, but these errors were encountered:
This worked and served well for ARM32 kernels. Thank You!!!
It was able to find and extract kallsyms (offset + function name). It was limited to known 6 patterns of kallsyms locations, but still was better than nothing.
Now, new devices are coming (Samsung S6 Series, for example) based on ARM64 (aarch64). It is UBOOT images, with uncompressed kernel. The tool does not work anymore.
I was trying to do some manual work and figured out following:
0xffffffc000206000 is offset of the first 3 kallsyms functions, so I was able to find where kallsyms_addresses table starts.
It was found at aarch64.img at offset from 0xc19800 to 0xc96088 (size is 510088 or 0x7C888). There are 0xF911 (63761) symbols (11 F9 00 00), and kallsyms_num_syms is located at 0xc96090 (after 0x78 (120) zero bytes after table ends).
Next data block of something starts at 0xc96190
Looks like all sections inside kernel are 32-byte aligned.
I was able to find some text part at 0x007d5f90.
Something that looks like some table (maybe not related) at 0x08403504.
Another table at 0x00e8eb20 - 0x00eb6a00.
Not found:
kallsyms_names - a list of length-prefixed byte arrays that encode indexes into the token table
kallsyms_token_table - a list of 256 zero-terminated tokens from which symbol names are built
kallsyms_token_index - 256 shorts pointing to the corresponding entry in kallsyms_token_table
Hope this helps..
Also, can you advise any good reading on topic?
The text was updated successfully, but these errors were encountered: