I have a kernel in which one initramfs is embedded.
I want to extract it.
I got the output x86 boot sector
when I do file bzImage
I have System.map file for this kernel image.
Is there any way to extract the embedded initramfs image from this kernel with or without the help of System.map file ?
The interesting string found in System map file is: (Just in case it helps)
57312:c17fd8cc T __initramfs_start
57316:c19d7b90 T __initramfs_size
Best Answer
There is some information about this in the gentoo wiki: https://wiki.gentoo.org/wiki/Custom_Initramfs#Salvaging
It recommends the usage of
binwalk
which works exceedingly well.I'll give a quick walk-through with an example:
first extract the bzImage file with binwalk:
I ended up with three files:
47B4
,47B4.xz
and951C38.xz
Now lets run binwalk again on
47B4
:This came back with a long list of found paths and several potentially interesting files. Lets have a look.
file
E9B348
is a (already decompressed) cpio archive, just what we are looking for! Bingo!To unpack the uncompressed cpio archive (your initramfs!) in your current directory just run
That was almost too easy.
binwalk
is absolutely the tool you are looking for. For reference, I was using v2.1.1 here.