Extract Information From Linux Kernel Image
this article will explain some methods you can use to get information from kernel image file, this becomes handy when you have multiple kernels on your system, and you lose track of wich one is which, or you are just curious. it can also help you extract kernel compile time configuration from the image w/o having to boot it, by statically analyse the image.
usually you can find kernel images in /boot dir.
1. Decompress Kernel Image
first if you have a vmlinux file that's good you can skip this section. otherwise you might have vmlinuz or bzImage file in this case the kernel is compressed so we need to decompress it first, to do this we need a special script located at the linux src tree, called extract-vmlinux, it is a little sweet script, copy it to your local machine and run it:
./extract-vmlinux /boot/vmlinuz > /boot/vmlinuxnow you have the raw kernel, that we will be using in the rest of this article.
2. Kernel Release
to get some kernel release, it is simple because the release string is embeded in the raw kernel image:
strings /boot/vmlinux | egrep "\([a-zA-Z]+@[a-zA-Z]+\)"3. Kernel Config
the kernel compile time config is also embeded in the image, so you don't need to boot it, then read /proc/config.gz. to extract that embeded config we need a special script, also found in the kernel tree called extract-ikconfig, to run it you simply do:
./extract-ikconfig /boot/vmlinux > /boot/kconfignow you will find the kernel config in /boot/kconfig, and you can use e.g to compile another kernel with it.