IDA Android Kernel Symbolizer is an IDA Python script that allows you to import symbols from /proc/kallsyms output into an unlabelled Android kernel, typically extracted from a boot image.
First, the script prompts you to open a file containing the contents of /proc/kallsyms output. The file should contain text that looks something like this:
ffffff9918280000 t _head
ffffff9918280000 T _text
ffffff9918280040 t pe_header
ffffff9918280044 t coff_header
ffffff9918280058 t optional_header
ffffff9918280070 t extra_header_fields
[...]
After the file is opened, the script parses the symbol entries and utilizes the _text symbol (aka. the kernel .text base address) to convert the kASLR'd virtual addresses into slides, and adds them into lookup tables.
Finally, it runs through the function lookup table it just constructed to mark the address as code and create a subroutine in IDA if it does not already exists and labels it. It then does the same for the data lookup table, however it only labels the address and does not mark it as code or create a subroutine there.
- Running this script is generally fairly fast (under 20 seconds), however it will trigger IDA's Auto-Analysis engine to kick in, and this can take up to 5 minutes from our tests. During this time, IDA might be sluggish.
This script is licensed under the MIT license.