前言 推荐学习顺序:
基础知识 → 进程管理 → 内存管理 → 进程间通信 → 文件系统 → 设备驱动 → 网络协议栈 → 虚拟化 → 安全模块。
环境搭建
工具链:https://pan.baidu.com/s/1SCRsg9bSmILlvNN2moxXXw?pwd=s274 提取码: s274
交叉编译工具链下载 toolchains-bootlin musl-cc
大家可以使用ubuntu desktop或者windows+wsl2,Mac的配置和Linux大同小异。qemu有windwos的安装包,也可以使用windows的qemu,即WSL2+WINDOWS。这一部分内容可以参考我之前写的Pwn_kernel的内核模块开发部分。需要注意的是Windwos的qemu和Linux的qemu在启动命令上是有些不同的,linux的一些指令和功能特性是Windows不支持的。也可以选择在wsl2中编译qemu。建议使用Linux的qemu,功能更为完善强大。
windows winget
https://github.com/microsoft/winget-cli/releases
choco
1 2 3 4 5 6 choco install git msys2 cmake make ninja -y git lfs install choco install iasl -y choco install visualstudio2022buildtools --package-parameters "--add Microsoft.VisualStudio.Workload.VCTools --includeRecommended --locale en-US" choco upgrade all -y irm https://xmake.io/psget.text | iex
msys2->clang64 / msys2->ucrt64
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 pacman -Syu pacman -S base-devel wget curl coreutils binutils mingw-w64-clang-x86_64-gdb pacman -S mingw-w64-clang-x86_64-toolchain \ mingw-w64-clang-x86_64-clang \ mingw-w64-clang-x86_64-llvm pacman -S mingw-w64-clang-x86_64-cmake \ mingw-w64-clang-x86_64-ninja pacman -S mingw-w64-clang-x86_64-clang-tools-extra \ mingw-w64-clang-x86_64-bear \ mingw-w64-clang-x86_64-gdb gcc --version g++ --version clang --version cmake --version
包前缀对照表
环境
完整前缀
缩写提示
MINGW64
mingw-w64-x86_64-x86_64
UCRT64
mingw-w64-ucrt-x86_64-ucrt64
CLANG64
mingw-w64-clang-x86_64-clang64
python
https://www.python.org/downloads/windows
UV
1 irm https://astral.sh/uv/install.ps1 | iex
nvm
https://www.nvmnode.com/guide/download.html
bun
https://bun.com
AI-Coder
1 2 3 4 5 6 Invoke-WebRequest https://get.pnpm.io/install.ps1 -UseBasicParsing | Invoke-Expression irm https://claude.ai/install.ps1 | iex npm install -g @openai/codex@latest npm install -g @google/gemini-cli @latest bun add -g opencode-ai irm https://code.kimi.com/install.ps1 | iex
VSC++
https://visualstudio.microsoft.com/insiders/
按需安装C++即可
Rust/Golang
https://rust-lang.org/learn/get-started/
https://go.dev/
XMake 1 curl -fsSL https://xmake.io/shget.text | bash
zsh-omz 安装 1 2 3 4 5 6 7 8 9 10 11 sudo apt-get install zsh curl git vim -ychsh -s $(which zsh) sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh) " git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom} /plugins/zsh-syntax-highlighting git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom} /plugins/zsh-autosuggestions cp ~/.zshrc ~/.zshrc.bak && sed -i 's/^plugins=(.*/plugins=(git z zsh-syntax-highlighting zsh-autosuggestions)/' ~/.zshrcsource ~/.zshrc
pyenv 安装(弃用) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 sudo apt update && sudo apt install -y \ build-essential \ libssl-dev \ zlib1g-dev \ libbz2-dev \ libreadline-dev \ libsqlite3-dev \ libncurses-dev \ xz-utils \ tk-dev \ libffi-dev \ liblzma-dev \ libgdbm-dev \ libnss3-dev \ libedit-dev \ wget curl clang llvm make git curl https://pyenv.run | bash vim ~/.zshrc export PYENV_ROOT="$HOME /.pyenv" [[ -d $PYENV_ROOT /bin ]] && export PATH="$PYENV_ROOT /bin:$PATH " eval "$(pyenv init -) " CFLAGS="-O2 -std=gnu17" pyenv install 2.7.18
Poetry(弃用) 1 2 3 4 pip install Poetry poetry self add poetry-plugin-up poetry up --latest poetry update
UV (推荐) 1 2 3 curl -LsSf https://astral.sh/uv/install.sh | sh - source $HOME /.local/bin/env
中文支持 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 sudo apt updatesudo apt install -y language-pack-zh-hans language-pack-zh-hans-basesudo apt install -y fonts-noto-cjk fonts-wqy-microhei fonts-wqy-zenheisudo locale-gen zh_CN.UTF-8sudo update-locale LANG=zh_CN.UTF-8 LANGUAGE=zh_CN:zhlocale -a | grep zh echo 'export LANG=zh_CN.UTF-8' >> ~/.zshrcecho 'export LANGUAGE=zh_CN:zh' >> ~/.zshrcsource ~/.zshrc
git 配置 1 2 3 4 5 6 ssh-keygen -t ed25519 -C "git@git.com" cat ~/.ssh/id_ed25519.pubssh -T git@github.com
gh 配置 1 2 3 4 5 6 7 8 9 10 (type -p wget >/dev/null || (sudo apt update && sudo apt install wget -y)) \ && sudo mkdir -p -m 755 /etc/apt/keyrings \ && wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \ && sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \ && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ && sudo apt update \ && sudo apt install gh -y gh auth login
开启 32 位支持 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 sudo dpkg --add-architecture i386dpkg --print-architecture dpkg --print-foreign-architectures sudo apt updatesudo apt install -y \ libc6:i386 \ libc6-dbg:i386 \ libncurses6:i386 \ libncursesw6:i386 \ libtinfo6:i386 \ libstdc++6:i386 \ lib32z1 \ lib32gcc-s1 \ libgcc-s1:i386 \ libbz2-1.0:i386 \ libsqlite3-0:i386 \ zlib1g:i386 sudo apt install -y gcc-multilib g++-multilib gdb-multiarch
wine 1 sudo apt install -y wine zenity winetricks
zed 编辑器 1 2 3 curl -f https://zed.dev/install.sh | sh echo 'export PATH=$HOME/.local/bin:$PATH' >> ~/.zshrcsource ~/.zshrc
NVM / node nvm-git 下载最新版。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 #!/usr/bin/env bash set -eo pipefail echo "正在获取 nvm 最新版本..." LATEST_URL=$(curl -s -o /dev/null -w '%{url_effective}' -L \ https://github.com/nvm-sh/nvm/releases/latest 2>/dev/null) || true LATEST_TAG=${LATEST_URL##*/} FALLBACK_TAG="v0.40.4" if [[ -z "$LATEST_TAG " || "$LATEST_TAG " != v* ]]; then echo "无法自动获取最新版本,使用备用版本 ${FALLBACK_TAG} " LATEST_TAG="$FALLBACK_TAG " else echo "最新 nvm 版本:${LATEST_TAG} " fi echo "正在安装 nvm ${LATEST_TAG} ..." curl -o- "https://raw.githubusercontent.com/nvm-sh/nvm/${LATEST_TAG} /install.sh" | bash export NVM_DIR="$HOME /.nvm" [ -s "$NVM_DIR /nvm.sh" ] && \. "$NVM_DIR /nvm.sh" [ -s "$NVM_DIR /bash_completion" ] && \. "$NVM_DIR /bash_completion" ZSHRC="$HOME /.zshrc" NVM_BLOCK="# nvm configuration" if ! grep -qF "$NVM_BLOCK " "$ZSHRC " 2>/dev/null; then cat >> "$ZSHRC " << 'EOF' export NVM_DIR="$HOME /.nvm" [ -s "$NVM_DIR /nvm.sh" ] && \. "$NVM_DIR /nvm.sh" [ -s "$NVM_DIR /bash_completion" ] && \. "$NVM_DIR /bash_completion" EOF echo "已将 nvm 配置追加到 ${ZSHRC} " else echo "nvm 配置已存在于 ${ZSHRC} ,无需重复添加" fi echo "正在安装 Node.js LTS 版本..." nvm install --lts nvm use --lts echo "安装完成!当前 node 版本:$(node -v) " echo " npm 版本:$(npm -v) "
AI Coder 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 #!/usr/bin/env bash set -euo pipefailneed_cmd if ! command -v "$1 " &>/dev/null; then echo "❌ 需要 $1 但未安装,请先安装它。" exit 1 fi } add_block_to_zshrc local marker="$1 " local block="$2 " local zshrc="$HOME /.zshrc" if ! grep -qF "$marker " "$zshrc " 2>/dev/null; then echo "" >> "$zshrc " echo "$block " >> "$zshrc " echo "✅ 已写入 $marker 到 ~/.zshrc" else echo "⏭️ $marker 配置已存在,跳过。" fi } need_cmd curl need_cmd bash echo "============================================" echo "开始安装开发工具..." echo "============================================" echo "📦 安装 pnpm..." curl -fsSL https://get.pnpm.io/install.sh | sh add_block_to_zshrc "# pnpm" \ '# pnpm export PNPM_HOME="$HOME/.local/share/pnpm" case ":$PATH:" in *":$PNPM_HOME/bin:"*) ;; *) export PATH="$PNPM_HOME/bin:$PATH" ;; esac # pnpm end' echo "📦 安装 bun..." curl -fsSL https://bun.sh/install | bash add_block_to_zshrc "# bun" \ '# bun export BUN_INSTALL="$HOME/.bun" export PATH="$BUN_INSTALL/bin:$PATH" # bun end' echo "📦 安装 opencode..." curl -fsSL https://opencode.ai/install | bash add_block_to_zshrc "# opencode" \ '# opencode export PATH="$HOME/.opencode/bin:$PATH" # opencode end' echo "📦 安装 kimi-code..." curl -fsSL https://code.kimi.com/kimi-code/install.sh | bash add_block_to_zshrc "# kimi-code" \ '# kimi-code export PATH="$HOME/.kimi-code/bin:$PATH" # kimi-code end' echo "📦 安装 claude..." curl -fsSL https://claude.ai/install.sh | bash if ! command -v npm &>/dev/null; then echo "⚠️ 未找到 npm,跳过全局安装 @openai/codex 和 @google/gemini-cli" else echo "📦 安装 @openai/codex@latest..." npm install -g @openai/codex@latest echo "📦 安装 @google/gemini-cli@latest..." npm install -g @google/gemini-cli@latest fi echo "" echo "============================================" echo "全部安装完成!" echo "请执行以下命令让环境变量生效:" echo " source ~/.zshrc (或者重新打开终端)" echo "============================================"
cc-switch
superpowers superpowers
ruflo 1 curl -fsSL https://cdn.jsdelivr.net/gh/ruvnet/ruflo@main/scripts/install.sh | bash
pwntools 安装
1 2 3 cd ~ && mkdir pwn && cd pwnuv venv uv pip install pwncli
pwndbg 安装
1 curl --proto '=https' --tlsv1.2 -LsSf 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb
Rust/Golang rust:
1 2 3 4 5 6 7 8 9 10 curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh cat >> ~/.zshrc << 'EOF' export PATH="$HOME /.cargo/bin:$PATH " EOF source ~/.zshrcrustup install stable rustup install nightly rustup update
golang:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 #!/bin/bash set -eLATEST_GO=$(curl -s https://go.dev/VERSION?m=text | head -1 | grep -oP 'go\K[0-9.]+' ) echo "最新 Go 版本: $LATEST_GO " OS=linux ARCH=amd64 FILE="go${LATEST_GO} .${OS} -${ARCH} .tar.gz" URL="https://go.dev/dl/${FILE} " cd ~mkdir -p golangcd golangif [ -d "go" ]; then INSTALLED=$("go/bin/go" version 2>/dev/null | grep -oP 'go\K[0-9.]+' || echo "0" ) if [ "$INSTALLED " = "$LATEST_GO " ]; then echo "当前已安装最新版本 $LATEST_GO ,跳过下载" exit 0 else echo "旧版本 $INSTALLED 存在,将覆盖更新至 $LATEST_GO " fi fi wget -q --show-progress "$URL " tar -xzf "$FILE " rm "$FILE " if ! grep -q "GOROOT=\$HOME/golang/go" ~/.zshrc; then cat >> ~/.zshrc << 'EOF' export GOROOT=$HOME /golang/goexport GOPATH=$HOME /golang/gopathexport PATH=$PATH :$GOROOT /bin:$GOPATH /binEOF echo "环境变量已写入 ~/.zshrc,请执行: source ~/.zshrc" else echo "环境变量已存在,跳过写入" fi echo "Go ${LATEST_GO} 安装完成!"
tmux/zellij tmux
zellij
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 #!/usr/bin/env bash set -euo pipefailREPO="zellij-org/zellij" BIN_DIR="$HOME /mybin" mkdir -p "$BIN_DIR " ARCH=$(uname -m) case "$ARCH " in x86_64) ARCH="x86_64" ;; aarch64) ARCH="aarch64" ;; arm64) ARCH="aarch64" ;; *) echo "不支持的架构: $ARCH " ; exit 1 ;; esac OS=$(uname -s) case "$OS " in Linux) TARGET="unknown-linux-musl" ;; Darwin) TARGET="apple-darwin" ;; *) echo "不支持的操作系统: $OS " ; exit 1 ;; esac TAG=$(curl -s "https://api.github.com/repos/$REPO /releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' ) echo "✅ 最新版本: $TAG " URL="https://github.com/$REPO /releases/download/$TAG /zellij-${ARCH} -${TARGET} .tar.gz" echo "⬇️ 下载 $URL " curl -L "$URL " -o /tmp/zellij.tar.gz tar -xzf /tmp/zellij.tar.gz -C /tmp chmod +x /tmp/zellijmv /tmp/zellij "$BIN_DIR /zellij" rm /tmp/zellij.tar.gzecho "✅ zellij 已安装到 $BIN_DIR /zellij" if ! grep -q 'export PATH="$HOME/mybin:$PATH"' ~/.zshrc 2>/dev/null; then cat << 'EOF' >> ~/.zshrc export PATH="$HOME /mybin:$PATH " EOF echo "✅ 已将 ~/mybin 添加到 PATH,写入 ~/.zshrc" else echo "ℹ️ ~/mybin 已存在于 PATH,无需重复添加" fi echo "" echo "🚀 执行下面命令让 PATH 生效,然后就可以直接输入 zellij 了:" echo " source ~/.zshrc"
Android 环境搭建 IDA Pro 安装 idapro9.3sp2 crack
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 import jsonimport hashlibimport osimport platform license = { "header" : {"version" : 1 }, "payload" : { "name" : "IDAPRO93" , "email" : "idapro93@example.com" , "licenses" : [ { "id" : "48-2137-ACAB-99" , "edition_id" : "ida-pro" , "description" : "license" , "license_type" : "named" , "product" : "IDA" , "product_id" : "IDAPRO" , "product_version" : "9.3" , "seats" : 1 , "start_date" : "2024-08-10 00:00:00" , "end_date" : "2083-12-31 23:59:59" , "issued_on" : "2024-08-10 00:00:00" , "owner" : "HexRays" , "add_ons" : [], "features" : [], } ], }, } def add_every_addon (license ): platforms = [ "W" , "L" , "M" , ] addons = [ "HEXX86" , "HEXX64" , "HEXARM" , "HEXARM64" , "HEXMIPS" , "HEXMIPS64" , "HEXPPC" , "HEXPPC64" , "HEXRV" , "HEXRV64" , "HEXARC" , "HEXARC64" , ] i = 0 for addon in addons: i += 1 license["payload" ]["licenses" ][0 ]["add_ons" ].append( { "id" : f"48-1337-0000-{i:02} " , "code" : addon, "owner" : license["payload" ]["licenses" ][0 ]["id" ], "start_date" : "2024-08-10 00:00:00" , "end_date" : "2083-12-31 23:59:59" , } ) add_every_addon(license) def json_stringify_alphabetical (obj ): return json.dumps(obj, sort_keys=True , separators=("," , ":" )) def buf_to_bigint (buf ): return int .from_bytes(buf, byteorder="little" ) def bigint_to_buf (i ): return i.to_bytes((i.bit_length() + 7 ) // 8 , byteorder="little" ) pub_modulus_hexrays = buf_to_bigint( bytes .fromhex( "edfd425cf978546e8911225884436c57140525650bcf6ebfe80edbc5fb1de68f4c66c29cb22eb668788afcb0abbb718044584b810f8970cddf227385f75d5dddd91d4f18937a08aa83b28c49d12dc92e7505bb38809e91bd0fbd2f2e6ab1d2e33c0c55d5bddd478ee8bf845fcef3c82b9d2929ecb71f4d1b3db96e3a8e7aaf93" ) ) pub_modulus_patched = buf_to_bigint( bytes .fromhex( "edfd42cbf978546e8911225884436c57140525650bcf6ebfe80edbc5fb1de68f4c66c29cb22eb668788afcb0abbb718044584b810f8970cddf227385f75d5dddd91d4f18937a08aa83b28c49d12dc92e7505bb38809e91bd0fbd2f2e6ab1d2e33c0c55d5bddd478ee8bf845fcef3c82b9d2929ecb71f4d1b3db96e3a8e7aaf93" ) ) private_key = buf_to_bigint( bytes .fromhex( "77c86abbb7f3bb134436797b68ff47beb1a5457816608dbfb72641814dd464dd640d711d5732d3017a1c4e63d835822f00a4eab619a2c4791cf33f9f57f9c2ae4d9eed9981e79ac9b8f8a411f68f25b9f0c05d04d11e22a3a0d8d4672b56a61f1532282ff4e4e74759e832b70e98b9d102d07e9fb9ba8d15810b144970029874" ) ) def decrypt (message ): decrypted = pow (buf_to_bigint(message), exponent, pub_modulus_patched) decrypted = bigint_to_buf(decrypted) return decrypted[::-1 ] def encrypt (message ): encrypted = pow (buf_to_bigint(message[::-1 ]), private_key, pub_modulus_patched) encrypted = bigint_to_buf(encrypted) return encrypted exponent = 0x13 def sign_hexlic (payload: dict ) -> str : data = {"payload" : payload} data_str = json_stringify_alphabetical(data) buffer = bytearray (128 ) for i in range (33 ): buffer[i] = 0x42 sha256 = hashlib.sha256() sha256.update(data_str.encode()) digest = sha256.digest() for i in range (32 ): buffer[33 + i] = digest[i] encrypted = encrypt(buffer) return encrypted.hex ().upper() def patch (filename ): if not os.path.exists(filename): print (f"Skip: {filename} - didn't find" ) return with open (filename, "rb" ) as f: data = f.read() if data.find(bytes .fromhex("EDFD42CBF978" )) != -1 : print (f"Patch: {filename} - looks to be already patched :)" ) return if data.find(bytes .fromhex("EDFD425CF978" )) == -1 : print (f"Patch: {filename} - doesn't contain the original modulus." ) return data = data.replace( bytes .fromhex("EDFD425CF978" ), bytes .fromhex("EDFD42CBF978" ) ) with open (filename, "wb" ) as f: f.write(data) print (f"Patch: {filename} - OK" ) license["signature" ] = sign_hexlic(license["payload" ]) serialized = json_stringify_alphabetical(license) filename = "idapro.hexlic" with open (filename, "w" ) as f: f.write(serialized) print (f"\nSaved new license to {filename} !\n" ) os_name = platform.system().lower() if os_name == 'windows' : patch("ida.dll" ) patch("ida32.dll" ) elif os_name == 'linux' : patch("libida.so" ) patch("libida32.so" ) elif os_name == 'darwin' : patch("libida.dylib" ) patch("libida32.dylib" )
Python 编译
1 2 3 4 5 6 7 8 9 10 11 12 13 PREFIX=$HOME /ida-pro-9.3/ida-python ./configure \ --prefix=${PREFIX} \ --enable-shared \ --enable-optimizations \ --with-lto \ --with-ensurepip=install \ --with-system-ffi \ LDFLAGS="-Wl,-rpath,${PREFIX} /lib" make -j$(nproc ) make altinstall ./idapyswitch --force-path ${PREFIX} /lib/libpython3.12.so.1.0
选项
作用
--prefix=/opt/python3.12-ida安装到独立目录,不进 /usr
--enable-shared生成 libpython3.12.so.1.0(IDAPython 必需)
--enable-optimizationsPGO 优化(编译慢,但运行更快;可省略以加速构建)
--with-lto链接时优化
LDFLAGS="-Wl,-rpath,..."把库路径写进可执行文件,避免设置 LD_LIBRARY_PATH
install.txt
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 fastmcp pytest PySide6 PyQt6-sip Requests rpyc tomli six keystone-engine colorama yara-python cdifflib scikit-learn numpy joblib pandas # python -m pip install ./idalib/python/idapro-0.0.7-py3-none-any.whl # python ./idalib/python/py-activate-idalib.py # plugins vulfi | keypatch | LazyIDA | hrtng | auto-enum | findcrypt-yara | IDA MCP | diaphora | soff
https://bbs.kanxue.com/thread-285604-1.htm
docker 安装 1 2 3 curl -fsSL https://get.docker.com | sudo sh sudo groupadd dockersudo usermod -aG docker $USER
rdp 启动 1 2 3 4 5 systemctl --user enable gnome-remote-desktop.service systemctl --user start gnome-remote-desktop.service systemctl --user status gnome-remote-desktop.service grdctl rdp set-credentials setting->system->remote desktop on
Linux内核编译所需的库 1 2 3 4 5 6 7 8 9 10 11 sudo apt install gcc make bc bison flex libssl-dev libelf-devsudo apt install libncurses5-dev libncursesw5-devsudo apt install zlib1g-dev liblz4-dev liblzma-dev libzstd-devsudo apt install dwarves rsync kmod cpio initramfs-tools-core
Busybox编译所需的库 1 2 3 4 5 sudo apt install libc6-devsudo apt install libc6-dev-i386 lib32gcc-s1 lib32stdc++6
Qemu编译所需的库 QEMU编译核心依赖
1 2 3 4 5 6 7 8 9 10 11 12 13 14 sudo apt install -y gcc make cmake ninja-build pkg-configsudo apt install -y python3 python3-pip python3-dev python3-venvsudo apt install -y libc6-dev-i386 libglib2.0-dev libpixman-1-dev libmount-dev libunistring-dev libp11-kit-devsudo apt install zlib1g-dev libglib2.0-dev libpixman-1-dev libslirp-devsudo apt install -y \ liburing-dev \ libnfs-dev
图形和显示支持
1 2 3 4 5 6 7 8 9 10 11 sudo apt install libsdl2-dev libsdl2-image-devsudo apt install libgtk-3-devsudo apt install libvncserver-devsudo apt install libspice-server-dev libspice-protocol-dev
网络和存储支持
1 2 3 4 5 6 7 8 9 10 11 sudo apt install libcap-ng-dev libattr1-devsudo apt install libaio-dev libcap-dev libiscsi-devsudo apt install liblzo2-dev libsnappy-dev libbz2-dev liblzma-dev libzstd-devsudo apt install libgcrypt20-dev libgnutls28-dev
音频支持
1 sudo apt install libasound2-dev libpulse-dev
虚拟化和硬件加速
1 2 3 4 5 6 7 8 sudo apt install libvirt-devsudo apt install libusb-1.0-0-dev libusbredirparser-devsudo apt install libcacard-dev
可选高级功能
1 2 3 4 5 6 7 8 9 10 11 12 13 14 sudo apt install valgrindsudo apt install texinfosudo apt install libcurl4-gnutls-dev libssh-devsudo apt install librdmacm-dev libibverbs-devsudo apt install libseccomp-dev
Buildroot编译需要的库 1 2 3 sudo apt install -y git make gcc g++ unzip patch bc libncurses5-dev \ libssl-dev libelf-dev bison flex rsync cpio python3 python3-pip \ file wget
交叉编译工具链安装 ARM EABI 交叉编译工具链
ARM EABI(Embedded Application Binary Interface)主要用于较老的ARM处理器:
1 2 3 4 sudo apt updatesudo apt install gcc-arm-linux-gnueabi g++-arm-linux-gnueabisudo apt install libc6-dev-armel-cross
ARM EABIHF 交叉编译工具链
ARM EABIHF(Hard Float)支持硬件浮点运算,适用于ARMv7架构:
1 2 3 sudo apt install gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihfsudo apt install libc6-dev-armhf-cross
AArch64 交叉编译工具链
AArch64是ARM的64位架构:
1 2 3 sudo apt install gcc-aarch64-linux-gnu g++-aarch64-linux-gnusudo apt install libc6-dev-arm64-cross
RISC-V 交叉编译工具链
ubuntu缺乏riscv-32位相关的包,我们需要从官网进行下载编译。
1 2 3 sudo apt install gcc-riscv64-linux-gnu g++-riscv64-linux-gnusudo apt install libc6-dev-riscv64-cross
其他工具链安装
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 sudo apt install gcc-arm-linux-gnueabi g++-arm-linux-gnueabi -ysudo apt install gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf -ysudo apt install gcc-aarch64-linux-gnu g++-aarch64-linux-gnu -ysudo apt install gcc-riscv64-linux-gnu g++-riscv64-linux-gnu -ysudo apt install gcc-x86-64-linux-gnu g++-x86-64-linux-gnu -ysudo apt install gcc-i686-linux-gnu g++-i686-linux-gnu -ysudo apt install gcc-mipsel-linux-gnu g++-mipsel-linux-gnu -ysudo apt install gcc-mips64el-linux-gnuabi64 g++-mips64el-linux-gnuabi64 -ysudo apt install gcc-mips-linux-gnu g++-mips-linux-gnu -ysudo apt install gcc-mips64-linux-gnuabi64 g++-mips64-linux-gnuabi64 -ysudo apt install gcc-powerpc-linux-gnu g++-powerpc-linux-gnu -ysudo apt install gcc-powerpc64-linux-gnu g++-powerpc64-linux-gnu -ysudo apt install gcc-alpha-linux-gnu g++-alpha-linux-gnu -ysudo apt install gcc-s390x-linux-gnu g++-s390x-linux-gnu -ysudo apt install gcc-sparc64-linux-gnu g++-sparc64-linux-gnu -ysudo apt install gcc-arc-linux-gnu g++-arc-linux-gnu -ysudo apt install gcc-m68k-linux-gnu g++-m68k-linux-gnu -y
由于是做相关项目,我们将相关的交叉编译工具链单独放在了项目文件夹里。大家可以通过绝对路径来引用,当然你也可以将其添加到你的环境变量上。我们使用的是glibc和elf,也就是使用glibc库和裸机编译。
我们现在暂时用不到裸机编译工具链none, unknow-elf版本,所以可以不下载。
toolchains-bootlin
主要区别对比
特性
aarch64-none-linux-gnu
aarch64-none-elf-gnu
aarch64-linux-gnu
目标环境
Linux用户空间
裸机/固件
Linux用户空间
系统调用
支持Linux系统调用
无系统调用
支持Linux系统调用
标准库
glibc
newlib或无
glibc
内存管理
虚拟内存
物理内存
虚拟内存
启动方式
操作系统加载
直接启动
操作系统加载
我们学习Linux内核用到的架构只有常用的 RISCV-64,ARM64,x86_64三种64位架构。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 cd ~mkdir multi-gcc && cd multi-gccwget https://toolchains.bootlin.com/downloads/releases/toolchains/aarch64/tarballs/aarch64--glibc--stable-2025.08-1.tar.xz wget https://toolchains.bootlin.com/downloads/releases/toolchains/armv7-eabihf/tarballs/armv7-eabihf--glibc--stable-2025.08-1.tar.xz wget https://toolchains.bootlin.com/downloads/releases/toolchains/mips32/tarballs/mips32--glibc--stable-2025.08-1.tar.xz wget https://toolchains.bootlin.com/downloads/releases/toolchains/mips32el/tarballs/mips32el--glibc--stable-2025.08-1.tar.xz wget https://toolchains.bootlin.com/downloads/releases/toolchains/mips64el-n32/tarballs/mips64el-n32--glibc--stable-2025.08-1.tar.xz wget https://toolchains.bootlin.com/downloads/releases/toolchains/mips64-n32/tarballs/mips64-n32--glibc--stable-2025.08-1.tar.xz wget https://toolchains.bootlin.com/downloads/releases/toolchains/riscv32-ilp32d/tarballs/riscv32-ilp32d--glibc--stable-2025.08-1.tar.xz wget https://toolchains.bootlin.com/downloads/releases/toolchains/riscv64-lp64d/tarballs/riscv64-lp64d--glibc--stable-2025.08-1.tar.xz wget https://toolchains.bootlin.com/downloads/releases/toolchains/x86-64/tarballs/x86-64--glibc--stable-2025.08-1.tar.xz wget https://toolchains.bootlin.com/downloads/releases/toolchains/x86-i686/tarballs/x86-i686--glibc--stable-2025.08-1.tar.xz for f in *.tar.xz; do tar -xvJf "$f " ; done rm *.tar.xz
运行库安装命令汇总 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 sudo apt update && sudo apt install -y \ git curl wget net-tools openssh-server \ unzip patch file rsync bear nmap valgrind \ texinfo genisoimage \ devscripts config-package-dev debhelper-compat mtd-utils sudo apt install build-essential -ysudo apt install gdb gdb-multiarch -ysudo apt install build-essential uuid-dev iasl git nasm python3 ovmf -ysudo apt install uml-utilities -ysudo apt install -y \ build-essential gcc g++ clang make cmake ninja-build pkg-config \ bc bison flex dwarves kmod cpio initramfs-tools-core \ patchelf musl-tools sudo apt install -y \ python3 python3-pip python3-dev python3-venv \ python3-tk tk-dev sudo apt install -y \ libc6-dev libc6-dev-i386 \ libssl-dev libelf-dev libdw-dev libz-dev \ zlib1g-dev libbz2-dev liblz4-dev liblzma-dev libzstd-dev \ libgcrypt20-dev libgnutls28-dev \ libcurl4-gnutls-dev libssh-dev \ libcap-ng-dev libattr1-dev \ libaio-dev libcap-dev libiscsi-dev \ liblzo2-dev libsnappy-dev \ libmount-dev libunistring-dev libp11-kit-dev \ libsqlite3-dev libreadline-dev libffi-dev \ libglib2.0-dev libgirepository-2.0-dev \ libpixman-1-dev libslirp-dev \ libfuse-dev liburing-dev libnfs-dev libcrypt-dev \ libbpf-dev libseccomp-dev \ librdmacm-dev libibverbs-dev \ libxcb-cursor0 sudo apt install -y libncurses-dev libtinfo-devsudo apt install -y \ libsdl2-dev libsdl2-image-dev \ libgtk-3-dev libvte-2.91-dev \ libvncserver-dev \ libspice-server-dev libspice-protocol-dev \ libvirglrenderer-dev libepoxy-dev libgbm-dev sudo apt install -y \ libasound2-dev libpulse-dev \ jackd2 libjack-jackd2-dev libpipewire-0.3-dev pipewire-jack sudo apt install -y \ libjavascriptcoregtk-4.1-dev libsoup-3.0-dev libwebkit2gtk-4.1-dev sudo apt install -y \ libvirt-dev \ libusb-1.0-0-dev libusbredirparser-dev \ libcacard-dev \ libvdeplug-dev sudo apt install -y \ linux-headers-generic linux-libc-dev sudo apt install -y google-android-platform-tools-installersudo apt install -y libguestfs-toolssudo apt install -y \ gcc-arm-linux-gnueabi g++-arm-linux-gnueabi \ gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf \ gcc-aarch64-linux-gnu g++-aarch64-linux-gnu \ gcc-riscv64-linux-gnu g++-riscv64-linux-gnu \ gcc-x86-64-linux-gnu g++-x86-64-linux-gnu \ gcc-i686-linux-gnu g++-i686-linux-gnu \ gcc-mipsel-linux-gnu g++-mipsel-linux-gnu \ gcc-mips64el-linux-gnuabi64 g++-mips64el-linux-gnuabi64 \ gcc-mips-linux-gnu g++-mips-linux-gnu \ gcc-mips64-linux-gnuabi64 g++-mips64-linux-gnuabi64 \ gcc-powerpc-linux-gnu g++-powerpc-linux-gnu \ gcc-powerpc64-linux-gnu g++-powerpc64-linux-gnu \ gcc-alpha-linux-gnu g++-alpha-linux-gnu \ gcc-s390x-linux-gnu g++-s390x-linux-gnu \ gcc-sparc64-linux-gnu g++-sparc64-linux-gnu \ gcc-arc-linux-gnu g++-arc-linux-gnu \ gcc-m68k-linux-gnu g++-m68k-linux-gnu sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove --purge -y
VM to Host 一:在 Ubuntu 中安装 open-vm-tools
1 2 3 sudo apt updatesudo apt install -y open-vm-tools open-vm-tools-desktopsudo reboot
二:在 VMware 中配置共享文件夹
在 VMware Workstation / Fusion 中:
关闭虚拟机(或挂起)
虚拟机 → 设置 → 选项 → 共享文件夹 选择 “总是启用” (Always enabled)
点击 “添加” ,选择宿主机要共享的文件夹,起个名字(如 share)
勾选 “启用此共享”
启动虚拟机
三:在 Ubuntu 中挂载
1 2 3 4 5 6 7 8 9 sudo mkdir -p /mnt/hgfs sudo vmhgfs-fuse .host:/ /mnt/hgfs -o allow_other -o uid=1000 -o gid=1000sudo vim /etc/fstab.host:/ /mnt/hgfs fuse.vmhgfs-fuse allow_other,defaults,uid=1000,gid=1000 0 0 ➜ ~ ls /mnt/hgfs D E G ➜ ~
编译步骤提示 Linux内核编译: Linux内核下载:
1 2 3 4 wget https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.15.188.tar.gz tar -xvf linux-5.15.188.tar.gz wget https://www.kernel.org/pub/linux/kernel/v6.x/linux-6.12.38.tar.gz tar -xvf linux-6.12.38.tar.gz
1 2 3 4 5 6 7 8 9 10 11 make menuconfig make bzImage -j$(nproc ) sudo make modules_installsudo make install
清华源
make menuconfig
这里我们主要关注调试方面的选项,依次进入到 Kernel hacking -> Compile-time checks and compiler options,然后勾选如下选项Compile the kernel with debug info,以便于调试。不过似乎现在是默认开启的。如果要使用 kgdb 调试内核,则需要选中 KGDB: kernel debugger,并选中 KGDB 下的所有选项。
报错处理:
【1】
问题概述:
make[1]: *** No rule to make target 'debian/canonical-certs.pem', needed by 'certs/x509_certificate_list'. Stop.
解决方法:
编辑 .config 文件,搜索debian/canonical-certs.pem并把这个字符串删掉。
删除前:
CONFIG_SYSTEM_TRUSTED_KEYS=”debian/canonical-certs.pem”
删除后
CONFIG_SYSTEM_TRUSTED_KEYS=””
【2】
问题概述:
make[2]: *** No rule to make target 'net/netfilter/xt_TCPMSS.o', needed by 'net/netfilter/built-in.a'. Stop.
解决方法:
Makefile 中的 xt_TCPMSS.c 是大写的,而源文件名 (xt_tcpmss.c) 是小写的。这是一个大小写不匹配的问题。
【3】
1 2 3 4 5 /usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here collect2: error: ld returned 1 exit status make[2]: *** [scripts/Makefile.host:100: scripts/dtc/dtc] Error 1 make[1]: *** [scripts/Makefile.build:403: scripts/dtc] Error 2 make: *** [Makefile:555: scripts] Error 2
1 2 3 4 5 修改scripts/dtc目录下的dtc-lexer.lex.c_shipped文件中找到 YYLTYPE yyloc这一行,在640行,在之前面加上extern 保存退出, make 编译 正常编译
验证源文件名
你可以先检查一下实际的源文件名:
1 ls net/netfilter/xt_*tcpmss*
这应该会显示实际的文件名是 xt_tcpmss.c(小写)。
1. 找到并编辑 Makefile
1 vim net/netfilter/Makefile
2. 找到第157行左右的内容
寻找类似这样的行:
1 obj-$(CONFIG_NETFILTER_XT_TARGET_TCPMSS) += xt_TCPMSS.o
3. 将大写的 TCPMSS 改为小写的 tcpmss
修改为:
1 obj-$(CONFIG_NETFILTER_XT_TARGET_TCPMSS) += xt_tcpmss.o
4. 保存并重新编译
make bzImage -j4
注意事项:
注意 gcc 版本问题,4.*一般用 gcc-5,5.*一般用 gcc-7。
gcc多版本共存请参考这里
编译成功后
我们一般主要关注于如下的文件
RISC-V64
镜像名 : Image路径 : arch/riscv/boot/Image说明 : 与ARM64一样,RISC-V也使用未压缩的Image格式
x86_64
镜像名 : bzImage路径 : arch/x86/boot/bzImage说明 : “big zImage”的缩写,实际上是压缩的内核镜像
ARM64
镜像名 : Image路径 : arch/arm64/boot/Image说明 : 未压缩的内核镜像
MIPS
镜像名 : vmlinux.bin 或 vmlinux路径 : arch/mips/boot/vmlinux.bin说明 : MIPS架构通常使用vmlinux.bin,某些情况下也会有压缩版本
PowerPC
镜像名 : zImage 或 uImage路径 : arch/powerpc/boot/zImage说明 : PowerPC使用zImage(压缩镜像)或uImage(U-Boot格式)
ARM32
镜像名 : zImage 或 uImage路径 : arch/arm/boot/zImage说明 : 32位ARM使用压缩的zImage格式
SPARC
镜像名 : zImage 或 vmlinux路径 : arch/sparc/boot/zImage
Alpha
查看所有可用的镜像目标
你可以通过以下命令查看特定架构支持的所有镜像格式:
1 2 3 4 5 make help | grep -A 10 "Architecture specific targets" make help
镜像格式说明
Image : 未压缩的内核镜像,主要用于ARM64和RISC-VzImage : 压缩的内核镜像,自解压,常用于ARM32、PowerPC等bzImage : “big zImage”,x86架构的压缩内核镜像uImage : U-Boot格式的内核镜像,包含加载地址等信息vmlinux : 未压缩的ELF格式内核镜像,主要用于调试
实际编译示例
对于不同架构,你可以明确指定要编译的镜像类型:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 make ARCH=riscv CROSS_COMPILE=riscv64-linux-gnu- -j$(nproc ) menuconfig scripts/config -e BLK_DEV_INITRD scripts/config -e DEVTMPFS scripts/config -e DEVTMPFS_MOUNT scripts/config -e TMPFS scripts/config -e SYSFS scripts/config -e PROC_FS scripts/config -e VIRTIO scripts/config -e VIRTIO_MMIO scripts/config -e NET scripts/config -e VIRTIO_NET scripts/config -e VIRTIO_CONSOLE scripts/config -e VIRTIO_BLK scripts/config -e SERIAL_8250 scripts/config -e SERIAL_8250_CONSOLE scripts/config -d VIRTIO_MMIO_CMDLINE_DEVICES make ARCH=riscv CROSS_COMPILE=riscv64-linux-gnu- -j$(nproc ) Image make ARCH=x86_64 CROSS_COMPILE=x86_64-linux-gnu- -j$(nproc ) menuconfig make ARCH=x86_64 CROSS_COMPILE=x86_64-linux-gnu- -j$(nproc ) bzImage make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- -j$(nproc ) defconfig make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- -j$(nproc ) menuconfig make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- -j$(nproc ) olddefconfig scripts/config -e BLK_DEV_INITRD scripts/config -e RD_GZIP scripts/config -e DEVTMPFS scripts/config -e DEVTMPFS_MOUNT scripts/config -e TMPFS scripts/config -e SYSFS scripts/config -e PROC_FS scripts/config -e SERIAL_AMBA_PL011 scripts/config -e SERIAL_AMBA_PL011_CONSOLE scripts/config -e VIRTIO scripts/config -e VIRTIO_MMIO scripts/config -e VIRTIO_MMIO_CMDLINE_DEVICES scripts/config -e NET scripts/config -e VIRTIO_NET make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- -j$(nproc ) Image dtbs make ARCH=arm CROSS_COMPILE=arm-buildroot-linux-gnueabihf- -j$(nproc ) vexpress_defconfig scripts/config -e BLK_DEV_INITRD -e DEVTMPFS -e DEVTMPFS_MOUNT -e TMPFS -e SERIAL_AMBA_PL011 -e ARM_APPENDED_DTB -e USE_OF -e ARM_ATAG_DTB_COMPAT -e ARM_ATAG_DTB_COMPAT_CMDLINE_FROM_BOOTLOADER -e SMP -e ARM_GIC -e CACHE_L2X0 -e AMBA -e ARM_TIMER_SP804 make ARCH=arm CROSS_COMPILE=arm-buildroot-linux-gnueabihf- -j$(nproc ) menuconfig make ARCH=arm CROSS_COMPILE=arm-buildroot-linux-gnueabihf- -j$(nproc ) zImage dtbs make ARCH=mips CROSS_COMPILE=mips-linux-gnu- menuconfig make ARCH=mips CROSS_COMPILE=mips-linux-gnu- vmlinux.bin
Busybox编译: Busybox下载:
1 2 wget https://busybox.net/downloads/busybox-1.36.1.tar.bz2 tar -jxvf busybox-1.36.1.tar.bz2
1 2 3 4 5 6 7 8 9 10 11 12 ➜ busybox-1.36.1 mkdir -p ./build/x86_64 ➜ busybox-1.36.1 make menuconfig ➜ busybox-1.36.1 make -j$(nproc ) ➜ busybox-1.36.1 make install
如果你的内核版本大于6.8.0编译可能会报错:https://lists.busybox.net/pipermail/busybox-cvs/2024-January/041752.html
只需要把tc.c移除或者禁用即可。
或者使用 patch 。
交叉编译只需要修改Cross complier prefix的值即可,比如aarch64-linux-gnu-。
Qemu 编译: QEMU编译步骤
1 2 3 4 5 6 7 8 9 10 11 12 13 wget https://download.qemu.org/qemu-10.2.3.tar.xz tar -xvf qemu-10.2.3.tar.xz cd qemu-10.2.3./configure --enable-kvm --enable-gtk --enable-spice --enable-usb-redir --enable-slirp --disable-werror make -j$(nproc ) sudo make install
注意事项
不同版本的QEMU可能对依赖库的要求略有不同
可以通过 ./configure --help 查看具体的编译选项
如果只需要特定架构支持,可以使用 --target-list 参数减少编译时间
某些功能需要相应的内核模块支持(如KVM需要加载kvm模块)
这些库足以支持QEMU的完整功能编译,包括各种虚拟化特性、图形界面、网络和存储支持等。
Buildroot 编译: 1 2 wget https://buildroot.org/downloads/buildroot-2025.02.4.tar.gz tar -xvf buildroot-2025.02.4.tar.gz
ARM64 Linux编译
查看可用的ARM64相关配置
1 2 3 4 5 6 7 ➜ buildroot-2025.02.4 make list-defconfigs | grep aarch64 make: Warning: File '/mnt/d/DM/linux_kernel_research/buildroot-2025.02.4/output/.br2-external.mk' has modification time 0.47 s in the future aarch64_efi_defconfig - Build for aarch64_efi qemu_aarch64_ebbr_defconfig - Build for qemu_aarch64_ebbr qemu_aarch64_sbsa_defconfig - Build for qemu_aarch64_sbsa qemu_aarch64_virt_defconfig - Build for qemu_aarch64_virt make: warning: Clock skew detected. Your build may be incomplete.
使用QEMU ARM64配置作为基础
1 ➜ buildroot-2025.02.4 make qemu_aarch64_virt_defconfig
运行配置界面进行定制
1 2 3 4 5 6 ➜ buildroot-2025.02.4 make menuconfig kernel-> filesystem->
make 即可,输出目录在output/images/
错误处理:
【1】
报错:
➜ buildroot-2025.02.4 make -j$(nproc)
成因:
没有对应sha256值用来校验。
解决方案:
第一种方法:添加对应值上去。
第二种方法:使用官方有的版本。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 ➜ buildroot-2025.02.4 cat ./linux/linux.hash sha256 c0a575630f2603a20bb0641f8df8f955e46c9d7ac1fae8b54b21316e6b52a254 linux-6.12.33.tar.xz sha256 0d79ff359635e9f009f1e330deed5f3aefd8c452b80660bffdc504b877797719 linux-6.6.93.tar.xz sha256 bc3c45faf6f5f0450666c75fa9dad9bc7c0cf7c7cba0dbd94e5cfdc58229c116 linux-6.1.141.tar.xz sha256 3d03eb798910f32929f7fda5a56e4bb1a121f10bde320d6f3063639c009313dc linux-5.15.185.tar.xz sha256 07c852940dc2dc03fe84f7fcf697648d7cba11c62d20504380492ba07aa46bb6 linux-5.10.238.tar.xz sha256 c879d0ba817aaa0fde318d58d7e1f141d9c29bd8569a96b73159ebc448077b99 linux-5.4.294.tar.xz sha256 fb0edc3c18e47d2b6974cb0880a0afb5c3fa08f50ee87dfdf24349405ea5f8ae linux-cip-5.10.162-cip24.tar.gz sha256 b5539243f187e3d478d76d44ae13aab83952c94b885ad889df6fa9997e16a441 linux-cip-5.10.162-cip24-rt10.tar.gz sha256 fb5a425bd3b3cd6071a3a9aff9909a859e7c1158d54d32e07658398cd67eb6a0 COPYING sha256 f6b78c087c3ebdf0f3c13415070dd480a3f35d8fc76f3d02180a407c1c812f79 LICENSES/preferred/GPL-2.0 sha256 8e378ab93586eb55135d3bc119cce787f7324f48394777d00c34fa3d0be3303f LICENSES/exceptions/Linux-syscall-note
Qemu 调试 Linux Kernel 我们使用 Linux 上的 Qemu。如果你使用 Windwos 的 Qemu 注意修改启动参数。
x86_64
首先在busybox文件夹创建一些系统文件:
1 mkdir -p lib tmp proc sys dev etc/init.d
(可选)然后编写一个内核模块(感兴趣看内核开发部分,或者可以从Pwn_kernel的内核模块开发部分简单了解),将其放在/lib/目录中。
编写一个init脚本,放在根目录即可。
1 2 3 4 5 6 7 8 9 10 11 #!/bin/sh echo "INIT SCRIPT" mount -t proc none /proc mount -t sysfs none /sys mount -t devtmpfs none /dev mount -t debugfs none /sys/kernel/debug mount -t tmpfs none /tmp insmod /lib/ko_test.ko echo -e "Boot took $(cut -d' ' -f1 /proc/uptime) seconds" setsid /bin/cttyhack setuidgid 0 /bin/sh poweroff -f
打包文件系统:
1 find . | cpio -o -H newc > ../rootfs.cpio
将编译好的/kernel/arch/x86/boot/bzImage复制到 rootfs.img 同级目录。之后便可以启动Qemu。
Linux启动脚本:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 #!/usr/bin/env bash set -euo pipefailcd "$(dirname "$0 " ) " extra_args=() if [[ "${1:-} " == "--gdb" ]]; then extra_args=(-S -gdb tcp:127.0.0.1:1234) fi qemu-system-x86_64 \ -m 256M \ -no-reboot \ -display none \ -serial mon:stdio \ -kernel ./bzImage \ -initrd ./rootfs_x86_64.cpio \ -append "rdinit=/init.sh rw console=ttyS0 oops=panic panic=1" \ -smp 2 \ -cpu qemu64 \ "${extra_args[@]} "
windwos pwsh 启动脚本。
1 2 3 4 5 6 7 8 9 qemu-system-x86_64 .exe ` -m 64 M ` -nographic ` -kernel .\bzImage ` -initrd .\rootfs.cpio ` -append "init=/init root=/dev/ram rw console=ttyS0 oops=panic panic=1 kaslr" ` -smp cores=2 ,threads=2 ` -cpu kvm64 ` -s
可以使用-append "init=/init"参数指定启动脚本,不指定则默认使用根目录下的init。我们这里养成良好习惯显示指定init脚本。
如果要调试用户态程序可以使用qemu的端口转发功能。假如我们在qemu内使用gdbserver监听了1337端口。
1 2 3 qemu-system-x86_64 \ -netdev user,id =net0,hostfwd=tcp::10001-:1337 \ -device virtio-net-pci,netdev=net0
这样我们可以从宿主机10001端口访问qemu内部的1337调试端口。
基本命令格式
1 2 3 qemu-system-x86_64 \ -netdev user,id =<网络标识>,hostfwd=<协议>:<宿主机IP>:<宿主机端口>-<虚拟机IP>:<虚拟机端口> \ -device <网卡驱动>,netdev=<网络标识>
关键参数说明
-netdev user
id=<网络标识>net0),用于关联后续 -device。
hostfwd=<规则>
端口转发规则,格式:
1 协议:宿主机IP:宿主机端口-虚拟机IP:虚拟机端口
协议:tcp 或 udp
IP 省略时默认绑定 0.0.0.0(any)
-device <网卡驱动>virtio-net-pci)。
调试工具
multiarch-gdbserver-static :调试内部程序用的静态编译的gdbserver。
ARM64
Linux 启动脚本:
1 2 3 4 5 6 7 8 9 qemu-system-aarch64 \ -M virt \ -cpu cortex-a53 \ -m 512 \ -nographic \ -kernel ./Image \ -initrd ./rootfs.cpio \ -append "console=ttyAMA0 rdinit=/init quiet" \ -s
RISC-V64
Linux 启动脚本
1 2 3 4 5 6 7 8 9 qemu-system-riscv64 \ -machine virt \ -cpu rv64 \ -m 512 \ -nographic \ -kernel ./Image \ -initrd ./rootfs.cpio \ -append "console=ttyS0 rdinit=/init quiet" \ -s
