windows下利用binwalk解壓縮initramfs

windows下利用binwalk解壓縮initramfs
1、python Python下載-Python官方版下載[編程工具]-華軍軟件園https://www.onlinedown.net/soft/14542.htm

勾選最下面的Add python.exe to PATH，然後選擇自定義安裝，安裝到D:\Python312-32目錄，勾選添加到環境變量。

python環境變量設置.vbs

dim msg
msg=msgbox("運行腳本將會改寫環境變量，確定運行嗎？",vbokcancel+vbexclamation,"運行腳本確認")
if msg=vbok then
dim wsh
Set wsh = WScript.CreateObject("WScript.Shell")
wsh.Environment("system").Item("path")="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;%ProgramFiles(x86)%\7-Zip;%ProgramFiles%\7-Zip;D:\Python312-32\;D:\Python312-32\Scripts"
'wsh.Environment("user").Item("path")="%USERPROFILE%\AppData\Local\Microsoft\WindowsApps;%ProgramFiles(x86)%\7-Zip;%ProgramFiles%\7-Zip"
end if
msg2=msgbox("環境變量已修改,建議重啓下explorer的shell。",vbokcancel+vbexclamation,"環境變量已修改")

 

2、按照教程安裝binwalk for windows：

Windows平臺下安裝binwalk_binwalk下載_煙雨天青色的博客-CSDN博客
https://blog.csdn.net/qq_38603541/article/details/126557575

安裝binwalk2.3.2.bat

@echo off
rem 把python安裝到D:\Python312-32\，在系統變量中添加D:\Python312-32\;D:\Python312-32\Scripts
cd /d F:\bak\cpio_for_windows\binwalk-2.3.2
python.exe setup.py install
cd /d D:\Python312-32\Scripts
python.exe binwalk -h
echo 完成
echo 運行示例：python.exe D:\Python312-32\Scripts\binwalk J:\initramfs\initrd.lz
&pause

3、在windows下運行binwalk查看initrd隱藏的數據地址：

cd /d J:\initramfs
python.exe D:\Python312-32\Scripts\binwalk J:\initramfs\initrd.lz

J:\initramfs>python.exe D:\Python312-32\Scripts\binwalk J:\initramfs\initrd.lz

DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000"
120 0x78 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000"
244 0xF4 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000"
376 0x178 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/.enuineIntel.align.0123456789abc", file name length: "0x00000036", file size: "0x00000000"
540 0x21C ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/GenuineIntel.bin", file name length: "0x00000026", file size: "0x00696000"
6906544 0x6962B0 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
6906880 0x696400 gzip compressed data, from Unix, last modified: 2023-04-27 07:39:43
28509790 0x1B3065E gzip compressed data, from NTFS filesystem (NT), last modified: 1970-01-01 00:00:00 (null date)
28705404 0x1B6027C gzip compressed data, from NTFS filesystem (NT), last modified: 1970-01-01 00:00:00 (null date)
28746257 0x1B6A211 gzip compressed data, from NTFS filesystem (NT), last modified: 1970-01-01 00:00:00 (null date)
36012220 0x22580BC LZ4 compressed data, legacy

4、ubuntu 下的文件系統initramfs解壓縮_lsinitramfs_Robert_Y_Zhang的博客-CSDN博客
https://blog.csdn.net/weixin_40191420/article/details/107486888

5、進入ubuntu中，運行命令提取initrd中隱藏的壓縮文件。
cd /d J:\initramfs
dd if=initrd.lz bs=6906880 skip=1 | zcat | cpio -id --no-absolute-filenames -v

cd /d J:\linux2\Mageia
dd if=initrd.img bs=3690496 skip=1 | xzcat | cpio -id --no-absolute-filenames -v

zcat 支持處理不同類型的文件，以There are plenty of filetypes available with zcat, so you can handle tar, cpio, dmg, jar 等文件。

要記住的最後一件事是，zcat 只能用來處理 gzip 文件，如果你想處理其他文件，比如 xz 文件，你可以使用 xzcat 代替 zcat。 zcat 命令是一個極其強大的文件壓縮/解壓縮工具，它能夠處理 .gz 文件，並且還支持多種文件類型，例如 tar、cpio 等。它的使用非常簡單，用戶只需要在終端中輸入 zcat 相關命令，即可處理你想要的解壓縮文件。