#-------------------------Kernels-------------------------------------

# Linux kernel boot images, from Albert Cahalan <acahalan@cs.uml.edu>
# and others such as Axel Kohlmeyer <akohlmey@rincewind.chemie.uni-ulm.de>
# and Nicolas Lichtmaier <nick@debian.org>
# All known start with: b8 c0 07 8e d8 b8 00 90 8e c0 b9 00 01 29 f6 29
0       string      \xb8\xc0\x07\x8e\xd8\xb8\x00\x90\x8e\xc0\xb9\x00\x01\x29\xf6\x29    Linux kernel boot image
>514    string      !HdrS                                                               {invalid}

# Finds and prints Linux kernel strings in raw Linux kernels (output like uname -a).
# Commonly found in decompressed embedded kernel binaries.
0       string      Linux\x20version\x20    Linux kernel version
>14     byte        >0x33                   {invalid}
>14     byte        <0x32                   {invalid}
>14     string      x                       %.6s

# Linux ARM compressed kernel image
# Starts with 8 NOPs, with 0x016F2818 at offset 0x24
36  ulelong 0x016F2818                      Linux kernel ARM boot executable zImage (little-endian)
>0  ulelong !0xE1A00000                     {invalid}(invalid)
>4  ulelong !0xE1A00000                     {invalid}(invalid)
>8  ulelong !0xE1A00000                     {invalid}(invalid)
>12 ulelong !0xE1A00000                     {invalid}(invalid)
>16 ulelong !0xE1A00000                     {invalid}(invalid)
>20 ulelong !0xE1A00000                     {invalid}(invalid)
>24 ulelong !0xE1A00000                     {invalid}(invalid)
>28 ulelong !0xE1A00000                     {invalid}(invalid)

36  ubelong 0x016F2818                      Linux kernel ARM boot executable zImage (big-endian)
>0  ubelong !0xE1A00000                     {invalid}(invalid)
>4  ubelong !0xE1A00000                     {invalid}(invalid)
>8  ubelong !0xE1A00000                     {invalid}(invalid)
>12 ubelong !0xE1A00000                     {invalid}(invalid)
>16 ubelong !0xE1A00000                     {invalid}(invalid)
>20 ubelong !0xE1A00000                     {invalid}(invalid)
>24 ubelong !0xE1A00000                     {invalid}(invalid)
>28 ubelong !0xE1A00000                     {invalid}(invalid)

# Linux ARM64 kernel image
# Header defined through https://www.kernel.org/doc/Documentation/arm64/booting.txt
56  string    ARMd                          Linux kernel ARM64 image,
# Reserved fields
>32 ulequad   !0                            {invalid}
>40 ulequad   !0                            {invalid}
>48 ulequad   !0                            {invalid}
# Information
>8  ulelong   x                             load offset: 0x%x,
>16 ulelong   x                             image size: %d bytes,
# Flags
>24 ulequad&1 0                             little endian,
>24 ulequad&1 1                             big endian,
>24 ulequad&6 2                             4k page size,
>24 ulequad&6 4                             16k page size,
>24 ulequad&6 6                             64k page size,
>24 ulequad&8 0                             place kernel close to DRAM base