how dump a program which is running in memory
gminick at bzt.bzt
Thu Sep 11 14:43:20 CEST 2008
On Thu, 11 Sep 2008 02:31:23 -0700 (PDT), ruqiang826 wrote:
> I have written a service running backgroud to do something in linux.
> unfortunately$B!$(BI deleted the source code by mistake, and I can still
> see the process running background using "ps aux" :
> username 13820 0.0 0.0 60368 2964 ? S Aug20 0:33
> python ./UpdateJobStatus.py
> I wonder if there is some way to dump the programme
> "UpdateJobStatus.py" and get the source code back?
The best way to do it would be to undelete the file,
just as Gerhard suggested.
If you remember any line (or piece) of code from the UpdateJobStatus.py
file you can try to dump the /dev/mem to the hard disk, and then grep
through it (remember that you need root priviledges to access /dev/mem).
I tried it with this code:
with a small modification of this line:
nvram = (strtol(argv, 0, 0)) << 16;
nvram = (strtol(argv, 0, 0));
After compilation I just did:
./a.out 0x0 0xffffffff > memdump
to get the memory dump.
I am not a memory expert, but 0xffffffff should be enough
for <= 4GB of RAM. If you got more, increase it.
And to make it clear: I do not recommend this way of sorting
things out :)
More information about the Python-list