472,135 Members | 1,325 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,135 software developers and data experts.

how dump a program which is running in memory

hi
I have written a service running backgroud to do something in linux.
unfortunately,I deleted the source code by mistake, and I can still
see the process running background using "ps aux" :

username 13820 0.0 0.0 60368 2964 ? S Aug20 0:33
python ./UpdateJobStatus.py
I wonder if there is some way to dump the programme
"UpdateJobStatus.py" and get the source code back?
Thanks a lot.
Sep 11 '08 #1
2 2517
ruqiang826 wrote:
hi
I have written a service running backgroud to do something in linux.
unfortunatelyI deleted the source code by mistake, and I can still
see the process running background using "ps aux" :

username 13820 0.0 0.0 60368 2964 ? S Aug20 0:33
python ./UpdateJobStatus.py
I wonder if there is some way to dump the programme
"UpdateJobStatus.py" and get the source code back?
Often, there is a way by accessing /proc/{pid}/fd/

But I believe you're out of luck with this method because apparently the
Python interpreter closes the source file after parsing it.

You can still try to find an undeletion utility for your filesystem.
Avoid writing to disk in the meantime to not overwrite the deleted file
accidentally, of course. There's such a utility for ext2, but I don't
know if that works ok with ext3. For other filesystems, I have no idea.

-- Gerhard

Sep 11 '08 #2
On Thu, 11 Sep 2008 02:31:23 -0700 (PDT), ruqiang826 wrote:
I have written a service running backgroud to do something in linux.
unfortunately,I deleted the source code by mistake, and I can still
see the process running background using "ps aux" :

username 13820 0.0 0.0 60368 2964 ? S Aug20 0:33
python ./UpdateJobStatus.py
I wonder if there is some way to dump the programme
"UpdateJobStatus.py" and get the source code back?
The best way to do it would be to undelete the file,
just as Gerhard suggested.

If you remember any line (or piece) of code from the UpdateJobStatus.py
file you can try to dump the /dev/mem to the hard disk, and then grep
through it (remember that you need root priviledges to access /dev/mem).

I tried it with this code:

http://www.mail-archive.com/li******.../msg03696.html

with a small modification of this line:
nvram = (strtol(argv[1], 0, 0)) << 16;
changed to:
nvram = (strtol(argv[1], 0, 0));

After compilation I just did:
../a.out 0x0 0xffffffff memdump
to get the memory dump.

I am not a memory expert, but 0xffffffff should be enough
for <= 4GB of RAM. If you got more, increase it.

And to make it clear: I do not recommend this way of sorting
things out :)

--
Regards,
Wojtek Walczak,
http://tosh.pl/gminick/
Sep 11 '08 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Ravi Tallury | last post: by
3 posts views Thread by Nick Craig-Wood | last post: by
2 posts views Thread by John Liu | last post: by
1 post views Thread by QQ | last post: by
9 posts views Thread by Microsoft News Server | last post: by
5 posts views Thread by Allin Cottrell | last post: by
2 posts views Thread by erfan | last post: by
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.