I have by accident overwritten a very complex bash script, where I tried to implement scoping and threading in a tidy way.
Now the same script is still running but the file is no more, question is:
Is it possible to scan through the ram and find the sting representation of the file itself ?
Another problem is: I can't find the /dev/mem or /dev/kmem file, already tried to grep it for contents.
To the environment: It's a debian/sid machine (vps) hostet on vpsfx.com
root@heisenberg:~# ls -a /dev . kmsg ptyp2 ptyp9 random tty1 tty5 ttyp2 ttyp9 urandom .. log ptyp3 ptypa shm tty10 tty6 ttyp3 ttypa xconsole .udev null ptyp4 ptypb stderr tty11 tty7 ttyp4 ttypb zero char ptmx ptyp5 ptypc stdin tty12 tty8 ttyp5 ttypc console pts ptyp6 ptypd stdout tty2 tty9 ttyp6 ttypd fd ptyp0 ptyp7 ptype tty tty3 ttyp0 ttyp7 ttype full ptyp1 ptyp8 ptypf tty0 tty4 ttyp1 ttyp8 ttypf
Best Answer
Have a look at /proc/$PID/fd. There you should have all the file descriptors openned by the process, including the script itself. Just
cat $FD > /tmp/yourscript.shshould be enough to recover it.