Is it possible to retrieve the content of a running bash script from RAM
Have a look at /proc/$PID/fd. There you should have all the file descriptors openned by the process, including the script itself. Just cat $FD > /tmp/yourscript.sh should be enough to recover it.
Assuming that the OP really meant from RAM and not any possible way, and assuming that the process in which the script was executed has zero core file limit (which is usually the default setting, cat /proc/PID/limits), then you need to attach to the process and either set the core limit to a large enough value to include the process image and the use the ABRT signal to generate the core file, or use a tool such as gdb that can attach to a process and generate a core image of the process from RAM.
- Install
gdb
In some shell with same ownership as the running script or root ownership:
- Do
ps axto find the process id (PID) gdb -p PID
Note that this will stop the process execution from continuing but not remove it from the process table.
- In gdb, issue the command
generate-core-file
gdb should repond with something like Saved corefile core.15113, assuming that PID is 15113.
- In gdb, issue the command
detach
Your script will continue (resume) running.
- In gdb, issue the command
quit - In shell, run
strings core.15113 > my_script.sh
Open the my_script.sh in some editor. Your script text should be towards the end of the file before the environment section. Use the editor to scrape off the sections before and after the script.
Test this solution on another script before you use it on your prize script. YMMV.
The sequence looks like this:
yba@tavas:~$ gdb -p 15113
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Attaching to process 15113
Reading symbols from /bin/bash...(no debugging symbols found)...done.
Reading symbols from /lib/x86_64-linux-gnu/libtinfo.so.5...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libtinfo.so.5
Reading symbols from /lib/x86_64-linux-gnu/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libdl.so.2
Reading symbols from /lib/x86_64-linux-gnu/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/x86_64-linux-gnu/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
0x00007feaf4b4c7be in waitpid () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) generate-core-file
Saved corefile core.15113
(gdb) detach
Detaching from program: /bin/bash, process 15113
(gdb) quit
yba@tavas:~$