| View previous topic :: View next topic |
| Author |
Message |
skunk
l33t
Joined: 28 May 2003
Posts: 646
Location: granada, spain
|
 Posted: Sat Aug 02, 2014 12:45 pm Post subject: recover deleted (but running) executable |
 |
|
hi all,
i've accidentally deleted a still running executable and i've thought it could be restored simply copying /proc/$PID/exe, but it's not because it's a (broken) symlink to the deleted file...
with lsof i can still see the inode of the file, so my questions are: is it possible to hardlink the inode? how?
if not, is there any other way to recover the executable?
thank you |
|
| Back to top |
|
 |
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
| Posted: Sat Aug 02, 2014 3:59 pm Post subject: |
|
|
Does this help?
FYI.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
|
skunk
l33t
Joined: 28 May 2003
Posts: 646
Location: granada, spain
|
| Posted: Sat Aug 02, 2014 5:00 pm Post subject: |
|
|
unfortunately i had to reboot, so i finally had to rebuild the deleted executable...
but for the sake to try and learning something new (at least for me), i've replicated the situation:
| Code: | $ ls -li test
28454299 -rwxr-xr-x 1 skunk skunk 5613016 Aug 2 18:31 test
$ ./test &
$ rm test
$ ps ax|grep test
18866 pts/8 Sl+ 0:08 ./test
lsof -p18866|grep /home/skunk/test
test 18866 skunk txt REG 8,3 5613016 28454299 /home/skunk/test (deleted)
# debugfs -w /dev/sda3
debugfs 1.42.10 (18-May-2014)
debugfs: logdump -i <28454299>
Inode 28454299 is at group 3473, block 113771148, offset 3328
Journal starts at block 24724, transaction 12843711
No magic number at block 27541: end of journal.
# mount|grep debugfs
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
|
filesystem is ext4, do i need CONFIG_EXT4_DEBUG enabled? |
|
| Back to top |
|
|
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
| Posted: Fri Aug 15, 2014 8:38 pm Post subject: |
|
|
| skunk wrote: | | filesystem is ext4, do i need CONFIG_EXT4_DEBUG enabled? |
I really have no idea as I never had to test it. As an alternate solution you also have testdisk as explained in the article I linked to.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Other Things Gentoo
