进程文件恢复

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了进程文件恢复相关的知识,希望对你有一定的参考价值。

被删的进程文件恢复

(找FD恢复)
以/var/log/messages为例:

[[email protected] ~]# lsof |grep messages
rsyslogd  5764         root    6w      REG                8,3    240631   17815676 /var/log/messages
in:imjour 5764 5777    root    6w      REG                8,3    240631   17815676 /var/log/messages 
rs:main   5764 5778    root    6w      REG                8,3    240631   17815676 /var/log/messages 
##可以看出pid为5764,FD为6

##试验时最好做好备份
[[email protected] ~]# rm -fr /var/log/messages   

[[email protected] ~]# lsof |grep messages
rsyslogd  5764         root    6w      REG                8,3    240631   17815676 /var/log/messages (deleted)
in:imjour 5764 5777    root    6w      REG                8,3    240631   17815676 /var/log/messages (deleted)
rs:main   5764 5778    root    6w      REG                8,3    240631   17815676 /var/log/messages (deleted)
##显示删除状态

[[email protected] ~]# cd /proc/5764/fd
[[email protected] fd]# ls
0  1  10  2  3  4  5  6  7  8  9

#查看内容是否一致
[[email protected] fd]# cat 6
..........
illed)
Mar 21 21:42:11 localhost systemd: Reached target Sound Card.
Mar 21 21:43:09 localhost chronyd[5453]: Selected source 5.79.108.34
Mar 21 21:45:19 localhost chronyd[5453]: Selected source 173.255.246.13
Mar 21 21:52:21 localhost dhclient[5616]: DHCPREQUEST on eth0 to 192.168.20.254 port 67 (xid=0x1c5abf1e)
Mar 21 21:52:21 localhost dhclient[5616]: DHCPACK from 192.168.20.254 (xid=0x1c5abf1e)
Mar 21 21:52:24 localhost dhclient[5616]: bound to 192.168.20.128 -- renewal in 890 seconds.
Mar 21 21:54:43 localhost systemd: Starting Cleanup of Temporary Directories...
Mar 21 21:54:43 localhost systemd: Started Cleanup of Temporary Directories.

##cp到/var/log/messages就行了
[[email protected] fd]# cp /proc/5764/fd/6 /var/log/messages
[[email protected] fd]# tail /var/log/messages
Mar 21 21:40:14 localhost systemd: Created slice User Slice of root.
Mar 21 21:40:14 localhost systemd: Started Session 1 of user root.
Mar 21 21:40:14 localhost systemd-logind: New session 1 of user root.
Mar 21 21:40:14 localhost systemd-udevd: worker [2639] /devices/pci0000:00/0000:00:11.0/0000:02:03.0/sound/card0 is taking a long time
Mar 21 21:42:03 localhost chronyd[5453]: Selected source 78.46.102.180
Mar 21 21:42:11 localhost systemd-udevd: worker [2639] /devices/pci0000:00/0000:00:11.0/0000:02:03.0/sound/card0 timeout; kill it
Mar 21 21:42:11 localhost systemd-udevd: seq 3926 ‘/devices/pci0000:00/0000:00:11.0/0000:02:03.0/sound/card0‘ killed
Mar 21 21:42:11 localhost systemd-udevd: worker [2639] terminated by signal 9 (Killed)
Mar 21 21:42:11 localhost systemd: Reached target Sound Card.
Mar 21 21:43:09 localhost chronyd[5453]: Selected source 5.79.108.34

提示:希望你们都用不着(提前备份)

以上是关于进程文件恢复的主要内容,如果未能解决你的问题,请参考以下文章

恢复片段后android地图停止响应

为啥片段恢复后再次调用onLoadFinished?

在 Python 多处理进程中运行较慢的 OpenCV 代码片段

Android 逆向Android 进程注入工具开发 ( Visual Studio 开发 Android NDK 应用 | Visual Studio 中 SDK 和 NDK 安装位置 )(代码片段

java 简单的代码片段,展示如何将javaagent附加到运行JVM进程

代码片段:Shell脚本实现重复执行和多进程