File Recovery with process in proc
Recovering a Deleted Binary Using /proc
Lets dig the Power of /proc
Question : Even after deleting a running binary on Linux, it can still be recovered! ?
Yes today we are going to see about that only when ever we run a process in linux all come in the folder called /proc
basically in linx “Every thing is an file” what ever it is what ever hardware even process when ever we create an process mean run and process the linux will create an folder with respective pid of that process and in that folder we can able to see all the things about that file and what is what of that process by using this feature we can able to recover the binary file
Example proc folder strcture of htop
So here you can see ther is file called exe so that is our executable of that htop binary when cat that file and pipe
into an file
1
cat /proc/<pid>/exe > recoveryfile
we can able get the file and it work this is how the linx system process and files even file discriptor and other things
Here is the practical video