Vivek Seth vivekseth

How to recover lost Python source code if it's still resident in-memory

I screwed up using git ("git checkout --" on the wrong file) and managed to delete the code I had just written... but it was still running in a process in a docker container. Here's how I got it back, using https://pypi.python.org/pypi/pyrasite/ and https://pypi.python.org/pypi/uncompyle6

apt-get update && apt-get install gdb

	.section __TEXT,__text,regular,pure_instructions
	.build_version macos, 10, 15 sdk_version 10, 15, 4
	.globl _runStringAsCode ## -- Begin function runStringAsCode
	.p2align 4, 0x90
	_runStringAsCode: ## @runStringAsCode
	.cfi_startproc
	## %bb.0:
	pushq %rbp
	.cfi_def_cfa_offset 16
	.cfi_offset %rbp, -16

	.section __TEXT,__text,regular,pure_instructions
	.build_version macos, 10, 15 sdk_version 10, 15, 4
	.globl _runStringAsCode ## -- Begin function runStringAsCode
	.p2align 4, 0x90
	_runStringAsCode: ## @runStringAsCode
	.cfi_startproc
	## %bb.0:
	pushq %rbp
	.cfi_def_cfa_offset 16
	.cfi_offset %rbp, -16

	#include <stdio.h>

	/*

	# Jump Address Hacking to Execute Code Stored as a String

	Operating systems typically give each process a virtual address space ranging from 0x0000000000000000 to 0xffffffffffffffff on a 64bit machine. This memory range is divded up in muliple sections. Usually there are at least two: .DATA and .TEXT.

	Memory in .DATA is read/write, but cannot be executed. Similarly, memory in .TEXT is read/exec but cannot be written to. This security measure is called "W xor X" and prevents a malicious user from injecting new code into a running process. This does not prevent a malicious user from manipulating a program to run code that already exists when it shouldn't.

	var HEIGHT = 600;
	var WIDTH = 600;

	var body = document.body;
	body.style.margin = 0;
	body.style.backgroundColor = '#eee';

	var canvas = document.getElementById('canvas')
	canvas.style.position = 'absolute'
	canvas.style.top = '50%';