Page:
Bash Dump History
Pages
APT WhatProvides
Apache wpadmin
Arch Default Kernel
Arch Kernel Order
Bash Add fd
Bash Dump History
Bash Trim Whitespace
CPU Stats
CSS Reset
DB2 Info
Debian Upgrade
Dell OpenManage
Diff Lines
Favicon Things
Find Examples
Forgejo Syntax Highlight
Git Combine Repos
Git Multi SSH
Git Quickstart
Git Rewrite User
GitLab Anchors
Gitea Mirror
Glibc IPv4
GnuPG Things
Home
IMAP Sync
IPv4 Default Gateway
IPv4 Default IP
KRB5 Empty Keytab
Kernel Boot Debug
Kernel Decompress
LICENSE
LUKS Encrypted Partitions
Linux Valid Usernames
Loopback FS
MP3 Get Tags
MX Tarpit
Makefile Template
Markdown Samples
Mount OVA
Mount qcow2
MySQL Connections
NFS 10G Tuning
Netcat Replacements
PAM Namespace
Postfix Headers
Proxmox Doodads
RPM Info
Radeon Temperature
Recover Deleted ext3
Recursive Unzip
Roku Info
SSH RSA Support
SSL Certgen
Samba OSX
Server Notes
Smem Datamash
Split Disk
TCP Kill
Thunderbird LDAP AD
Weechat Quickstart
YTM to Textbox
YUM Disablerepos
systemd PID1
uBlock Filters
udev Hide Partitions
No results
2
Bash Dump History
tengel edited this page 2024-09-05 07:43:21 -05:00
Using gdb to trigger the internal bash function to write out it's history still in memory but not on disk
#!/usr/bin/env bash
# Given the PID of an active bash process, dump it's history
# using gdb and the function within bash named write_history()
# to a temp file.
# Input is the running PID of the bash process to dump
BPID=$1
gdb --batch --eval "attach ${BPID}" \
--eval "call (int)write_history(\"/tmp/bash_history-${BPID}.txt\")" \
--eval 'detach' --eval 'q'
echo "Wrote /tmp/bash_history-${BPID}.txt"
# example:
# ./dump_bash_history.sh 1019
# 0x00007f80483e506b in waitpid () from /usr/lib/libc.so.6
# $1 = 0
# [Inferior 1 (process 1019) detached]
# Wrote /tmp/bash_history-1019.txt
# http://git.savannah.gnu.org/cgit/bash.git/tree/lib/readline/histfile.c#n784
# /* Overwrite FILENAME with the current history. If FILENAME is NULL,
# then write the history list to ~/.history. Values returned
# are as in read_history ().*/
# int
# write_history (const char *filename)
# {
# return (history_do_write (filename, history_length, HISTORY_OVERWRITE));
# }
Index
- APT WhatProvides
- Apache wpadmin
- Arch Default Kernel
- Arch Kernel Order
- Bash Add fd
- Bash Dump History
- Bash Trim Whitespace
- CPU Stats
- CSS Reset
- DB2 Info
- Debian Upgrade
- Dell OpenManage
- Diff Lines
- Favicon Things
- Find Examples
- Forgejo Syntax Highlight
- Git Combine Repos
- Git Multi SSH
- Git Quickstart
- Git Rewrite User
- Gitea Mirror
- GitLab Anchors
- Glibc IPv4
- GnuPG Things
- IMAP Sync
- IPv4 Default Gateway
- IPv4 Default IP
- KRB5 Empty Keytab
- Kernel Boot Debug
- Kernel Decompress
- LUKS Encrypted Partitions
- Linux Valid Usernames
- Loopback FS
- MP3 Get Tags
- MX Tarpit
- Makefile Template
- Markdown Samples
- Mount OVA
- Mount qcow2
- MySQL Connections
- NFS 10G Tuning
- Netcat Replacements
- PAM Namespace
- Postfix Headers
- Proxmox Doodads
- RPM Info
- Radeon Temperature
- Recover Deleted ext3
- Recursive Unzip
- Roku Info
- SSH RSA Support
- SSL Certgen
- Samba OSX
- Server Notes
- Smem Datamash
- Split Disk
- systemd PID1
- TCP Kill
- Thunderbird LDAP AD
- uBlock Filters
- udev Hide Partitions
- Weechat Quickstart
- YTM to Textbox
- YUM Disablerepos
- SPDX-License-Identifier: CC-BY-SA-4.0
- SPDX-License-Identifier: MIT