1

If a python script is executed in Linux, it will go to RAM and will be executed from there. Once it has executed and completed its task.

Will python script code be immediately removed from RAM or will it stay their until computer needs that RAM space for any other task?

If someone runs a malicious python script and suppose RAM space is not required for any other task, then using RAM dump I want to get that python script.

Its part of a research work, I only want answer to the question mentioned above.

Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343
Taimour
  • 459
  • 5
  • 21
  • https://stackoverflow.com/a/31015993/8150371 – Stack Feb 03 '18 at 07:12
  • That question is about a python script which has not stopped and is still running in memory. My question is different. – Taimour Feb 03 '18 at 10:22
  • Are you searching for the source code of a python script that is still running in RAM @Taimour ? – John Moutafis Feb 05 '18 at 11:55
  • 2
    Memory is freed and cleared by the OS. If you can still access that memory to recover *anything*, that'd be a huge security hole. This is not specific to Python. While running you can recover the *bytecode* for the code being run, and you could reverse that to a reasonable facsimile of the original source code, but once the program has exited the memory is gone, wiped, and can't be recovered. Further questions about the security of freed memory of a Linux process should really be directed to [Information Security SE](https://security.stackexchange.com/help/on-topic). – Martijn Pieters Feb 05 '18 at 13:22
  • @JohnMoutafis No, I am searching for python script which is not running. Actually, I was not searching anything in RAM because for me searching in RAM doesn't makes sense in my case. A reviewer told me to do it, that is why I posted this question here before doing it. – Taimour Feb 06 '18 at 04:14
  • I closed this post as a duplicate when I commented, no answers can be posted beyond that point. – Martijn Pieters Feb 12 '18 at 08:53
  • @MartijnPieters alright – Taimour Feb 12 '18 at 16:47

1 Answers1

0

I don't know whether I am correct or not, but RAM memory contains data of executable image which includes opcodes and other data available as image section data. A script is not self-executable. It needs some interpreter to execute.(For example cmd.exe for .bat script,php.exe for php, perl.exe for perl script).These application (a) either generate the compiled instruction of script and then execute it or (b) generate opcodes then run it.

However, your problem is about malicious script. You can use a monitoring app to detect what interpreter runs. This type of app also notify you when any script wants to be executed.

Junaid Jamil
  • 63
  • 1
  • 1
  • 14