Is it possible to recover a running VBScript file, if the original file was already deleted?
I have one Vbscript which runs continuously on my system to monitor a web page on Internet Explorer.
I have permanently deleted this Vbscript file from its original location on system by mistake, However the script is still in RAM and is still running and monitoring the web page.
This script is very important to me but I have lost it :(
I want to know if there is any way by which I can recover the code of Vbscript file from system's RAM or any temporary file as the script is still running.
I am not allowed to use any file recovery software, so please don't suggest to install any third party data recovery software.
Try using 'ADPlus.vbs' script from WinDbg: 1. http://msdn.microsoft.com/en-us/windows/hardware/hh852365 2. http://support.microsoft.com/kb/286350
As the code was running, I followed the below process to recover the running code:
- Go to Task Manager
- Select the process and create dump
- Open online dump analyser (www.osronline.com)
- Upload dump file
- Download the dump analysis
The dump analysis provided almost 95% of the correct code. Code within some loops were distorted or changed. As I was the owner of the code I was able to correct it.
Use HxD, it can view all ram content relative to any process at fly. It is commonly used to hack currently running games etc.
After locating your script, it might be needed to clear alphanumeric mess between your code, N++ and regex knowledge may be useful.