Thanks unSpawn. That's great to know lsof can do that. After looking at bash source code, I see why I should have a 255 fd open
/* Open the script. But try to move the file descriptor to a randomly
large one, in the hopes that any descriptors used by the script will
not match with ours. */
fd = move_to_high_fd (fd, 0, -1);
Unfortunately, I don't have a 255 fd open any longer. The only hope I see is to find the buffer in-memory. I have plenty of space if I could dump all of the mem. Not sure if the buffer would be in the heap or not...
Fedora 10 - 2.6.27.37-170.2.104.fc10.x86_64
lircNetRe 8377 root 1u CHR 136,0 0t0 2 /dev/pts/0 (deleted)
lircNetRe 8377 root 2u CHR 136,0 0t0 2 /dev/pts/0 (deleted)
socat 8384 root 2u CHR 136,0 0t0 2 /dev/pts/0 (deleted)
lircNetRe 8386 root 2u CHR 136,0 0t0 2 /dev/pts/0 (deleted)
r:~/projects/memtools/Linux_Memory_Tools-0.2> ls -l /proc/8377/fd
total 0
lr-x------ 1 root root 64 2009-11-01 06:59 0 -> /dev/null
lrwx------ 1 root root 64 2009-11-01 06:59 1 -> /dev/pts/0 (deleted)
lrwx------ 1 root root 64 2009-11-01 06:59 2 -> /dev/pts/0 (deleted)
r:~/projects/memtools/Linux_Memory_Tools-0.2> ls -l /proc/8386/fd
total 0
lr-x------ 1 root root 64 2009-11-01 06:59 0 -> pipe:[74956]
l-wx------ 1 root root 64 2009-11-01 06:59 1 -> /var/log/lircNetRecv.log
lrwx------ 1 root root 64 2009-11-01 06:59 2 -> /dev/pts/0 (deleted)
1 0 8377 1 20 0 87752 1204 wait S ? 0:00 /bin/bash /usr/local/bin/lircNetRecv
0 0 8384 8377 20 0 40844 1256 select S ? 0:00 \_ socat -u UDP4-DATAGRAM:224.255.0.1:6666,bind=:6666,ip-add-membership=224.255.0.1:eth0 -
1 0 8386 8377 20 0 0 0 utrace T ? 0:00 \_ /bin/bash /usr/local/bin/lircNetRecv