finding arguments using other than argv
John Buck
john at polyof.UUCP
Thu Mar 9 07:50:49 AEST 1989
In article <2110 at cps3xx.UUCP>, usenet at cps3xx.UUCP (Usenet file owner) writes:
> Are a process' argc and argv keep anyplace other than on its stack? If
> so where, (like in the ublock, if so what element?)
> I've been writing a pseudo-ps under AIX and can find all the processes
> and there names are in the ublock in u_comm, but haven't found a lead
> yet as to where the args are kept.
As of AT&T Unix (System 5, Release 3), there is something in the
user structure (struct user, user.h) called u_psargs[...]. Typically,
this holds the first 80 bytes of arguments passed to the exec() call
for the process.
If you are on Berkeley Unix or some Pre-System V.3 system, the only way
to get the args is to search through the user stack. This can be
particularly difficult if the user block/user stack is swapped out.
You then have to go digging through the swap/paging area. The other
thing to keep in mind about getting arguments off the user stack is
that the process can scribble over the args and make it appear as
though the args aren't really there (or worse yet, masquerade as
some other program). Do not believe args you get from the user stack.
john at polyof.poly.edu [128.238.10.100]
john at polygraf.bitnet
trixie!polyof!john
More information about the Comp.unix.wizards
mailing list