[comp.unix.wizards] finding arguments using other than argv

usenet@cps3xx.UUCP (Usenet file owner) (03/08/89)

Are a process' argc and argv keep anyplace other than on its stack? If
so where, (like in the ublock, if so what element?)

I've been writing a pseudo-ps under AIX and can find all the processes
and there names are in the ublock in u_comm, but haven't found a lead
yet as to where the args are kept.

John H. Lawitzke      UUCP: Work: ...rutgers!mailrus!frith!fciiho!jhl
Michigan Farm Bureau              ...decvax!purdue!mailrus!frith!fciiho!jhl
Insurance Group                   ...uunet!frith!fciiho!jhl
                            Home: ...uunet!frith!fciiho!ipecac!jhl

john@polyof.UUCP ( John Buck ) (03/09/89)

In article <2110@cps3xx.UUCP>, usenet@cps3xx.UUCP (Usenet file owner) writes:
> Are a process' argc and argv keep anyplace other than on its stack? If
> so where, (like in the ublock, if so what element?)
> I've been writing a pseudo-ps under AIX and can find all the processes
> and there names are in the ublock in u_comm, but haven't found a lead
> yet as to where the args are kept.

As of AT&T Unix (System 5, Release 3), there is something in the
user structure (struct user, user.h) called u_psargs[...].  Typically,
this holds the first 80 bytes of arguments passed to the exec() call
for the process.

If you are on Berkeley Unix or some Pre-System V.3 system, the only way
to get the args is to search through the user stack.  This can be
particularly difficult if the user block/user stack is swapped out.
You then have to go digging through the swap/paging area.  The other
thing to keep in mind about getting arguments off the user stack is
that the process can scribble over the args and make it appear as
though the args aren't really there (or worse yet, masquerade as
some other program).  Do not believe args you get from the user stack.

john@polyof.poly.edu [128.238.10.100]
john@polygraf.bitnet
trixie!polyof!john

ed@mtxinu.COM (Ed Gould) (03/09/89)

>Are a process' argc and argv keep anyplace other than on its stack? If
>so where, (like in the ublock, if so what element?)

No, a process' arguments live only within its address space.  Note,
too, that the process is free to muck with them in any way it pleases,
so things like ps don't always report the arguments with which a
process was started.

-- 
Ed Gould                    mt Xinu, 2560 Ninth St., Berkeley, CA  94710  USA
ed@mtxinu.COM		    +1 415 644 0146

"I'll fight them as a woman, not a lady.  I'll fight them as an engineer."