Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!rutgers!topaz.rutgers.edu!ron
From: ron@topaz.rutgers.edu (Ron Natalie)
Newsgroups: comp.unix.wizards
Subject: Re: Using argv to show process status
Message-ID: <14136@topaz.rutgers.edu>
Date: Fri, 21-Aug-87 13:29:26 EDT
Article-I.D.: topaz.14136
Posted: Fri Aug 21 13:29:26 1987
Date-Received: Sun, 23-Aug-87 01:45:16 EDT
References: <1217@mhres.mh.nl>
Organization: Rutgers Univ., New Brunswick, N.J.
Lines: 12
Keywords: argv ps

On MOST UNIXs the arguments to a program are not stored anywhere
other than being placed (usually at the top of the stack) in the
memory image of the invoked program.  PS tries to be clever by
looking around in memory (and on the paging disk if necessary)
for the arguments.  On most UNIXs the stack is easy to find, so
PS just scans the stack reassembling the arguments, hence it
can be fooled by overwriting those arguments with something else.
It used to be fun to make PS core dump by poking the 0 at the end
of the arglist with something else.  PS is a little more robust
now.

-Ron