Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!mit-eddie!ll-xn!ames!oliveb!sun!gorodish!guy
From: guy%gorodish@Sun.COM (Guy Harris)
Newsgroups: comp.unix.wizards
Subject: Re: Using argv to show process status
Message-ID: <26252@sun.uucp>
Date: Fri, 21-Aug-87 15:22:17 EDT
Article-I.D.: sun.26252
Posted: Fri Aug 21 15:22:17 1987
Date-Received: Sun, 23-Aug-87 04:33:25 EDT
References: <1217@mhres.mh.nl>
Sender: news@sun.uucp
Lines: 34
Keywords: argv ps

>  - How does this work?

"ps", on some versions of UNIX, figures out where the last page or so of the
process' stack is, and grabs characters from there.  It does NOT look at the
"argv" vector, just at the pool of characters it points into, so changing the
"argv" vector has no effect.

On some other versions of UNIX, the kernel copies the argument list into a
location in the U page, and "ps" looks there instead; on those versions, there
is nothing whatsoever a non-privileged can do to affect what "ps" sees other
than doing something bizarre such as re-"exec"ing itself.

> Does it work only on BSD type systems, any others?

It works on some BSD systems, and some non-BSD systems.  It does not work on
systems with the argument list copy in the U page mentioned above; AT&T's
paging releases of System V (at least the 3B2 S5R3, and the VAX S5R2 Version 2,
releases) work that way.

In short, this trick is NOT portable; it may be a nice hack, but don't depend
on it working.

>  - Whose memory is the process writing into?

Its own, of course.

> What happens if the process writes more bytes than the caller specified
> in the command line?

It could, conceivably, write off the end of its stack, and quite likely get a
signal of some sort.
	Guy Harris
	{ihnp4, decvax, seismo, decwrl, ...}!sun!guy
	guy@sun.com