Slick Trick

I just configured fs-cifs to run on my system.
(BTW, the mount command should mention that:
mount -t cifs
requires that fs-cifs is already running.)

But what I got a kick out of was that after loading fs-cifs which
included my user id and PASSWORD on our NTserver I did a
pidin ar
and noticed that it hides the password from the arguments list.

SLICK TRICK!

How does a program modify the public view of it’s command line
arguments?
(Please don’t tell me it’s as simple as modifying argv[x]. I tried that
once on QNX4 and it didn’t work. Is QNX 6 different in that regard?
That can be useful to know.)

Bill Caroselli <qtps@earthlink.net> wrote:

I just configured fs-cifs to run on my system.
(BTW, the mount command should mention that:
mount -t cifs
requires that fs-cifs is already running.)

But what I got a kick out of was that after loading fs-cifs which
included my user id and PASSWORD on our NTserver I did a
pidin ar
and noticed that it hides the password from the arguments list.

SLICK TRICK!

How does a program modify the public view of it’s command line
arguments?
(Please don’t tell me it’s as simple as modifying argv[x]. I tried that
once on QNX4 and it didn’t work. Is QNX 6 different in that regard?
That can be useful to know.)

The following program hides its args on QNX4 and QNX6 – in QNX4, you
see just the remnants of argv[0], in QNX6, you see nothing, not even
the program name.

-David

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>

int main( int argc, char **argv)
{
int i;
for (i = 0; i < argc; i++ )
{
argv_[0] = ‘\0’;
}
sleep(5000);
}

\

QNX Training Services
http://www.qnx.com/support/training/
Please followup in this newsgroup if you have further questions._

David Gibbs <dagibbs@qnx.com> wrote:

Bill Caroselli <> qtps@earthlink.net> > wrote:
I just configured fs-cifs to run on my system.
(BTW, the mount command should mention that:
mount -t cifs
requires that fs-cifs is already running.)

But what I got a kick out of was that after loading fs-cifs which
included my user id and PASSWORD on our NTserver I did a
pidin ar
and noticed that it hides the password from the arguments list.

SLICK TRICK!

How does a program modify the public view of it’s command line
arguments?
(Please don’t tell me it’s as simple as modifying argv[x]. I tried that
once on QNX4 and it didn’t work. Is QNX 6 different in that regard?
That can be useful to know.)

The following program hides its args on QNX4 and QNX6 – in QNX4, you
see just the remnants of argv[0], in QNX6, you see nothing, not even
the program name.

-David

#include <stdio.h
#include <unistd.h
#include <stdlib.h

int main( int argc, char **argv)
{
int i;
for (i = 0; i < argc; i++ )
{
argv> [0] = ‘\0’;
}
sleep(5000);
}

_Doh! I asked you not to tell me that!

I could have sworn that I tried that on QNX4 once and it didn’t work.
(
OK, maybe it was QNX2. It was a while ago.
It was a trick I used to use a lot on an old IBM mini. The program
would change it’s name to indicate it’s state.
)

I just tried it. I am able to change any of the argv[x] char* s.
So I went one step further and tried to change argv to point to a
new array of char* s. That didn’t work :frowning:

Still this is a slick trick.

Bill Caroselli <qtps@earthlink.net> wrote:

David Gibbs <> dagibbs@qnx.com> > wrote:
Bill Caroselli <> qtps@earthlink.net> > wrote:

Doh! I asked you not to tell me that!

Sorry.

I could have sworn that I tried that on QNX4 once and it didn’t work.
(
OK, maybe it was QNX2. It was a while ago.
It was a trick I used to use a lot on an old IBM mini. The program
would change it’s name to indicate it’s state.
)

I just tried it. I am able to change any of the argv[x] char* s.
So I went one step further and tried to change _argv to point to a
new array of char* s. That didn’t work > :frowning:

Yeah, what doesn’t work under QNX4 is:

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>

int main( int argc, char **argv)
{
int i;
for (i = 0; i < argc; i++ )
{
argv _= “hello”;
}
sleep(5000);
}

But, that does seem to work under QNX6.

I think that under QNX4, “sin ar” munged into the “MAGIC” memory where
it knew that the commandline arguments were stored – it looks like
“pidin ar” actually follows the argv[] elements to where they point
to get the results.

It may be that you did the above, rather than the original I posted,
and so thought it wouldn’t work under QNX4.

(Note: with my original, playing with argv[x][y], if you’re munging,
you’d better not exceed the length of the text string that was there
in the first place. Well, actually, it MIGHT all be stored in one
place, so you might actually have access to the sum of the length
of all the strings… hm…

On QNX4:

args a dfasdfas asdsd a
argv[0] is 50095, len 4
argv[1] is 50100, len 1
argv[2] is 50102, len 8
argv[3] is 50111, len 5
argv[4] is 50117, len 1

On QNX6:

argv[0] is 134512069, len 4
argv[1] is 134512074, len 4
argv[2] is 134512079, len 3
argv[3] is 134512083, len 14
argv[4] is 134512098, len 4

Yup. looks that way. You get a block of memory, and argv[x] just
indexes into it. So…if you really wanted to, you could put an
strings you wanted into there.

(And, on QNX4 it would probably just parse them…but on QNX6, you
might have to mung your argv[] to point to the new results. Hm…
on QNX6, easier the second way, since pidin ar seems to actually
follow the arg[], rather than just dump & parse the memory itself
as in QNX4.)

-David

QNX Training Services
http://www.qnx.com/support/training/
Please followup in this newsgroup if you have further questions._