Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

5
  • For most cases it works well, but there is a problem with symlinks (if I identify the problem correctly). If the original command is a symlink to another file, then /proc/[pid]/exe would dereference the symlink and point to the actual file. Though for my case this behaviour won't harm. Commented May 28, 2017 at 17:01
  • @renyuneyun, hmm, yes, for the same reason my example of moving the executable after starting it works like it does, the exe entry tracks the actual file. cmdline would have the name the program received as argv[0] on startup, but IIRC that can be overwritten... I'm not sure but it comes to mind that to get a copy of the argv as it was when the process exec'd, you'd need to trace it. Commented May 30, 2017 at 12:43
  • Yes, cmdline can be overwritten. This is the reason I didn't want to use it in the first place (but sadly I still need to use it when exe points to the interpretor, e.g. python). What do you mean by "you'd need to trace it"? In the original program (or by modifying kernel)? Commented May 30, 2017 at 14:31
  • @renyuneyun, trace as in with a debugger to peek into the argv values before they're changed, or run under strace to see the exec syscall. Commented May 30, 2017 at 15:21
  • Aha, it doesn't seem to fit my needs. But anyway, I learned something new :) Commented May 31, 2017 at 11:38