In this article I will describe how I used CodeQL to look for kernel structures that are kmalloc’ed and contain function pointers to help exploit a use-after-free in the linux kernel.
If you change argv inside your program, /proc/<pid>/cmdline and ps will reflect the change.
/proc/<pid>/cmdline
ps
