My point was that if you got some stuff from your program, other than
its command line at offset 228, your basepage content is corrupted.
I hear you. That's the trick, actually. I'm not expert on a.out format but I think it requires to have actual code (first code segment) on 0x100 (offset from the beginning of file). So everything can be left untouched except what? Except the code segment. This is 'moved' to 0x100 and the 'tbase' pointer is adjusted. The rest (data, command line etc) is on the same position.
I haven't had time to test on something else but I'm 99% sure that this is the cause (the a.out hack).
--