From: SMTP%"MACRO32@WKUVX1.BITNET" 21-JUL-1993 13:07:54.95 To: EVERHART CC: Subj: Re: CHMx codes X-ListName: "VMS Internals, MACRO, & BLISS Discussions" Warnings-To: <> Errors-To: MacroMan@WKUVX1.BITNET Sender: MacroMan@WKUVX1.BITNET Date: 21 Jul 1993 12:54:21 -0500 (EST) From: "Brian J. Schenkenberger, VAXman" Reply-To: MACRO32@WKUVX1.BITNET Subject: Re: CHMx codes To: MACRO32 Message-ID: <01H0SZ6BAEYS90MVR4@MONMOUTH-ETDL1.ARMY.MIL> X-VMS-To: IN%"@ulkyvm.louisville.edu:MACRO32@WKUVX1.BITNET" MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT >>The subject line doesn't say all that much about it. >>Can anyone tell me where to find the CHMx codes? >>IE. If you see the instruction CHMK #5, where to find out >[...] >$ ANALYZE/SYSTEM >SDA> READ/EXEC >SDA> EXAM/INST EXE$CMODKRNL;40 (or EXE$CMODEXEC) > >Several instructions into the display you will see a MOVAQ >instruction. For example: > >EXE$CMODKRNL: MOVL (SP)+,R0 >EXE$CMODKRNL+00003: BEQL EXE$CMODEXEC+00079 >EXE$CMODKRNL+00005: PUSHAB EXE$CMODKRNL+00080 >EXE$CMODKRNL+00009: MOVZBL R0,R1 >EXE$CMODKRNL+0000C: MOVL @#CTL$GL_PCB,R4 >EXE$CMODKRNL+00013: PUSHL FP >EXE$CMODKRNL+00015: PUSHL AP >EXE$CMODKRNL+00017: MOVAQ BUG$REBOOT+00B41[R1],R1 > ^^^^^^^^^^^^^^^^ A follow on to my first reply: As I recall, Ehud posted one of his 'interesting' ditties some time back which did much of what I just outlined. I don't remember what the entire program was aimed at but, Ehud located the change mode handler off of the SCB (using 40(16) for CHMK and 44(16) for CHME) and then, looked through the first several instructions for the MOVAQ instruction to obtain the dispatch table address. Also, forget about using the change mode operand value in any code!! This number could change 'before your eyes'!!! For example, a Loadable Executive Image may be written to subvert or totally replace a system service. The L.E.I. is normally loaded during the bootstrap; however, it could be loaded at any time by calling LDR$LOAD_IMAGE with the proper arguments. If the L.E.I. is loaded after you've obtained the operand value, your S.O.L!!! Loading the image will define a new number in the target of the CHMx instruction. If you'd like, I could send you a simple demo of this phenomenon. BJS- /Brian Schenkenberger/Schenkenberg@Eisner.DECUS.Org/ VMS is Bliss / /VMS Software Support/Vitronics, Inc./Eatontown, NJ/(908) 542-0600/ /Independent Consult./Tmesis Consulting/Jackson, NJ/(908) 363-7551/ /@Monmouth-ETDL1.Army.Mil/CIS: 70253,114/