[Info-vax] EXEC mode stack
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Tue Feb 23 19:49:40 EST 2016
On 2016-02-24 00:24:52 +0000, Lee Gleason said:
> "Stephen Hoffman" wrote in message news:nagd8e$p56$1 at dont-email.me...
> On 2016-02-23 00:02:10 +0000, Lee Gleason said:
>
>
>
>>> It's located via CTL$GL_STACK+4 (that's an array of pointers to the
>>> four stacks), and the exec stack is sixteen pages.
>
> Thanks!
Allocate "enough" exec-writable memory somewhere, create a bogus stack
frame there that'll reset the ESP back to the real stack, and then load
the pointer with the address of the allocated memory.
Then hope that you don't hit something that needs to walk across the
allocations, too.
Or PKAST into some other "victim" process for the code that needs more
stack, and "borrow" the exec stack there.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list