[Info-vax] How dangerous is it to be able to get into DCL supervisor mode ?

[Simon Clubley]

On 2017-07-05, David Froble <davef at tsoft-inc.com> wrote:
> Simon Clubley wrote:
>> On 2017-07-05, David Froble <davef at tsoft-inc.com> wrote:
>>> I believe that Simon started out questioning whether he could retain supervisor 
>>> mode.  Then the guessing started, I guess.
>> 
>> Correct. You generally need to be able to cause a crash in the
>> first place to be able to use this kind of approach. The question
>> then becomes if the environment can be changed in a way which allows
>> you to be able to control the crash in such a way as to allow your
>> shellcode to be run by the failing image (in this case DCL itself).
>

[Changed quote to "to be run" as in my corrected posting]

> Ok, short story.  Back in the early 1980s I thought I needed to include some 
> exception handlers, in case of an exception happening.  Thought I needed to do 
> some clean-up.  Then I found out VMS did all that for me, and that's the last 
> looking at handlers that I did.
>

In this particular approach, exception handlers are not involved until
(maybe) after the shellcode has finished executing.

The final status text I posted previously was due to it being an
uncontrolled crash due to how badly DCL was messed up internally.

The idea is that you look for a way to modify the conditions for the
uncontrolled crash so that DCL is messed up just enough to trick it
into running your shellcode. That way, there are no exception handlers
invoked until (maybe) after your shellcode has finished executing.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world