In a message dated 1/25/2007 12:27:17 A.M. Central Standard Time, [EMAIL PROTECTED] writes: >You're saying this because, and this just occurred to me, the lpalib where the SVC routine lives cannot be protected from being ready by anyone on the system? IOW, any SVC can be disassembled? Any code which is visible (via dump, IMASPZAP dump of a load module stored on DASD somewhere, or online viewing via TSO, e.g.) can be disassembled. Some parts of MVS can be selectively eliminated from all dumps by default and other steps can be taken to restrict usage of IMASPZAP, but that still leaves TSO. You can poke around inside MVS and learn a lot about IBM modules. E.g., most interrupt new PSWs contain the virtual address of the First Level Interrupt Handler (FLIH) for that particular interrupt, so you can see the address and use that as the next address to display. The program interrupt new PSW, however, contains the real address of the program FLIH as that new PSW has the bit governing the DAT feature turned off. But it is very easy to convert a real address to its equivalent virtual address, as there is a routine pointed to by the CVT and called by the unauthorized system service macro IARR2V. Run a batch job to invoke IARR2V with that real address and you will obtain the virtual address where the program FLIH begins. Disassemble the FLIH for SVC interrupts and pretty soon you will arrive at the table where the virtual addresses of the routines for all the various SVC numbers are stored. Some parts of MVS are fetch protected, however, and thus you cannot view them by an unauthorized process, such as online storage display via TSO. The higher 2K of all PSAs are fetch protected, as they contain many register save areas in which a hacker might be able to find something inside some register that would help him in his hacking. And now on 64-bit machines all PSAs are 8K big and not 4K any more, so the higher 2K of both PSA pages are fetch protected. Bill Fairchild
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
