Using Preinitialized Environments for Authorized Programs in service request block (SRB) mode
Figure 1. Using Preinitialized Environments for Authorized Programs
in SRB mode
In this example, Preinitialized Environments for Authorized Programs is being used by an SRB mode exploiter.
The user code running under the SRB uses the CELAAUTH macro to call
a C/C++ routine within the address space. The CELAAUTH services locate
an available environment, including an LAA, in which to run the routine.
The address of the LAA is placed in PSALAA before calling the routine.
If the routine requires an additional DLL to be loaded, CELAAUTH queues
a request to the worker task, which performs the load and returns
the information. If the SRB is preempted, the LAA address in PSALAA
is saved in the SSRB. This value is restored to PSALAA when the SRB
is re-dispatched.