WinAsm Studio, The Assembly IDE - Free Downloads, Source Code
Programming Quick Start
32-bit Assembler is Easy
Porting Iczelion tutorials
What is FASM
What is FASM G
Hard Drive Recovery
Wiring your own LAN
Personal menu
Welcome Guest
Resend Validation Email

TLS Callback Functions, How to execute code during an application's initialization (before entry point) - deinitialization

Quote Post


Group: Moderators
Posts: 404
Member No.: 5187
Joined: 10-June 07

Sponsored Links
Hi all,

I was checking out the new Ollydbg v2.00c (Released 25 Dec. 2007).
Among the new features is the support & recognition of TLS Callbacks.

Here are a couple of articles that describe what are TLS Callbacks:

Description of TLS callbacks at Ilfak's Hex Blog
Manually create a Thread Local Storage (TLS) Callback
Microsoft Portable Executable and Common Object File Format Specification

I have created an application featuring 5 TLS Callback functions.

Turns out the new Ollydbg correctly recognizes them, but only breaks on the first one...
Well, i think it should break on all TLS Callbacks, not only during the initialization of the PE by the loader, but also during deinitialization. What do you think on this?

Anyway, for those interested in the subject, or want to check out the new feature of Ollydbg, here are the related files & projects.

Files Description:

TLSCallbacks - This is the program featuring 5 TLS Callback functions. When you will compile it, it should execute winmain(), because two values need to be updated in the TLS_Directory of the PE. I haven't found a way to set these values through the MS linker, so i ended up coding another little utility, which scans the file for a pattern that precedes the TLS Table and sets the two values in the TLS_Directory (someone could do this manually; this utility is merely intended for automation of the process...).

UpdateTLSDirectoryEntries - This is the aforementioned utility.

Attached File ( Number of downloads: 346 )
 Login or Register to download
Quote Post

New Member

Group: Members
Posts: 18
Member No.: 2322
Joined: 22-March 06

Here are 2 more examples for MASM & TASM.

Attachment edited by samael (30 Dec 2007)
Reason: Converted to ZIP archive
Previous downloads: 9

Attached File ( Number of downloads: 284 )
 Login or Register to download
PMEmail PosterUsers WebsiteICQMSN
Quote Post

New Member

Group: Members
Posts: 1
Member No.: 38108
Joined: 24-September 10

samael ,your are right,ollydbgv2.0 breaks only on the first tlscallback.
But i have a small modification for what you said-->It breaks on the first tls callback in the process executable(.exe file)<---
Given an executable which has a tls cllback and is implicitly linked to a DLL and this dll has its own tls callback,what do you think ollyv2.0 will do??
The tlscallback of the Dll will execute then ollyv2.0 will break one the executable's callback.
I think this ollyplugin will do the whole job.It is called TLSCatch.
It sets a one-shot breakpoint on every callback in every loaded module(whether it is the main executable or any DLL).
It was tested on ollydbgv1 and windows XP(may work on Vista).
here is the plugin link
PMEmail Poster
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll


Computer Science

Hardware & PC maintenance


General Discussions
Suggestions/Bug Reports
WinAsm Studio

General Discussions
Suggestions/Bug Reports
WinAsm Studio FAQ
Multilingual User Interface
Assembly Programming

Custom Controls
Announcements & Rules



Online Degrees - Distance Learning
The Heap