WinAsm Studio, The Assembly IDE - Free Downloads, Source Code
Sponsors
Articles
Programming Quick Start
32-bit Assembler is Easy
Porting Iczelion tutorials
What is FASM
What is FASM G
Hard Drive Recovery
Wiring your own LAN
Personal menu
Welcome Guest
User:
Pass:
Register!
Resend Validation Email
 
Forum
 

TLS Callback Functions, How to execute code during an application's initialization (before entry point) - deinitialization

samael
Quote Post


Typo-lord
******

Group: Moderators
Posts: 404
Member No.: 5187
Joined: 10-June 07


Sponsored Links
Hi all,

I was checking out the new Ollydbg v2.00c (Released 25 Dec. 2007).
Among the new features is the support & recognition of TLS Callbacks.


Here are a couple of articles that describe what are TLS Callbacks:

Description of TLS callbacks at Ilfak's Hex Blog
Manually create a Thread Local Storage (TLS) Callback
Microsoft Portable Executable and Common Object File Format Specification

I have created an application featuring 5 TLS Callback functions.

Turns out the new Ollydbg correctly recognizes them, but only breaks on the first one...
Well, i think it should break on all TLS Callbacks, not only during the initialization of the PE by the loader, but also during deinitialization. What do you think on this?

Anyway, for those interested in the subject, or want to check out the new feature of Ollydbg, here are the related files & projects.


Files Description:

TLSCallbacks - This is the program featuring 5 TLS Callback functions. When you will compile it, it should execute winmain(), because two values need to be updated in the TLS_Directory of the PE. I haven't found a way to set these values through the MS linker, so i ended up coding another little utility, which scans the file for a pattern that precedes the TLS Table and sets the two values in the TLS_Directory (someone could do this manually; this utility is merely intended for automation of the process...).

UpdateTLSDirectoryEntries - This is the aforementioned utility.

Attached File ( Number of downloads: 340 )
 Login or Register to download
PM
Top
Vrane
Quote Post


New Member
*

Group: Members
Posts: 18
Member No.: 2322
Joined: 22-March 06


Here are 2 more examples for MASM & TASM.

Attachment edited by samael (30 Dec 2007)
Reason: Converted to ZIP archive
Previous downloads: 9


Attached File ( Number of downloads: 278 )
 Login or Register to download
PMEmail PosterUsers WebsiteICQMSN
Top
waleedassar
Quote Post


New Member
*

Group: Members
Posts: 1
Member No.: 38108
Joined: 24-September 10


samael ,your are right,ollydbgv2.0 breaks only on the first tlscallback.
But i have a small modification for what you said-->It breaks on the first tls callback in the process executable(.exe file)<---
Given an executable which has a tls cllback and is implicitly linked to a DLL and this dll has its own tls callback,what do you think ollyv2.0 will do??
The tlscallback of the Dll will execute then ollyv2.0 will break one the executable's callback.
I think this ollyplugin will do the whole job.It is called TLSCatch.
It sets a one-shot breakpoint on every callback in every loaded module(whether it is the main executable or any DLL).
It was tested on ollydbgv1 and windows XP(may work on Vista).
here is the plugin link http://ollytlscatch.googlecode.com/files/TlsCatch.dll
PMEmail Poster
Top
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll

 

Sponsors
Computer Science

Internet
C/C++
Hardware & PC maintenance

HiEditor

General Discussions
Suggestions/Bug Reports
WinAsm Studio

General Discussions
Suggestions/Bug Reports
WinAsm Studio FAQ
Multilingual User Interface
Add-Ins
Assembly Programming

Main
Newbies
Projects
Custom Controls
Snippets
Announcements & Rules

Announcements

General

Online Degrees - Distance Learning
The Heap
Russian
Google