I was checking out the new Ollydbg v2.00c
(Released 25 Dec. 2007).
Among the new features is the support & recognition of TLS Callbacks. Here are a couple of articles that describe what are TLS Callbacks:
● Description of TLS callbacks at Ilfak's Hex Blog
● Manually create a Thread Local Storage (TLS) Callback
● Microsoft Portable Executable and Common Object File Format Specification
I have created an application featuring 5 TLS Callback functions.
Turns out the new Ollydbg correctly recognizes them, but only breaks on the first one...
Well, i think it should break on all TLS Callbacks, not only during the initialization of the PE by the loader, but also during deinitialization. What do you think on this?
Anyway, for those interested in the subject, or want to check out the new feature of Ollydbg, here are the related files & projects. Files Description:
- This is the program featuring 5 TLS Callback functions. When you will compile it, it should execute winmain(), because two values need to be updated in the TLS_Directory of the PE. I haven't found a way to set these values through the MS linker, so i ended up coding another little utility, which scans the file for a pattern that precedes the TLS Table and sets the two values in the TLS_Directory (someone could do this manually; this utility is merely intended for automation of the process...).
- This is the aforementioned utility.
Attached File ( Number of downloads: 305 )