1

Topic: TLS by

I read Chris Kasperski's article about manual creation TLS callback functions, there is there at it a phrase: Probably, we want to fasten TLS to already packed/zaprotekchennoj program, hence, to us vital to learn to create his hands. In case of EXE with killed fixes it is very simple. What means "exe with killed fixes", somebody can explain? Article here

2

Re: TLS by

Hello, KaBoom, you wrote: KB> I Read Chris Kasperski's article about manual creation TLS callback functions, KB> there is there at it a phrase: KB> KB> it is possible, we want to fasten TLS to already packed/zaprotekchennoj program, hence, to us vital to learn to create his hands. In case of EXE with killed fixes it is very simple. KB> that means "exe with killed fixes", somebody can explain? KB> article here Relocation Directory. Means exe without this directory.

3

Re: TLS by

Hello, enigmas, you wrote: E> Relocation Directory. Means exe without this directory. I do not catch communication. And if this directory is - TLS callback it is impossible to fasten unless? Like it is possible... Or meant, what absence Relocation directory - a sign of the packed file?

4

Re: TLS by

Hello, KaBoom, you wrote: KB> Hello, enigmas, you wrote: E>> Relocation Directory. Means exe without this directory. KB> I do not catch communication. And if this directory is - TLS callback it is impossible to fasten unless? Like it is possible... KB> or meant, what absence Relocation directory - a sign of the packed file? If there is a directory  at adding tls callback manually, it is necessary to add still the reference to its address in  (and there the nuances full). That at loading of an image not on imagebase the loader  tls callback address and the correct code have been caused. He as though says that without  is easier, it is not necessary to add anything in them that it makes sense.

5

Re: TLS by

Hello, enigmas, you wrote: E> Hello, KaBoom, you wrote: KB>> Hello, enigmas, you wrote: E>>> Relocation Directory. Means exe without this directory. KB>> I do not catch communication. And if this directory is - TLS callback it is impossible to fasten unless? Like it is possible... KB>> or meant, what absence Relocation directory - a sign of the packed file? E> if there is a directory  at adding tls callback manually, it is necessary to add still the reference to its address in  (and there the nuances full). That at loading of an image not on imagebase the loader  tls callback address and the correct code have been caused. He as though says that without  is easier, it is not necessary to add anything in them that it makes sense. And to add, if  is not present, the loader should load an image on imagebase and in any way differently.

6

Re: TLS by

Hello, enigmas, you wrote: E> If there is a directory  at adding tls callback manually, it is necessary to add still the reference to its address in  (and there the nuances full). From , I so understand, shortage of a place in segments or  (at adding of a new segment). Also do not forget align (4) for the unit . E> He as though says that without  is easier, it is not necessary to add anything in them that it makes sense. Generally, the bad recommendation. It is better to sharpen at once the generalized method. Because if it not  and  will be,  any more will not cut off.