在EliCZ的主页中很早就放了这样的代码。
http://www.anticracking.sk/EliCZ/infos/TlsInAsm.zip
下面的代码在EliCZ的代码中略修改了下,用masm可以编译通过,最初见于OD的NtGlobalFlag插件包中,这里我也修改了一下,并加了点注释。。
.386
.MODEL flat,stdcall
OPTION casemap:none
include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data?
_tls_index dd ?
OPTION DOTNAME
;增加一个名为.tls的区段
.tls SEGMENT
_tls_start LABEL DWORD
dd 80H DUP ("slt.")
_tls_end LABEL DWORD
.tls ENDS
OPTION NODOTNAME
.data
__xl_a dd TlsCallBack0 ;TlsCallBack1 ;回调函数,可以多个...
__xl_z dd 0 ;null terminated list of pointers to callback procedures
MsgCaption db "Tls test",0
Msgtls db "in Tls",0
msghello db 'hello word!',0
;tls目录结构
TLS_DIRECTORY STRUCT
lpTlsDataStart LPDWORD ? ;copy block starting here
lpTlsDataEnd LPDWORD ? ;and ending here + block (size=ZeroFillSize) filled with 0 to
lpTlsIndex LPDWORD ? ;DS:[FS:[2CH]]+TlsIndex*4
lpTlsCallbacks LPDWORD ? ;pointer to 0 terminated array of pointers to callbacks
ZeroFillSize DWORD ? ;overall size=lpTlsDataEnd-lpTlsDataStart+ZeroFillSize
Characteristic DWORD ? ;reserved
TLS_DIRECTORY ENDS
PUBLIC _tls_used ;this name is required and must be PUBLIC!!!!
_tls_used TLS_DIRECTORY <_tls_start, _tls_end, _tls_index, __xl_a, 0, ?>
.code
start:
invoke MessageBox,NULL,addr msghello,addr MsgCaption,MB_OK
invoke ExitProcess,NULL
ret
OPTION DOTNAME
.code .tls ;;;把这段代码放到tls段中,当然你也可以不用这么做。。
OPTION NODOTNAME
;tls section
;Tls回调函数
TlsCallBack0 PROC hinstImg, fdwReason, lpvReserved
invoke MessageBox,NULL,addr Msgtls,addr MsgCaption,MB_OK
mov dword ptr[__xl_a],0
MOV EAX, TRUE
RET
TlsCallBack0 ENDP
end start
广告:
大话编程论坛今天开通,欢迎大家前往捧场和灌水。。。
http://www.ptteam.com