TLS,局部线程存储。先于OEP执行,可防止多线程争用资源,现常用于反调试
AddressOfCallBacks为一个函数指针数组,里面存放callback函数地址,系统会在OEP之前调用。
简单使用TLS:
#include "iostream"
#include "Windows.h"
#include "tchar.h"
//#include "ntdll/ntdll.h"
//使用TLS
#pragma comment(linker,"/INCLUDE:__tls_used")
DWORD isDebug = 0;
void NTAPI TLS_CALLBACK(PVOID DllHandle, DWORD Reason, PVOID Reserved)
{
if (Reason == DLL_PROCESS_ATTACH)
{
::MessageBox(0, 0, 0, 0);
//不接受内核调试信息
//NtSetInformationThread(GetCurrentThread(),TreadHidePromDebugger,0,0);
//NtQueryInformationProcess()
}
}
void NTAPI TLS_CALLBACK2(PVOID DllHandle, DWORD Reason, PVOID Reserved)
{
if (Reason == DLL_PROCESS_ATTACH)
{
::MessageBox(0, 0, 0, 0);
}
}
int main()
{
::MessageBoxA(0, "主函数", 0, 0);
return 0;
}
//新建一段数据,放到TLS这个目录表里面 函数指针数组
#pragma data_seg (".CRT$XLX")
PIMAGE_TLS_CALLBACK pTlsCallBacks[] = { TLS_CALLBACK,TLS_CALLBACK2 ,NULL};
#pragma data_seg()