| View previous topic :: View next topic |
| Author |
Message |
BanMe
Master Cheater
![]() Reputation: 0
Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA
|
 Posted: Sun Dec 28, 2008 8:52 pm Post subject: C++ TLS callbacks ... (reworked code of: ap0x and samael) |
 |
|
origanil ASM can be Found by googling WinAsm TLS Callbacks
anyways here my redo in C++
| Code: |
void Act_DebugDetect(PVOID,DWORD,PVOID);
BYTE Signature[7] = { 0x33, 0xED, 0x53, 0x50, 0x6A, 0x00, 0xE9};
DWORD CALL_BACK_ARRAY[2] = {(DWORD)Act_DebugDetect,0};
BYTE TLS_TABLE_MARKER[8] = { 0x0E, 0x0F, 0x05, 0x07, 0x11, 0x01, 0x00, 0x05 };
DWORD TLS_INDEX = NULL;
TLS_DIRECTORY TLS = {0,0,&TLS_INDEX,&CALL_BACK_ARRAY,NULL,NULL};
void Act_DebugDetect(PVOID a,DWORD b,PVOID c)
{
DWORD IsDebugged;
NtQueryInformationProcess(GetCurrentProcess,0x7,&IsDebugged,4,0);
if(IsDebugged)
{
ExitProcess(-1);
}
}
int Main(void)
{
Sleep(INFINITE);
return 0;
}
|
using the tool to update the TLS_DIRECTORY provided by samael on Winasm.net (i will provide it here) but i give props to him.
please post questions but before you do update yourself on what TLS callbacks are 
regards BanMe
|
|
| Back to top |
|
 |
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Wed Dec 31, 2008 1:37 pm Post subject: |
|
|
This is why I like fasm; it's a few lines of code for a structure to implement a TLS callback. 
|
|
| Back to top |
|
|
Ramiz
How do I cheat?
![]() Reputation: 0
Joined: 03 Nov 2009
Posts: 2
|
| Posted: Tue Nov 03, 2009 7:10 pm Post subject: |
|
|
Hello
thanks for BanME about this code and the tool
but i want to know what we can do with this code ??
we can put it in the tls ??
and how we can do that if we can ?
thanks
|
|
| Back to top |
|
|
Bswap
Newbie cheater
 Reputation: 0
Joined: 18 Aug 2009
Posts: 21
|
| Posted: Wed Nov 04, 2009 2:38 am Post subject: re: |
|
|
@BanMe: Take no offence to the following.
@Ramiz: You're thanking BanMe for some code, of which you have zero idea of how to use or what it does. For all you know, this could reformat your computer, and yet you're thanking him.
Very strange behaviour.
I can't help but think you're spamming so you reach 10 posts and 'earn' the option of changing your avatar... maybe i'm wrong, I hope so.
|
|
| Back to top |
|
|
Ramiz
How do I cheat?
![]() Reputation: 0
Joined: 03 Nov 2009
Posts: 2
|
| Posted: Wed Nov 04, 2009 5:23 am Post subject: |
|
|
@Bswap i know what u did not know maybe u will know after 100 year 
i am asking a question if u have answer then post if u do not have then shut up
|
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Wed Nov 04, 2009 4:54 pm Post subject: |
|
|
Would it be valid to run your entire program from a TLS Callback?
So have the main thread sleep for an infinite time and have everything in the TLS Callback thread? Are there any restrictions on what can be done in such a function? (Like there are restrictions in DllMain)
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
