-
-
编译带TlS回调函数的汇编程序
-
发表于: 2005-11-2 19:40
-
在EliCZ的主页中很早就放了这样的代码。
c07K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4F1N6r3W2U0M7X3q4U0K9$3W2F1k6#2)9J5k6i4y4C8i4K6u0r3c8h3I4A6b7#2A6Q4x3V1k6A6L8X3k6G2M7#2)9J5c8W2c8D9M7@1W2F1b7i4y4E0i4K6u0W2P5X3W2H3
下面的代码在EliCZ的代码中略修改了下,用masm可以编译通过,最初见于OD的NtGlobalFlag插件包中,这里我也修改了一下,并加了点注释。。
.386
.MODEL flat,stdcall
OPTION casemap:none
include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data?
_tls_index dd ?
OPTION DOTNAME
;增加一个名为.tls的区段
.tls SEGMENT
_tls_start LABEL DWORD
dd 80H DUP ("slt.")
_tls_end LABEL DWORD
.tls ENDS
OPTION NODOTNAME
.data
__xl_a dd TlsCallBack0 ;TlsCallBack1 ;回调函数,可以多个...
__xl_z dd 0 ;null terminated list of pointers to callback procedures
MsgCaption db "Tls test",0
Msgtls db "in Tls",0
msghello db 'hello word!',0
;tls目录结构
TLS_DIRECTORY STRUCT
lpTlsDataStart LPDWORD ? ;copy block starting here
lpTlsDataEnd LPDWORD ? ;and ending here + block (size=ZeroFillSize) filled with 0 to
lpTlsIndex LPDWORD ? ;DS:[FS:[2CH]]+TlsIndex*4
lpTlsCallbacks LPDWORD ? ;pointer to 0 terminated array of pointers to callbacks
ZeroFillSize DWORD ? ;overall size=lpTlsDataEnd-lpTlsDataStart+ZeroFillSize
Characteristic DWORD ? ;reserved
TLS_DIRECTORY ENDS
PUBLIC _tls_used ;this name is required and must be PUBLIC!!!!
_tls_used TLS_DIRECTORY <_tls_start, _tls_end, _tls_index, __xl_a, 0, ?>
.code
start:
invoke MessageBox,NULL,addr msghello,addr MsgCaption,MB_OK
invoke ExitProcess,NULL
ret
OPTION DOTNAME
.code .tls ;;;把这段代码放到tls段中,当然你也可以不用这么做。。
OPTION NODOTNAME
;tls section
;Tls回调函数
TlsCallBack0 PROC hinstImg, fdwReason, lpvReserved
invoke MessageBox,NULL,addr Msgtls,addr MsgCaption,MB_OK
mov dword ptr[__xl_a],0
MOV EAX, TRUE
RET
TlsCallBack0 ENDP
end start
广告
大话编程论坛今天开通,欢迎大家前往捧场和灌水。。。
732K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4m8@1N6r3g2S2L8g2)9J5k6h3y4G2L8b7`.`.
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
