Back to Top

Friday, June 26, 2009

Breaking into a process before the TLS gets executed

I found out about this from the SANS blog: you can make Olly break before the TLS get executed. Just Debugging Options –> Events and set “Make first pause at” to “System breakpoint” instead of “WinMain”. Cool! (until now I was patching executables with TLS to avoid them being executed).



Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.