I have been told that code in TLS is run before the entry point of an exe is reached ,so if one puts a breakpoint on this TLS address he/she could debug the behavior of the virus.Can Fiber local Storage too can be used for malicious intent . TLS address and size is stored in the Data Directory of the PE structure's optional header ,where can I find the FLS address and size. Can a TLS of one thread be used by another thread ?
According to my understanding of TLS :Every process can have many threads running in its virtual address space and every thread has its own TLS .TLS is used when global variables are needed to be instanced on a per thread basis.
Aucun commentaire:
Enregistrer un commentaire