Thread: Using Thread Local Storage (tls) in Olly
View Single Post
  #5  
Old 05-03-2005, 10:55
TQN TQN is offline
VIP
  
Join Date: Apr 2003
Location: Vietnam
Posts: 358
Rept. Given: 143
Rept. Rcvd 24 Times in 13 Posts
Thanks Given: 196
Thanks Rcvd at 168 Times in 51 Posts
TQN Reputation: 24
Great information, JuneMouse. Thank you very much !
Hope Teerayoot will update his Olly Invisible plugin with this information.
This detecting way will return wrong information if the GlobalFlag of exe was set (by using Gflags.exe or by editting registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TheEXE).
Creating a empty key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\debugcrap.exe] (no GlobalFlag value) in the registry will fool the detecting.
Best regards,
TQN
Attached Files
File Type: txt fool_debugcrap.txt (124 Bytes, 27 views)
Last edited by TQN; 05-03-2005 at 12:43.
Reply With Quote