Thread: Using Thread Local Storage (tls) in Olly
View Single Post
  #7  
Old 05-08-2005, 21:32
JuneMouse
 
Posts: n/a
also it seems xp has suppressed a lot of dbgstring providing them only to checked builds and not to free builds

thier own gflags.exe doesnt let LDR_SHOW_SHOWSNAPS show anything usefull in pre initailaization stage only some debug strings could be shown post initialization stage

the following output is the max that is got by having both imagefile execution options and session manager Globalflag in xp ( nosign of LDR messages anywhere

Code:
Log data
Address    Message
           OllyDbg v1.10
           Bookmarks sample plugin v1.06 (plugin demo)
             Copyright (C) 2001, 2002 Oleh Yuschuk
           Command line plugin v1.10
             Written by Oleh Yuschuk
           NtGlobalFlag Plugin v1.10
             
           File 'C:\Documents and Settings\Administrator\Desktop\odbg110\tut02\msgbox.exe'
           New process with ID 000008C0 created
00401000   Main thread with ID 00000D70 created
00400000   Module C:\Documents and Settings\Administrator\Desktop\odbg110\tut02\msgbox.exe
77D40000   Module C:\WINDOWS\system32\USER32.dll
77F10000   Module C:\WINDOWS\system32\GDI32.dll
7C800000   Module C:\WINDOWS\system32\kernel32.dll
7C900000   Module C:\WINDOWS\system32\ntdll.dll
7C946E68   Debug string: [8c0,d70] LDR: Real INIT LIST for process C:\Documents and Settings\Administrator\Desktop\odbg110\tut02\msgbox.exe pid 2240 0x8c0
7C946E68   Debug string: [8c0,d70]    C:\WINDOWS\system32\GDI32.dll init routine 77F163CA
7C946E68   Debug string: [8c0,d70]    C:\WINDOWS\system32\USER32.dll init routine 77D50EB9
7C946E68   Debug string: [8c0,d70] LDR: GDI32.dll loaded
7C946E68   Debug string:  - Calling init routine at 77F163CA
7C946E68   Debug string: [8c0,d70] LDR: USER32.dll loaded
7C946E68   Debug string:  - Calling init routine at 77D50EB9
00401000   Program entry point
it w2k this output is voluminous for the same exe

can any one having checked build could verify and tell me if +sls stays enabled and if it outputs a lot of debug strings or not in xp ??

[code]


C:\Program Files\SUPPOR~1>gflags -k +sls
Current Running Kernel Settings are: 00000002
sls - Show Loader Snaps

C:\Program Files\SUPPOR~1>gflags -k
Current Running Kernel Settings are: 00000000 <--- it doesnt stay as it is

C:\Program Files\SUPPOR~1>gflags -r
Current Boot Registry Settings are: 00000002
sls - Show Loader Snaps

C:\Program Files\SUPPOR~1>gflags -i msgbox.exe
Current Registry Settings for msgbox.exe executable are: 00000072
sls - Show Loader Snaps
htc - Enable heap tail checking
hfc - Enable heap free checking
hpc - Enable heap parameter checking

C:\Program Files\SUPPOR~1>
Reply With Quote