From Collaborative RCE Tool Library

Jump to: navigation, search

ollytlscatch

Tool name: ollytlscatch
Rating: 0.0 (0 votes)
Author: waliedassar                        
Website: http://code.google.com/p/ollytlscatch/
Current version:
Last updated: November 1, 2010
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: This plugin simply intercepts any new module loaded into the current process address space ,searchs it for tlscallbacks and sets a one-shot breakpoint on every callback found. It lets the malware analyst catch any tls callback in ollydbg. Just copy the plugin dll into olly plugin directory then fire ollydbg. Tested on ollydbg v1 on windows xp and windows Vista.

Still working on it to make it catch dynamically added tlscallbacks.
Related URLs:
Introductory blog post:
http://waleedassar.blogspot.com/2010/10/quick-look-at-tls-callbacks.html


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (23)
   Needs New Category  (3)