Hi,
I have just finished to read a great article about Creation of TLS dynamically so that one TLS can create another TLS and make the PE loader run it right after the first one. You can't see the dynamic created TLS in any PE viewer nor TLSCatch plugin for OllyDbg/ImmDbg can catch it. So be warned it could be in malware in the near future.
You can read this great article here: http://thelegendofrandom.com/blog/archives/2418
I have just finished to read a great article about Creation of TLS dynamically so that one TLS can create another TLS and make the PE loader run it right after the first one. You can't see the dynamic created TLS in any PE viewer nor TLSCatch plugin for OllyDbg/ImmDbg can catch it. So be warned it could be in malware in the near future.
You can read this great article here: http://thelegendofrandom.com/blog/archives/2418
