想用之前没有MmpTls的版本来加载版本号为21H1的win10

[xtayaitak]

最新的版本依赖很多HOOK来达到处理tls相关函数的效果。
我使用HOOK会有问题，想用之前没有MmpTls的版本来在win10 21H1平台下的dll。

是不是我只需要补充LdrpHandleTlsData的特征码就能达到我想要的效果了。谢谢。

[bb107]

是的，你需要手动提取LdrpHandleTlsData和LdrpReleaseTlsEntry的特征码。

[jackyuke]

How to extract feature code? Any guidance?

[bb107]

Hi there! If you want to extract feature codes (or patterns), you'll need a PE editor or debugger like x64dbg first. Next, select some consecutive machine code within the function and calculate the distance between its start address and the first byte of your choice. It's important to choose complex instructions to ensure the patterns you pick are unique within the module's segment.

[jackyuke]

Trying to load more dll at once. It it exceeds InvertedTable->MaxCount. Can we increase it?

[bb107]

As far as I know, INVERTED_FUNCTION_TABLE is a fixed size struct and is not dynamically allocated, so we cannot increase its size.