Add experimental TLS loader

2018-12-27 10:56:21 +01:00 · 2018-12-27 10:56:21 +01:00 · 2d5a4e43b3
commit 2d5a4e43b3
parent e1333db8a2
2 changed files with 137 additions and 0 deletions
--- a/src/loader/tls_loader.cpp
+++ b/src/loader/tls_loader.cpp
@ -0,0 +1,99 @@
+#include <std_include.hpp>
+#include "tls_loader.hpp"
+#include "utils/nt.hpp"
+
+std::mutex tls_loader::mutex_;
+std::vector<std::unique_ptr<tls_loader::tls_entry>> tls_loader::tls_entries_;
+
+//static thread_local tls_loader::tls_executer $;
+
+void tls_loader::handle(IMAGE_TLS_DIRECTORY* tls_directory)
+{
+	std::lock_guard _(mutex_);
+	tls_entries_.push_back(std::make_unique<tls_entry>(tls_directory));
+}
+
+void tls_loader::execute(const bool is_attaching)
+{
+	std::lock_guard _(mutex_);
+
+	for (auto& entry : tls_entries_)
+	{
+		entry->execute(is_attaching);
+	}
+}
+
+tls_loader::tls_entry::tls_entry(IMAGE_TLS_DIRECTORY* tls_directory) : tls_directory_(tls_directory)
+{
+	this->tls_index_ = 18;//TlsAlloc();
+	*reinterpret_cast<DWORD*>(this->tls_directory_->AddressOfIndex) = this->tls_index_;
+
+	this->execute(true);
+}
+
+tls_loader::tls_entry::~tls_entry()
+{
+	//TlsFree(this->tls_index_);
+	this->allocator_.clear();
+}
+
+void tls_loader::tls_entry::execute(const bool is_attaching)
+{
+	if (is_attaching) this->attach();
+	else this->detach();
+}
+
+void tls_loader::tls_entry::attach()
+{
+	const size_t data_size = this->tls_directory_->EndAddressOfRawData - this->tls_directory_->StartAddressOfRawData;
+	const size_t size = data_size + this->tls_directory_->SizeOfZeroFill;
+	const auto data = this->allocator_.allocate(size);
+
+	std::memcpy(data, PVOID(this->tls_directory_->StartAddressOfRawData), data_size);
+
+	const auto tls_indices = reinterpret_cast<LPVOID*>(__readfsdword(0x2C));
+	tls_indices[this->tls_index_] = data;
+
+	auto callbacks = reinterpret_cast<PIMAGE_TLS_CALLBACK*>(this->tls_directory_->AddressOfCallBacks);
+	if (callbacks)
+	{
+		utils::nt::module self;
+
+		while (*callbacks)
+		{
+			(*callbacks)(self.get_ptr(), DLL_THREAD_ATTACH, nullptr);
+			++callbacks;
+		}
+	}
+}
+
+void tls_loader::tls_entry::detach()
+{
+	auto callbacks = reinterpret_cast<PIMAGE_TLS_CALLBACK*>(this->tls_directory_->AddressOfCallBacks);
+	if (callbacks)
+	{
+		utils::nt::module self;
+
+		while (*callbacks)
+		{
+			(*callbacks)(self.get_ptr(), DLL_THREAD_DETACH, nullptr);
+			++callbacks;
+		}
+	}
+
+	const auto tls_indices = reinterpret_cast<LPVOID*>(__readfsdword(0x2C));
+	const auto data = tls_indices[this->tls_index_];
+
+	//const auto data = TlsGetValue(this->tls_index_);
+	//this->allocator_.free(data);
+}
+
+tls_loader::tls_executer::tls_executer()
+{
+	execute(true);
+}
+
+tls_loader::tls_executer::~tls_executer()
+{
+	execute(false);
+}
--- a/src/loader/tls_loader.hpp
+++ b/src/loader/tls_loader.hpp
@ -0,0 +1,38 @@
+#pragma once
+#include "utils/memory.hpp"
+
+class tls_loader final
+{
+public:
+	class tls_executer final
+	{
+	public:
+		tls_executer();
+		~tls_executer();
+	};
+
+	static void handle(IMAGE_TLS_DIRECTORY* tls_directory);
+
+private:
+	class tls_entry final
+	{
+	public:
+		tls_entry(IMAGE_TLS_DIRECTORY* tls_directory);
+		~tls_entry();
+
+		void execute(bool is_attaching);
+
+	private:
+		utils::memory::allocator allocator_;
+		IMAGE_TLS_DIRECTORY* tls_directory_;
+		DWORD tls_index_;
+
+		void attach();
+		void detach();
+	};
+
+	static std::mutex mutex_;
+	static std::vector<std::unique_ptr<tls_entry>> tls_entries_;
+
+	static void execute(bool is_attaching);
+};