Reversing TLS Callbacks with pefile and Immunity Debugger
tlsloader.py is python script that can be used as a PyCommand within Immunity Debugger to load a PE file, set breakpoints on all TLS callback functions, and stop execution at the first TLS callback function. Just place it within the PyCommands directory and type
!tlsloader <path_to_file> in the command box to run it. Additional details will be written to the Log window (Alt + L).