BWHacks - View Single Post

kolkoo · 09-19-2008, 02:33 PM

Yes, yes I can. Basically Warcraft III 's game processing threads use a pointer in their TLS (Thread Local Storage) records at index 0x1F. Of course this pointer is 0 for your thread because TLS records are unique for each thread and this is why when you call a W3 function even with perfect parameters and stack it may crash because it won't find the needed pointer when it tries to retrieve it from your thread's TLS records at index 0x1F. There are ways ( I won't mention here but there a few ) to retrieve another thread's tls value for a given index. After you've done that you can call any function in w3 you like and also check the current game state which is stored there.

09-19-2008, 02:33 PM	#24 (permalink)
kolkoo Mortal Join Date: Jun 2008 Posts: 9	Yes, yes I can. Basically Warcraft III 's game processing threads use a pointer in their TLS (Thread Local Storage) records at index 0x1F. Of course this pointer is 0 for your thread because TLS records are unique for each thread and this is why when you call a W3 function even with perfect parameters and stack it may crash because it won't find the needed pointer when it tries to retrieve it from your thread's TLS records at index 0x1F. There are ways ( I won't mention here but there a few ) to retrieve another thread's tls value for a given index. After you've done that you can call any function in w3 you like and also check the current game state which is stored there.
$kolkoo 15 0FF11\|\\|3$