2.3.2 Tls

**Whalemarte** · 01-09-2008

For everyone who uses TLS based memory "scanners" the new TLS pointer is 0xE5C284. This is the method greyman used, posted here WoW.DeV • View topic - Proof of concept code - WoW memory reading . I have a post on page three that outlines my _getBaseOffset() method on page 3 without the win32 util files.

**raindog** · 01-11-2008

I prefer something like what follows, but greyman did a great job of explaining everything.

Code:

void SwapTlsData(DWORD ThreadId1, DWORD ThreadId2)
{
    __try
    {
        MMGetThreadTeb(ThreadId1)->ThreadLocalStoragePointer = MMGetThreadTeb(ThreadId2)->ThreadLocalStoragePointer;
    }
    __except(UnhandledExceptionFilter( GetExceptionInformation() ))
    {
        //ignore
    }
}

PTEB MMGetCurrentTeb()
{
    LPVOID pTeb = NULL;
    __asm
    {
        mov eax,fs:[00000018h]
        mov pTeb , eax
    }
    return (PTEB)pTeb;
}

PTEB MMGetThreadTeb(DWORD ThreadId)
{
    CONTEXT Context;
    LDT_ENTRY SelEntry;
    HANDLE hThread = OpenThread(THREAD_ALL_ACCESS,TRUE, ThreadId);
    if(!hThread)
        return NULL;
    Context.ContextFlags = CONTEXT_FULL | CONTEXT_DEBUG_REGISTERS;
    GetThreadContext(hThread,&Context);
    GetThreadSelectorEntry(hThread, Context.SegFs, &SelEntry);
    PTEB pTEB = (PTEB)(( SelEntry.HighWord.Bits.BaseHi << 24) | (SelEntry.HighWord.Bits.BaseMid << 16) | SelEntry.BaseLow);
    CloseHandle(hThread);
    return pTEB;
}

**Xarg0** · 01-28-2008

The tls pointer is still the same with 2.3.3 :-)

Shout-Out

User Tag List

Thread: 2.3.2 Tls

Thread Tools

Search Thread

2.3.2 Tls

Similar Threads

Get Player Base NO TLS + Delphi code [2.3.3]

Autoit source for TLS

TLS retrieve objet names??

Delphi source for TLS

TLS based offsets/adresses

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino