After disassembling Starcraft 1.00, I know that BIN Dialogs are layed out like this:
-> Load dialog with dialog loop function.
The Menu dialog loop consist mainly of 4 cases.
0 = Main Dialog
1 = Standard Cancel
2 = Standard OK
10 = User Array
The "User Array" calls a function pointer in an array that I consider to be the "Control ID Index Array". It's used for menu or static dialogs that have control IDs above 0. This is where the overflow comes in, referencing a control ID beyond the bounds of the array.
For most BIN Dialogs, the control IDs are as follows:
0: Main Dialog
-2: OK
-3: Cancel
Positive: Function Array reference
Negative: Unused/Static index
Thoughts? Attempts?
I havn't tested it out yet.