Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10

    [Guide] WPE with WoW, offsets, slots, images, explanations

    Advanced tutorial with offsets,images, and working exploits included

    The below posted are mixture of already posted and yet not fixed things. Some updated & extended WPE offsets and image included.
    Note: All the numbers listed in the following image are in HEX (Hexadecimal)



















    Understanding WPE PRO:
    WPE work always, anywhere, in any game. The only way for any server to protect you from using it is to scan your running processes, detect and autoban you. Here are some offsets and what they do (for WoTLK client 3.x.x):

    WPE PRO packet offsets:

    OFFSET 01-02 - PACKET ID
    OFFSET 03-06 - PACKET OPCODE (In most cases you won’t be able to read/modify them directly and correctly, since most are encrypted with unknown algorithm so just ignore them usually)
    OFFSET 03-06 - CHARACTER LOCATION: MAP ID
    OFFSET 07-10 - CHARACTER LOCATION: ZONE ID
    OFFSET 11-14 - CHARACTER LOCATION: AREA ID
    OFFSET 15-16 - CHARACTER LOCATION: FIELD ID
    OFFSET 04 - ACCOUNT STATUS

    ”Status list”


    OFFSET 07 - ITEM MOVEMENT: DESTINATION BAG (to which bag you are moving your current item)
    OFFSET 08 - ITEM MOVEMENT: DESTINATION SLOT] (to which slot in bag you are moving your current item)
    OFFSET 09 - ITEM MOVEMENT: SOURCE BAG (the bag, in which is your item before being moved)
    OFFSET 10 - ITEM MOVEMENT: SOURCE SLOT (the slot in bag, where your item is before being moved)
    OFFSET 11 - CHARACTER CREATION: RACE (Modify this if you want to make from orc=>undead and get buggy SERVER-SIDE models)
    OFFSET 12 - CHARACTER CREATION: CLASS
    OFFSET 15-16 - QUEST ACCEPT/COMPLETE
    OFFSET 17 - INSIDE GUILD BANK ITEM MOVEMENT (Moving items inside a tab in guild bank, see IDs image)
    OFFSET 19 - TAXI FLIGHT PATH
    OFFSET 22 - GLYPHS
    OFFSET 24 - GUILD BANK SLOT => CHAR INV SLOT ITEM MOVEMENT
    OFFSET 27 - VENDOR BUY => CHAR INV SLOT ITEM MOVEMENT (reference: first wotlk dupe mangos)
    OFFSET 32 - VENDOR: BUY AMOUNT
    OFFSET 40 - DISENCHANTING
    OFFSET 15-16 - VENDOR: BUY ITEM ID
    OFFSET 07 - SOCKET GEM IN ITEM WITH GEMSLOT (IDs for items with gem sockets are by order of aquiring of each item, record packets to find)
    OFFSET 08-09 - SPELL CAST ID
    OFFSET 11 - CHARACTER: TALENTS
    OFFSET 15-16 - SEND BACK MAIL FEATURE: MAIL ID
    OFFSET 19-20 - SEND BACK MAIL FEATURE: RECEPIENT GUID
    OFFSET 07-08 - QUEST SHARE
    OFFSET 04 - CHAT LANGUAGE
    OFFSET 10-11 - CHARACTER INVENTORY: USE ITEM (SPELL ID)
    OFFSET 44+X - CHARACTER STATUS - UNKNOWN (Not sure what exactly it does, seems to be related with character realm/PTR transfer or something.)
    OFFSET 47+X - CHARACTER STATUS - (VALUES: 00 - NORMAL; 40 - FLAGGED FOR FORCE RENAME)
    OFFSET 49+X - CHARACTER STATUS - (VALUES: 01 - LOCKED; 02 - NORMAL)
    OFFSET 50+X - CHARACTER STATUS - (VALUES: 00 - NORMAL; 01 - FLAGGED FOR RE-CUSTOMIZE)
    OFFSET 52+X - CHARACTER STATUS - (VALUES: 00 - NORMAL; 01 - FLAGGED FOR FACTION CHANGE)
    OFFSET 56+X - CHARACTER STATUS - HUNTER PET (In this offset you get which pet will be displayed behind your character in the login screen. Values start from 02. Just visual and useless.)
    OFFSET 12-13 - CLIENT PATCH (BUILD) VERSION (In this column you can modify your client’s version. To do so see your client build version and convert it to hex. Example: 3.0.9 (build 9551), convert 9551 to HEX, you get 4F 25)
    OFFSET 07-10 - CHARACTER: USE WORLD GAME OBJECT (Here goes the IDs of all clickable objects like teleports, doors, and etc. You can for istance teleport by modifying these from one chair to another chair. Record packets of the objects to get their IDs first.)
    OFFSET 07-10 - CHARACTER: AREA TRIGGER (Same as the one before, but for portals/map change triggers)
    OFFSET 07-10 - CHARACTER: CHARACTER’S GUID

    NOTE: X is the amount of letters in your character’s name (Example: Blaz - 4 letters, so X for you is 4). The character status offsets depend on the lenght of your character name. So if you have name with 4 letters, then the «flagged for forced rename» offset for you will be 51 (47+4=51).

    If you want to find an offset - go and record packets, while doing the action you want to modify. It’s important for you to click «record» and «stop» as soon as the action start/ends to avoid flood packets, and DISABLE from WPE PRO’s options displaying «Recv» and «RecvFrom». After you record few packets, go and analyze on which offsets you get the same numbers while doing the same action. Then go and figure out the slot/item/object ID of the thing you want to modify using wowhead.com or the image above.

    Remember that for quests, items and spells once you convert the ID to HEX you must SWAP it. Let’s take
    Imbued Scourge Shroud , the ID is 34782, converted to HEX this is 87DE. In WPE it should be: DE 87. Also if you deal with less than 4 numbers - like Death Touch , it should be 05 00 in WPE.

    Also, most people ask - how you do discover a dupe? Dupes on MaNGOS are most easily discovered by getting «Item save failed!» conflict by sending items to invalid slots, so the system cannot save them. The tricky part is to figure out the «buggy slot» - a bag placing slot, keyring, hunter bag, invalid char slot (255) and so on. Just keep testing.

    Many people have troubles since WotLK duping emblems/marks, since now they are hold in a hidden bag, which, however, is still accesible. If you need to access this «hidden» bag (if you need to dupe emblems/marks which are otherwise in the «Currency tab») you can use this script

    /script OpenBag(-4)

    Then while holding the hidden bag open, go to your bank, and just Right-click the items you want in the hidden bag and they will go inside your bank. Once the emblems/marks are in the bank, you can move/unstack/etc them as normal items.

    You can try putting other values too in the ( ).


    EXPLOITS:

    1. Istance reset:
    Go inside a dungeon, for example normal 10 difficulty, and then invite in the raid someone who outside. If this someone change dungeon difficulty and people inside dungeon make logout (ALT+F4) - instance will reset, wiping CD of inside players.

    2. Undetected invisiblity / teleport:
    Old posted WPE filter. Useful for passing through doors/objects/mobs. What it does is to block a whole protocol (GO FIX THIS IF YOU CAN HEHE), and the server is told that your character is teleported somewhere elsewhere, while clientside, you are wherever you actually are. This one is like a charm for me!

    OFFSET 10 19 20 21
    SEARCH 00
    MODIFY 00 00 00


    3. Invisibility via quest item buff:
    Imbued Scourge Shroud

    4. Invisibility via taxi flight:
    Just get some DoTs and get on a taxi - if you die while flying, you will be teleported to nearest graveyard, still on the fly mount. After reviving, you will be able to partially see everything around you, but none can attack you, neither you can.

    5. Non-stop stunning:
    Only for DKs, very mad at pvp/pve - Keleseth's Persuader

    6. 30s CC at any mob, NPC, player:

    Sablemane's Sleeping Powder

    7. Understand language filter:
    Alliance hear Horde:

    OFFSET 04
    SEARCH 01
    MODIFY 00


    Horde hear Alliance:

    OFFSET 04
    SEARCH 07
    MODIFY 00


    8. One hit kill (with any class):
    I think I already have posted this on a random post. Basically, I figured out this when I used a UDB DB with a bugged version of warrior spell «Shattering Throw» which used to do like 6-7 damage.

    Then I got this debuff (Curse of Weakness) (NOTE: in wowhead it does not say that it applies you -40 DMG AURA, but ingame tooltip DOES).

    The mob which casts it is Wandering Shadow

    After you get the debuff, get some spell, which increases your dmg by % (like warrior’s Wrecking Crew, then while having both the debuff and +% aura spell cast Shattering Throw (or whatever spell which does LOWER DAMAGE THAN 40), and you should hit for some huge billions. Just try to reproduce with another class the same way.

    Explanation: MaNGOS are morons, so are their damage handling formulas. After you get the debuff, your low damage spell does «negative damage» and when you apply on yourself the +% dmg buff, you convert this huge negative numbers into positive.

    9. Quest swapping:
    Full quest swapping is not possible. From what I’ve little tested you are able to only successfully swap one auto complete quest to another auto complete quest. For instance (this is working one) The Path of the Conqueror to The Might of Kalimdor

    However, note that, you do get quest gold, XP and other rewards, but items for some reason are not awarded, but the system flags you as «has finished the quest» so you can move to the next one if they are in quest chain. To get IDs use wowhead IDs, and then convert them to hex with calculator and remember to swap their places.

    Filter:

    OFFSET 15 16
    SEARCH
    MODIFY


    10. Bugged character skins server side:
    Yet another old good TBC-times filter. By swapping the right skin/head color you can things like green undead (if you’re swapping orc=>undead). The trick is that, let’s say orcs have 7 default hairstyles, but undeads only 4, so if you manage to hit the right one, you get the buggy model. No need to do it with WPE, only ingame change hairstyles and face features until you get the buggy one. Look at image for IDs.

    FILTER:

    OFFSET 11
    SEARCH
    MODIFY


    11. Spell Power:
    All spells, items and abilites, which do spell damage or NATURE damage DO gain from your spell power. This applies to rogue poisons and especially death knights and even hunters (6k arcane shots).

    12. Spell Reflection:
    If you are a warrior and pop Spell Reflection it always reflects the full duration of CCs to the caster (1min sheep; 1min repentance), very useful in arena.

    13. Beacon of Light:
    If you are a paladin, and put on your partner beacon of light, and he takes damage keep healing yourself, the healings will ignore LoS (Line of Sight) and ANY healing reduction effects. Useful in arena.

    14. Mind Control & Enslave:
    Mind Controlling non-MC-immune mobs in instances (note that DB devs love to forget putting immunity mechanics on some bosses when they are first implented in the DB). As you know most trash mobs in instances have really power abilities, which you can use once you MC them and farm the whole instance... and yeah I still find non-MC immune trashes in high end DBs and raid instances.

    15. Pass through any door/object:
    Go in front of the door you would like to pass through, hit ALT+F4 (or just relog) and the very moment you log back again run forward. After few tries you should be able to pass through any game object/door. Most notable and useful in instances with locked doors.

    16. NO GCD spells:
    Just swap a spell which has NO GCD with the one you want to don’t have GCD, like mage: counterspell => arcane explosion (this should work with some hunter pets too, nuking people for seconds down)

    Filter for mage example:


    OFFSET 08 09
    SEARCH 5B 08
    MODIFY A9 A7


    17. Glyph hack:
    This one I actually discovered while recording the glyph slots. Basically, you can have all your class glyphs equipped at the same time.

    First look at the image for IDs. So lets say if you want to hack glyph slot 05 (it mus be empty), you make filter:

    OFFSET 22
    SEARCH 05
    MODIFY 06


    Activate the filter and put your glyph to slot 05, it will just disappear in it, granting you the benefit.
    Now go back to your filter and in MODIFY change «06» to «07», activate, and put another glyph again to slot 05, it again disappears and grant effect.
    Then go back again to your filter in MODIFY change «07» to «08» and put the next glyph and so on.

    Note: If you don’t change (increase) the number in MODIFY for each new glyph, you want to stack, it won’t work. The trick is to «send» every glyph to a «new slot» by increasing the number in MODIFY.

    Sadly, the extra glyphs effects are reset each time you log out and you can’t stack the same glyph more than once (but you can get all the different glyphs equipped at the same time).

    18. Bypass «Flagged for rename»:
    If some GM decides to force you to rename your character with this filter you can bypass it. NOTE: this is the version for char name with 4 letters, see offsets above in red for more info:


    OFFSET 51
    SEARCH 40
    MODIFY 00


    This works with locked/banned characters too (characters, NOT accounts!)

    19. Find any character’s GUID:
    Add the the victim’s character name to your ignore list. Run WPE, start recording packets, then unignore the victim. Stop recording in WPE, now go and search for packet with size of 14 and look in it offsets 7/8/9/ - this is where the GUID goes. If you are getting spammed with many packets, make a new char, go to somewhere desolate, remove everyone from your friends list, and leave all chats (/leave 1, /leave 2, /leave 3, /leave world, etc.) - now you should get only about 4-5 packets.

    20. Go through enemy portals
    Just use WEH, and turn on faction change, after that (you may need relog), go through the portal.
    Author: dreadlox
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  2. The Following 2 Users Say Thank You to Dwar For This Useful Post:


  3. #2
    bobjob
    bobjob is offline
    Guest
    Join Date
    2010 Aug
    Posts
    1
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    Re: [Guide] WPE with WoW, offsets, slots, images, explanatio

    Спасибо, очень полезный постдля читеров )))
    https://wowcircle.com/ - на этом сервере знает кто-нибудь фиьтры работающие ?

  4. #3
    LuckyP
    LuckyP is offline
    Guest
    Join Date
    2010 Oct
    Posts
    1
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    Re: [Guide] WPE with WoW, offsets, slots, images, explanatio

    Best WPE Tutorial i've evaaar seen

  5. #4
    exonist
    exonist is offline
    New member
    Join Date
    2010 Oct
    Posts
    9
    Thanks Thanks Given 
    4
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    Re: [Guide] WPE with WoW, offsets, slots, images, explanatio

    Sorry but most of this aren't work on offizial servers :/ only pserver

  6. #5
    billylo22
    billylo22 is offline
    New member
    Join Date
    2010 Oct
    Posts
    7
    Thanks Thanks Given 
    1
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    Re: [Guide] WPE with WoW, offsets, slots, images, explanatio

    sorry ,will we get banned if use on blizzard server ?

  7. #6
    exonist
    exonist is offline
    New member
    Join Date
    2010 Oct
    Posts
    9
    Thanks Thanks Given 
    4
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    Re: [Guide] WPE with WoW, offsets, slots, images, explanatio

    Yes you'll get banned

  8. #7
    coolninja
    coolninja is offline
    New member
    Join Date
    2011 Apr
    Posts
    10
    Thanks Thanks Given 
    1
    Thanks Thanks Received 
    2
    Thanked in
    1 Post
    Rep Power
    0
    Dwar, gosh, you are totally out of my expectation...
    I thought you're only pro in cracking,
    didn't know that you are also expert in PE-ing...
    Woah......

  9. #8
    xeph20
    xeph20 is offline
    Guest
    Join Date
    2011 May
    Posts
    1
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    Quote Originally Posted by coolninja View Post
    Dwar, gosh, you are totally out of my expectation...
    I thought you're only pro in cracking,
    didn't know that you are also expert in PE-ing...
    Woah......

    because he did not create that guide
    as u see on the bottom author : dreadlox

    dreadlox from Deathsoft created it

    it is indeed a nice piece of art

    (if you click the name dreadlox you can see the official topic ^^)

  10. #9
    louis_
    louis_ is offline
    New member
    Join Date
    2012 Feb
    Posts
    22
    Thanks Thanks Given 
    17
    Thanks Thanks Received 
    4
    Thanked in
    4 Posts
    Rep Power
    0
    Nice WpE tutorial
    unfortunately can't use on blizzard servers

  11. #10
    dolhaps2000
    dolhaps2000 is offline
    Guest
    Join Date
    2012 Sep
    Posts
    3
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    can you help to find my offset on dll??

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •