Advanced tutorial with offsets,images, and working exploits included
The below posted are mixture of already posted and yet not fixed things. Some updated & extended WPE offsets and image included.
Note: All the numbers listed in the following image are in HEX (Hexadecimal)
Understanding WPE PRO:
WPE work always, anywhere, in any game. The only way for any server to protect you from using it is to scan your running processes, detect and autoban you. Here are some offsets and what they do (for WoTLK client 3.x.x):
WPE PRO packet offsets:
OFFSET 01-02 - PACKET ID
OFFSET 03-06 - PACKET OPCODE (In most cases you won’t be able to read/modify them directly and correctly, since most are encrypted with unknown algorithm so just ignore them usually)
OFFSET 03-06 - CHARACTER LOCATION: MAP ID
OFFSET 07-10 - CHARACTER LOCATION: ZONE ID
OFFSET 11-14 - CHARACTER LOCATION: AREA ID
OFFSET 15-16 - CHARACTER LOCATION: FIELD ID
OFFSET 04 - ACCOUNT STATUS
”Status list”
00 - normal
01-02 - unable to connect
03 - banned permamently
04-05 - wrong pass
06 - already logged in
07 - prepaid time expired
08 - parental control - cant login
09 - unable to validate game version
0A - Downloading
0B - unable to validate g ver
0C - temporary suspended
0D - unable to validate g ver
0E - Success!
0F - Access restricted by parental controls. BUTTON
10 - account locked
11 - trial period has expired
12 - attached to a battlenet account
13,14,15 - unable to connect
16 - temporary closed due to a changeback
17 - login via IGR
18 - temporary disabled (hacked account)
19 - this account has been locked but can be unlocked
1A - UNABLE TO CONNECT
1B - UNABLE TO CONNECT
1C - UNABLE TO CONNECT
1D - UNABLE TO CONNECT
1E - UNABLE TO CONNECT
1F - UNABLE TO CONNECT
20 - you must log with a battle.net acc pass
21 - Disconnected from server
22 - Disconnected from server
23 - Disconnected from server
24 - Disconnected from server
25 - Disconnected from server
26 - Disconnected from server
OFFSET 07 - ITEM MOVEMENT: DESTINATION BAG (to which bag you are moving your current item)
OFFSET 08 - ITEM MOVEMENT: DESTINATION SLOT] (to which slot in bag you are moving your current item)
OFFSET 09 - ITEM MOVEMENT: SOURCE BAG (the bag, in which is your item before being moved)
OFFSET 10 - ITEM MOVEMENT: SOURCE SLOT (the slot in bag, where your item is before being moved)
OFFSET 11 - CHARACTER CREATION: RACE (Modify this if you want to make from orc=>undead and get buggy SERVER-SIDE models)
OFFSET 12 - CHARACTER CREATION: CLASS
OFFSET 15-16 - QUEST ACCEPT/COMPLETE
OFFSET 17 - INSIDE GUILD BANK ITEM MOVEMENT (Moving items inside a tab in guild bank, see IDs image)
OFFSET 19 - TAXI FLIGHT PATH
OFFSET 22 - GLYPHS
OFFSET 24 - GUILD BANK SLOT => CHAR INV SLOT ITEM MOVEMENT
OFFSET 27 - VENDOR BUY => CHAR INV SLOT ITEM MOVEMENT (reference: first wotlk dupe mangos)
OFFSET 32 - VENDOR: BUY AMOUNT
OFFSET 40 - DISENCHANTING
OFFSET 15-16 - VENDOR: BUY ITEM ID
OFFSET 07 - SOCKET GEM IN ITEM WITH GEMSLOT (IDs for items with gem sockets are by order of aquiring of each item, record packets to find)
OFFSET 08-09 - SPELL CAST ID
OFFSET 11 - CHARACTER: TALENTS
OFFSET 15-16 - SEND BACK MAIL FEATURE: MAIL ID
OFFSET 19-20 - SEND BACK MAIL FEATURE: RECEPIENT GUID
OFFSET 07-08 - QUEST SHARE
OFFSET 04 - CHAT LANGUAGE
OFFSET 10-11 - CHARACTER INVENTORY: USE ITEM (SPELL ID)
OFFSET 44+X - CHARACTER STATUS - UNKNOWN (Not sure what exactly it does, seems to be related with character realm/PTR transfer or something.)
OFFSET 47+X - CHARACTER STATUS - (VALUES: 00 - NORMAL; 40 - FLAGGED FOR FORCE RENAME)
OFFSET 49+X - CHARACTER STATUS - (VALUES: 01 - LOCKED; 02 - NORMAL)
OFFSET 50+X - CHARACTER STATUS - (VALUES: 00 - NORMAL; 01 - FLAGGED FOR RE-CUSTOMIZE)
OFFSET 52+X - CHARACTER STATUS - (VALUES: 00 - NORMAL; 01 - FLAGGED FOR FACTION CHANGE)
OFFSET 56+X - CHARACTER STATUS - HUNTER PET (In this offset you get which pet will be displayed behind your character in the login screen. Values start from 02. Just visual and useless.)
OFFSET 12-13 - CLIENT PATCH (BUILD) VERSION (In this column you can modify your client’s version. To do so see your client build version and convert it to hex. Example: 3.0.9 (build 9551), convert 9551 to HEX, you get 4F 25)
OFFSET 07-10 - CHARACTER: USE WORLD GAME OBJECT (Here goes the IDs of all clickable objects like teleports, doors, and etc. You can for istance teleport by modifying these from one chair to another chair. Record packets of the objects to get their IDs first.)
OFFSET 07-10 - CHARACTER: AREA TRIGGER (Same as the one before, but for portals/map change triggers)
OFFSET 07-10 - CHARACTER: CHARACTER’S GUID
NOTE: X is the amount of letters in your character’s name (Example: Blaz - 4 letters, so X for you is 4). The character status offsets depend on the lenght of your character name. So if you have name with 4 letters, then the «flagged for forced rename» offset for you will be 51 (47+4=51).
If you want to find an offset - go and record packets, while doing the action you want to modify. It’s important for you to click «record» and «stop» as soon as the action start/ends to avoid flood packets, and DISABLE from WPE PRO’s options displaying «Recv» and «RecvFrom». After you record few packets, go and analyze on which offsets you get the same numbers while doing the same action. Then go and figure out the slot/item/object ID of the thing you want to modify using wowhead.com or the image above.
Remember that for quests, items and spells once you convert the ID to HEX you must SWAP it. Let’s take
Imbued Scourge Shroud , the ID is 34782, converted to HEX this is 87DE. In WPE it should be: DE 87. Also if you deal with less than 4 numbers - like Death Touch , it should be 05 00 in WPE.
Also, most people ask - how you do discover a dupe? Dupes on MaNGOS are most easily discovered by getting «Item save failed!» conflict by sending items to invalid slots, so the system cannot save them. The tricky part is to figure out the «buggy slot» - a bag placing slot, keyring, hunter bag, invalid char slot (255) and so on. Just keep testing.
Many people have troubles since WotLK duping emblems/marks, since now they are hold in a hidden bag, which, however, is still accesible. If you need to access this «hidden» bag (if you need to dupe emblems/marks which are otherwise in the «Currency tab») you can use this script
/script OpenBag(-4)
Then while holding the hidden bag open, go to your bank, and just Right-click the items you want in the hidden bag and they will go inside your bank. Once the emblems/marks are in the bank, you can move/unstack/etc them as normal items.
You can try putting other values too in the ( ).
EXPLOITS:
1. Istance reset:
Go inside a dungeon, for example normal 10 difficulty, and then invite in the raid someone who outside. If this someone change dungeon difficulty and people inside dungeon make logout (ALT+F4) - instance will reset, wiping CD of inside players.
2. Undetected invisiblity / teleport:
Old posted WPE filter. Useful for passing through doors/objects/mobs. What it does is to block a whole protocol (GO FIX THIS IF YOU CAN HEHE), and the server is told that your character is teleported somewhere elsewhere, while clientside, you are wherever you actually are. This one is like a charm for me!
OFFSET 10 19 20 21
SEARCH 00
MODIFY 00 00 00
3. Invisibility via quest item buff:
Imbued Scourge Shroud
4. Invisibility via taxi flight:
Just get some DoTs and get on a taxi - if you die while flying, you will be teleported to nearest graveyard, still on the fly mount. After reviving, you will be able to partially see everything around you, but none can attack you, neither you can.
5. Non-stop stunning:
Only for DKs, very mad at pvp/pve - Keleseth's Persuader
6. 30s CC at any mob, NPC, player:
Sablemane's Sleeping Powder
7. Understand language filter:
Alliance hear Horde:
OFFSET 04
SEARCH 01
MODIFY 00
Horde hear Alliance:
OFFSET 04
SEARCH 07
MODIFY 00
8. One hit kill (with any class):
I think I already have posted this on a random post. Basically, I figured out this when I used a UDB DB with a bugged version of warrior spell «Shattering Throw» which used to do like 6-7 damage.
Then I got this debuff (Curse of Weakness) (NOTE: in wowhead it does not say that it applies you -40 DMG AURA, but ingame tooltip DOES).
The mob which casts it is Wandering Shadow
After you get the debuff, get some spell, which increases your dmg by % (like warrior’s Wrecking Crew, then while having both the debuff and +% aura spell cast Shattering Throw (or whatever spell which does LOWER DAMAGE THAN 40), and you should hit for some huge billions. Just try to reproduce with another class the same way.
Explanation: MaNGOS are morons, so are their damage handling formulas. After you get the debuff, your low damage spell does «negative damage» and when you apply on yourself the +% dmg buff, you convert this huge negative numbers into positive.
9. Quest swapping:
Full quest swapping is not possible. From what I’ve little tested you are able to only successfully swap one auto complete quest to another auto complete quest. For instance (this is working one) The Path of the Conqueror to The Might of Kalimdor
However, note that, you do get quest gold, XP and other rewards, but items for some reason are not awarded, but the system flags you as «has finished the quest» so you can move to the next one if they are in quest chain. To get IDs use wowhead IDs, and then convert them to hex with calculator and remember to swap their places.
Filter:
OFFSET 15 16
SEARCH
MODIFY
10. Bugged character skins server side:
Yet another old good TBC-times filter. By swapping the right skin/head color you can things like green undead (if you’re swapping orc=>undead). The trick is that, let’s say orcs have 7 default hairstyles, but undeads only 4, so if you manage to hit the right one, you get the buggy model. No need to do it with WPE, only ingame change hairstyles and face features until you get the buggy one. Look at image for IDs.
FILTER:
OFFSET 11
SEARCH
MODIFY
11. Spell Power:
All spells, items and abilites, which do spell damage or NATURE damage DO gain from your spell power. This applies to rogue poisons and especially death knights and even hunters (6k arcane shots).
12. Spell Reflection:
If you are a warrior and pop Spell Reflection it always reflects the full duration of CCs to the caster (1min sheep; 1min repentance), very useful in arena.
13. Beacon of Light:
If you are a paladin, and put on your partner beacon of light, and he takes damage keep healing yourself, the healings will ignore LoS (Line of Sight) and ANY healing reduction effects. Useful in arena.
14. Mind Control & Enslave:
Mind Controlling non-MC-immune mobs in instances (note that DB devs love to forget putting immunity mechanics on some bosses when they are first implented in the DB). As you know most trash mobs in instances have really power abilities, which you can use once you MC them and farm the whole instance... and yeah I still find non-MC immune trashes in high end DBs and raid instances.
15. Pass through any door/object:
Go in front of the door you would like to pass through, hit ALT+F4 (or just relog) and the very moment you log back again run forward. After few tries you should be able to pass through any game object/door. Most notable and useful in instances with locked doors.
16. NO GCD spells:
Just swap a spell which has NO GCD with the one you want to don’t have GCD, like mage: counterspell => arcane explosion (this should work with some hunter pets too, nuking people for seconds down)
Filter for mage example:
OFFSET 08 09
SEARCH 5B 08
MODIFY A9 A7
17. Glyph hack:
This one I actually discovered while recording the glyph slots. Basically, you can have all your class glyphs equipped at the same time.
First look at the image for IDs. So lets say if you want to hack glyph slot 05 (it mus be empty), you make filter:
OFFSET 22
SEARCH 05
MODIFY 06
Activate the filter and put your glyph to slot 05, it will just disappear in it, granting you the benefit.
Now go back to your filter and in MODIFY change «06» to «07», activate, and put another glyph again to slot 05, it again disappears and grant effect.
Then go back again to your filter in MODIFY change «07» to «08» and put the next glyph and so on.
Note: If you don’t change (increase) the number in MODIFY for each new glyph, you want to stack, it won’t work. The trick is to «send» every glyph to a «new slot» by increasing the number in MODIFY.
Sadly, the extra glyphs effects are reset each time you log out and you can’t stack the same glyph more than once (but you can get all the different glyphs equipped at the same time).
18. Bypass «Flagged for rename»:
If some GM decides to force you to rename your character with this filter you can bypass it. NOTE: this is the version for char name with 4 letters, see offsets above in red for more info:
OFFSET 51
SEARCH 40
MODIFY 00
This works with locked/banned characters too (characters, NOT accounts!)
19. Find any character’s GUID:
Add the the victim’s character name to your ignore list. Run WPE, start recording packets, then unignore the victim. Stop recording in WPE, now go and search for packet with size of 14 and look in it offsets 7/8/9/ - this is where the GUID goes. If you are getting spammed with many packets, make a new char, go to somewhere desolate, remove everyone from your friends list, and leave all chats (/leave 1, /leave 2, /leave 3, /leave world, etc.) - now you should get only about 4-5 packets.
20. Go through enemy portals
Just use WEH, and turn on faction change, after that (you may need relog), go through the portal.
Author: dreadlox