2.4.3 Offsets & Pointers menu

User Tag List

Page 1 of 5 12345 LastLast
Results 1 to 15 of 61
  1. #1
    Cursed's Avatar Contributor
    Reputation
    270
    Join Date
    Jun 2007
    Posts
    1,380
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    2.4.3 Offsets & Pointers

    I know there is a thread about this, but this one contains a bunch more (Ofc already known by Chaz, kynox etc. )
    Credits to Arigity on Deathsoft.com


    camera pointer is a double pointer! first offset is 732c second offset points to what you want with the camera (because i'm lazy i am not going to expand on this, i will leave finding specific offsets to you) one offset i do know (thanks to kynox) is 100 which is camera Z, if your interested in expanding on it, you might find this to be helpful.


    0x00C6ECCC camera pointer (2.4.3)
    0x00DDEFF4 camera pointer (2.4.2)



    0x00E29D28 2.4.3 player base
    0x00E8AA38 2.4.2 player base
    0x00E849E0 2.4.1 player base
    0x00E7D9E0 2.4.0 player base



    2.4.3 static addresses

    0x008C8398 Mountain Climb angle default value 0.6427 (float)
    0x00BC4AF8 fall speed, 60.1480026245117 default value (float) set to to -1 and you fall up biggrin.gif
    0x008C8458 gravity, 19.2911033630371 default value (double)
    0x00890608 game speed, 0.00100000004749745 default value (double)
    0x0089060B game speed 2, 1.02048421388683E253 default value (double) messing with this will freeze time
    0x00890750 speed of time, 1000 default value (double) time moves faster, you appear slower
    0x0088D5E8 rendering, 0.5 default value (double) ****s shit up. but fun to screw with, ( 0.2 and 2 D: )



    2.4.3 patches

    0x006A4B6E walk through GO's (highlight able). (0x968B1D74) default value 4 byte {HEX}. (0x968B1DEB) to walk through!
    0x006A49FE walk through GO's (non-highlight). (0x00B3840F) default value 4 byte {HEX}. (0x0000B4E9) to walk through!
    0x006AC9EA walk through buildings (0xC0320675) default value 4 byte {HEX}. (0xC0329090) to walk through!
    0x007B98DE jump patch (0x46F64175) default value 4 byte {HEX} change to (0x46F60075) for infinite jumps!



    2.4.2 static addresses

    0x008A00C8 MC angle default value 0.6427 (float)
    0x00949694 fall speed 60.148 default value (float)
    0x008ADAE0 gravity 19.2911 default value (double)
    0x0088D5B8 Rendering 0,5 default value (double)
    0x008D86F0 Velocity (Jump Height) -7,9555473327637 default value (float)



    2.4.2 patches

    0x0052312E walk through GO's(highlightable) (0x968B1D74) default value 4 byte {HEX}. (0x968B1DEB) to walk through!
    0x00522FBE walk through GO's (non-highlight) (0x00B3840F) default value 4 byte {HEX}. (0x0000B4E9) to walk through!
    0x0052A9DA walk through buildings (0xC0320675) default value 4 byte {HEX}. (0xC0329090) to walk through!
    0x0076024E jump patch (0x46F64175) default value 4 byte {HEX} change to (0x46F60075) for infinite jumps!



    2.4.1 static addresses *ill get to it later*



    2.4.1 patches

    0x00522CEE walk through GO's(highlightable) (0x968B1D74) default value 4 byte {HEX}. (0x968B1DEB) to walk through!
    0x00522B7E walk through GO's (non-highlight) (0x00B3840F) default value 4 byte {HEX}. (0x0000B4E9) to walk through!
    0x0052A56A walk through buildings (0xC0320675) default value 4 byte {HEX}. (0xC0329090) to walk through!
    0x0075EDDE jump patch (0x46F64175) default value 4 byte {HEX} change to (0x46F60075) for infinite jumps!



    2.4.0 static addresses *later*



    2.4.0 patches

    0x00522D3E walk through GO's(highlightable) (0x968B1D74) default value 4 byte {HEX}. (0x968B1DEB) to walk through!
    0x00522BCE walk through GO's (non-highlight) (0x00B3840F) default value 4 byte {HEX}. (0x0000B4E9) to walk through!
    0x0052A5BA collision WMO (0xC0320675) default value 4 byte {HEX}. (0xC0329090) to walk through!
    0x0075F29E jump patch (0x46F64175) default value 4 byte {HEX} change to (0x46F60075) for infinite jumps!



    Most movement related offsets *grey ones have a decent use*


    C00 points to vertical orientation, no default value (float)
    C20 points to movement state 0 default value (4 byte) {HEX}
    C23 points to player state 128 default value (4 bytes)
    C28 points to starting X point, X coord default value (float)
    C2C points to starting Y point, Y coord default value (float)
    C30 points to height in water, no default value (float)
    C34 points to starting orientation , no default value (float) *point at which you start*
    C38 points to starting V orientation, no default value (float) *point at which you start*
    C3C points to odd movement thing, no default value (double)
    C40 points to forward movement angle, no default value (float)
    C44 points to forward movement angle, no default value (float)
    C48 points to turning movement angle, no default value (float)
    C4C points to turning movement angle, no default value (float)
    C50 points to turning movement angle, no default value (float)
    C54 points to allowed to turn while moving, no default value (float) *test*
    C5C points to fall time, 824 default value (4 byte) *effects how much fall damage you take*
    C60 points to starting Z point, Z coord, default (float) *jump starting position*
    C68 points to current speed, no default value (float) *effects all other speeds also while moving!*
    C6C points to walk speed 2.5 default value (float)
    C70 points to run(forward) 7 default value (float)
    C74 points to run(backward) 4.5 default value (float)
    C78 points to swim(forward) 4.72222185134888 default value (Float)
    C7C points to swim(backward) 2.5 default value (float)
    C80 points to flying speed 7 default value (float) *changes forward and backward*
    C84 points to flying speed(backward) 4.5 default value (float)
    C88 points to turning speed, 3.14 default value (float)
    C8C points to jump height, -7.955547 default value *after jump* (float)

    CB0 points to player... thing, 1 default value (float) *set to 200 to climb most things similar to wall climb* (still tryin ta figure this 1 out)


    player size

    CA8 points to width (as in how fat), 0.2777 default value (float) *set it to 0 to noclip through ANYTHING (includes floor XD)*
    CAC points to height (as in how tall), 2.25 default value (float)
    9C points to player scale, 1 default value (float)



    location

    BEC points to map ID, no default value (4 byte) *not entirely sure*
    BF0 points to X coord, no default value (float)
    BF4 points to Y coord, no default value (float)
    BF8 points to Z coord, no default value (float)
    BFC points to orientation, no default value (float)



    MISC

    3AC8 points to hunter tracking, 0 default value (byte)
    28E4 points to emote state, 0 default value (4 byte)
    26CC points to player faction, no default value (4 byte)
    F40 points to casting spell, 0 default value (4 byte)



    0x00DA563C address
    80 points to can mount, no default value (byte)




    here are also some notes i took on it.


    movement state


    movement state can be used to unroot you, if you ever find yourself rooted. just set it to 00000000 (8 0's) and you will be unrooted, this counts for logging out root/gm root/griffen riding root (unrooting yourself while on a griffen has some weird effects,)

    0x1 = Moving Forward
    0x2 = Moving Backward
    0x4 = Strafing Left
    0x8 = Strafing Right
    0x10 = Turning Left
    0x20 = Turning Right
    0x100 = Walking
    0x400 = floaty thing
    0x1000 = falling
    0x4000 = Fall Forwards
    0x8000 = Fall Backwards
    0x2000 = Freefall/Jumping
    0x10000 = Strafing while jumping
    0x200000 = Swimming
    0x10000000 = Spirit Form
    0x80000000 = Unknown

    *note: 0x400 in particular interests me, it lets you levitate at the same height, you can go up but never down, it basically lets you walk on air at the same height you are at, (example, im on a cliff. i walk off cliff, instead of falling, i still walk at the same height as before)*


    player state


    1 = flyhack (can land)
    2 = flyhack (can't land *swim-like*)
    16 = whisp * walk on water*
    64 = floating (levitate)
    80 = (floaty dead?)
    128 = normal
    129 = (flyhack actual gm-like value)
    130 = (flyhack *theres alot of different ones heres another, swim-like*)
    144 = (dead) *walk on water*
    160 = slow fall



    hunter tracking


    0 = Nothing
    1 = Beasts
    2 = Dragonkin
    4 = Demons
    8 = Elementals
    16 = Giants
    32 = Undead
    64 = Humanoids
    132 = Misc
    255 = Everything





    emote state


    0 = None
    1 = Talk
    2 = Bow
    3 = Wave
    4 = Cheer
    5 = Exclamation
    6 = Question
    7 = Eat
    10 = Emote State Dance
    11 = Laugh
    12 = Emote State Sleep
    13 = Emote State Sit
    14 = Rude
    15 = Roar

    16 = Kneel
    17 = Kiss
    18 = Cry
    19 = Chicken
    20 = Beg
    21 = Applouad
    22 = Shout
    23 = Flex
    24 = Shy
    25 = Point
    26 = stand
    27 = ready unarmed
    28 = work
    29 = point
    30 = none
    33 = Wound
    34 = wound critical
    35 = attack unarmed
    36 = attack 1h
    37 = attack 2h tight
    38 = attack 2h loose
    39 = parry unarmed
    43 = parry shield
    44 = ready unarmed
    45 = ready 1h
    48 = ready bow
    50 = spell precast
    51 = spell cast
    53 = battle roar
    54 = special attack 1h
    60 = Kick
    61 = attack thrown
    64 = Stun
    65 = Dead
    66 = Salute
    68 = Kneel
    69 = use standing
    70 = wave no sheath
    71 = cheer no sheath
    92 = eat no sheath
    93 = stun no sheath
    94 = Dance
    113 = salute no sheath
    133 = use standing no sheath
    153 = laugh no sheath
    173 = work no sheath
    193 = spell precast
    213 = ready rifle
    214 = ready rifle
    233 = work no sheath mining
    234 = work no sheath choping
    253 = lightOff (old)
    254 =LiftOff
    273 = Yes
    274 = No
    275 = Train
    293 = Land
    313 = at ease
    333 = ready 1h
    353 = spell kneel start
    373 = submerged
    374 = sumberge
    375 = ready 2h
    376 = ready bow
    377 = MountSpecial
    378 = Talk
    379 = Fishing
    380 = Fishing
    381 = Loot
    382 = whirlwind
    383 = drowned
    384 = hold bow
    385 = hold rifle
    386 = hold thrown
    387 = drown
    388 = stomp
    389 = attack off
    390 = attack off pierce
    391 = roar
    392 = laugh
    393 = creature special
    394 = JumpLandRun
    395 = JumpLand
    396 = talk no sheath
    397 = point no sheath
    398 = cannibalize
    399 = Jumpstart
    400 = DanceSpecial (Human Only)
    401 = DanceSpecial (Human Only)
    402 = custom spell 1
    403 = custom spell 2
    404 = custom spell 3
    405 = custom spell 4
    406 = custom spell 5
    407 = custom spell 6
    408 = custom spell 7
    409 = custom spell 8
    410 = custom spell 9
    411 = custom spell 10
    412 = Execlaim
    415 = Sit Chair




    also, the lower the value of the mountain climb angle the steeper the angle you can climb.
    Last edited by Jadd; 05-22-2016 at 06:40 PM. Reason: Made readable.

    2.4.3 Offsets & Pointers
  2. #2
    object's Avatar Member
    Reputation
    5
    Join Date
    Aug 2008
    Posts
    13
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Maybe I missed it, but you don't seem to give the base address to the :

    Most movement related offsets

  3. #3
    arigity's Avatar Banned
    Reputation
    49
    Join Date
    Dec 2007
    Posts
    548
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    at the top in red.

    0x00E29D28 2.4.3 player base



  4. #4
    kynox's Avatar Account not activated by Email
    Reputation
    830
    Join Date
    Dec 2006
    Posts
    888
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Some stuff from me:

    Code:
    class CMovementInfo;
    class CObject;
    class CModelInfo;
    
    class CMovementInfo
    {
    public:
            char unknown0[16]; //0x0000
        idVec3 vecPos; //0x0010  
        float fHeading; //0x001C  
            char unknown32[24]; //0x0020
        WOWGUID wTransportGuid; //0x0038  
        DWORD dwMoveFlags; //0x0040  
        DWORD dwMoveFlags2; //0x0044  This is a weird one, only one byte seems to be used. 
            char unknown72[20]; //0x0048
        DWORD dwTimeMoved; //0x005C  
            char unknown96[12]; //0x0060
        float fSinAngle; //0x006C  
        float fCosAngle; //0x0070  
            char unknown116[8]; //0x0074
        DWORD dwFallTime; //0x007C  
        float fFallStartHeight; //0x0080  
            char unknown132[8]; //0x0084
        float fWalkSpeed; //0x008C  
        float fRunSpeed; //0x0090  
        float fSwimBackSpeed; //0x0094  
        float fSwimSpeed; //0x0098  
        float fWalkBackSpeed; //0x009C  
        float fFlySpeed; //0x00A0  
        float fFlyBackSpeed; //0x00A4  
        float fTurnSpeed; //0x00A8  
        float fJumpVelocity; //0x00AC  
    };//Size=0x00B0(176)
    
    class CObject
    {
    public:
        virtual void function0(); //
        virtual void function1(); //
        virtual void function2(); //
        virtual void function3(); //
        virtual void function4(); //
        virtual void function5(); //
        virtual void function6(); //
        virtual void function7(); //
        virtual void GetObjectPos( idVec3* Pos ); //
        virtual float GetFacing(); //
        virtual float GetScale(); //
        virtual void function11(); //
        virtual void function12(); //
        virtual void function13(); //
        virtual void function14(); //
        virtual void function15(); //
        virtual const char* GetModel(); //
        virtual void function17(); //
        virtual void function18(); //
        virtual void function19(); //
        virtual void function20(); //
        virtual void function21(); //
        virtual void function22(); //
        virtual void function23(); //
        virtual float GetFacingAngle(); //
        virtual void function25(); //
        virtual void function26(); //
        virtual void function27(); //
        virtual void function28(); //
        virtual void function29(); //
        virtual void function30(); //
        virtual void function31(); //
        virtual void function32(); //
        virtual void function33(); //
        virtual void Interact(); //
        virtual void function35(); //
        virtual void function36(); //
        virtual void function37(); //
        virtual void function38(); //
        virtual void function39(); //
        virtual void function40(); //
        virtual void function41(); //
        virtual const char* GetObjectName(); //
        virtual void function43(); //
        virtual void function44(); //
        virtual void function45(); //
        virtual void function46(); //
        virtual void function47(); //
        virtual void function48(); //
        virtual void function49(); //
        virtual void function50(); //
        virtual void function51(); //
        virtual void function52(); //
        virtual void function53(); //
        virtual void function54(); //
        virtual void function55(); //
        virtual void function56(); //
        virtual void function57(); //
        virtual void function58(); //
        virtual void function59(); //
        virtual void function60(); //
        virtual void function61(); //
            char unknown4[4]; //0x0004
        DWORD m_dwStorage01; //0x0008  
        DWORD m_dwStorage02; //0x000C  
            char unknown16[4]; //0x0010
        int m_dwType; //0x0014  
            char unknown24[24]; //0x0018
        WOWGUID wLocalGUID; //0x0030  
            char unknown56[232]; //0x0038
        DWORD m_dwStorage3; //0x0120  
            char unknown292[4]; //0x0124
        CMovementInfo* m_pMoveInfo; //0x0128  
            char unknown300[3224]; //0x012C
        CModelInfo* m_pModelInfo; //0x0DC4  
    };//Size=0x0DC8(3528)
    
    class CModelInfo
    {
    public:
        int m_dwModelID; //0x0000  
        int m_dwFlags; //0x0004  
        char* m_pszModelName; //0x0008  
            char unknown12[76]; //0x000C
        float m_fModelHeight; //0x0058  
            char unknown92[4]; //0x005C
    };//Size=0x0060(96)

  5. #5
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1356
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just a piece of info.

    The mountain climb offset is stored as the consine of an angle (ie cos(50)), just thought I'd point that out to anyone wondering how exactly changing the value works. The larger you make that angle the steeper you can climb, although anything past 90deg obviously doesn't make a difference. And cos(90) == 0

  6. #6
    Cursed's Avatar Contributor
    Reputation
    270
    Join Date
    Jun 2007
    Posts
    1,380
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Cypher View Post
    Just a piece of info.

    The mountain climb offset is stored as the consine of an angle (ie cos(50)), just thought I'd point that out to anyone wondering how exactly changing the value works. The larger you make that angle the steeper you can climb, although anything past 90deg obviously doesn't make a difference. And cos(90) == 0
    Didnt you make an info thread about that long time ago? I read the entire Bots & Programs section last week and I think I found your old thread about how Wallclimbing is working

    Fixed the WalkThroughBuildings for 2.4.2
    Last edited by Cursed; 08-21-2008 at 01:09 PM.

  7. #7
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1356
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Cursed View Post
    Didnt you make an info thread about that long time ago? I read the entire Bots & Programs section last week and I think I found your old thread about how Wallclimbing is working

    Fixed the WalkThroughBuildings for 2.4.2

    You read the entire section? Jesus christ. o.O

    (And yea I did)

  8. #8
    Cursed's Avatar Contributor
    Reputation
    270
    Join Date
    Jun 2007
    Posts
    1,380
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Updated with Unlimited Jumping offset, some 2.4.0-2.4.3 stuff etc.
    Hmm and Chaz, it doesnt take too long to read the section (not including the Glider subforum )

  9. #9
    Cursed's Avatar Contributor
    Reputation
    270
    Join Date
    Jun 2007
    Posts
    1,380
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Some tiny little updates...

  10. #10
    unknown405's Avatar Member
    Reputation
    1
    Join Date
    Aug 2008
    Posts
    8
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    **EDIT**
    Removing offset

  11. #11
    eggsampler's Avatar Contributor
    Reputation
    187
    Join Date
    Jan 2008
    Posts
    109
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the offsets.

  12. #12
    R3plic4tor's Avatar Member
    Reputation
    1
    Join Date
    Aug 2008
    Posts
    8
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thx alot! :>

  13. #13
    kynox's Avatar Account not activated by Email
    Reputation
    830
    Join Date
    Dec 2006
    Posts
    888
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    one offset i do know (thanks to kyonx) is 100 which is camera Z, if your interested in expanding on it, you might find this to be helpful.

    Code:
    class CCamera
    {
    public:
        virtual void function0(); //
        virtual void function1(); //
        virtual void function2(); //
        virtual void function3(); //
        char unknown4[4]; //0x0004
        idVec3 vecPos; //0x0008          This is just a normal 3D Vector, X,Y,Z
        idMat3 vecViewMatrix; //0x0014   This is a 3x3 Matrix. 9 floats
        float ID02621370; //0x0038  
        float ID025E7F40; //0x003C  
        float fFov; //0x0040
    };
    And its kynox, not kyonx

  14. #14
    Cursed's Avatar Contributor
    Reputation
    270
    Join Date
    Jun 2007
    Posts
    1,380
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Although I know your name ofc, the author of this text didnt Fixed and thx for the info

  15. #15
    arigity's Avatar Banned
    Reputation
    49
    Join Date
    Dec 2007
    Posts
    548
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    bah, i misplaced an O >_> at any rate i think kyonx sounds cooler D:

Page 1 of 5 12345 LastLast

Similar Threads

  1. (help) locating base with offset as pointers in HEXWORKSHOP
    By danielx in forum WoW Memory Editing
    Replies: 1
    Last Post: 04-20-2013, 04:18 AM
  2. Problem with offsets and pointers
    By Neverhaven in forum WoW Memory Editing
    Replies: 10
    Last Post: 10-01-2009, 09:08 AM
  3. Finding Pointers and Offsets
    By PharmerPhale in forum MMO Exploits|Hacks
    Replies: 5
    Last Post: 04-21-2009, 04:07 PM
  4. TLS pointer offset
    By snackerr in forum WoW Memory Editing
    Replies: 3
    Last Post: 12-26-2008, 01:26 PM
  5. [Guide] Finding Pointers and Offset Manually.
    By PopcornWoW in forum World of Warcraft Guides
    Replies: 1
    Last Post: 12-23-2007, 07:49 AM
All times are GMT -5. The time now is 04:53 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search