I used OHack's old source code to implement updated fly, climb, water walk and collision hacks. The offsets below are all for 32-bit WoW 6.1.2.19865.
For Fly hack, you need to mess with CMovement_C__IsFlyingOrSwimming = 0x366896, Script_JumpOrAscendStart = 0x382862 and apply a hook on CMovementShared__CalcDirection = 0x8FF0F0 or CMovement_CalcDirection = 0x8FEFA9. Beware: most of these offsets are currently scanned by Warden.
For Collision hack, it's all about messing with the collision flags passed to CMovement_C__IsColliding = 0x56351F. Since this function is also scanned by Warden, I decided to hook CMap__GetFacets = 0x563823 which calls CMovement_C__IsColliding iirc. And these are the collision flags:
Code:
enum CollisionFlags : unsigned int {
CL_M2s = 0xF,
CL_Terrain = 0x100,
CL_IsNotPlayer = 0x2000,
CL_WMOs = 0x200F0,
};
For climb hack, you need to patch CMovement_C__AttemptStepUp = 0x369A1F and CMovement_C__TraceSurface = 0x36A0EB.
For water hack, you can patch CMovement__SetMovementFlags = 0x366362.
As you can see, most functions are CMovement stuff. Curiously, most hacks released by l0l1dk on his open source OHack still work today - you just need to update the offsets every new patch, which shouldn't be a problem if you diff the binary properly.
Finally, always monitor Warden: most scanned offsets are a great hint at critical spots in the executable that could have a huge impact in the gameplay (these hacks, anti-afk, no zoom limit, etc).
By the way, if I was to reverse all these things by my own, I can't even imagine how long it would take me. It helps a lot when you have a nice IDB with most functions named :P