Wowemuhacker 4.3 Beta 4 [UNPACKED] !!

[robotkid]

Hello everyone :wave:

Since deathsoft doesn't like you to poke around WEH's memory they tried
to hide it in a.. strange way..

The program with the new icon is actually a loader which has the actual
WEH and DLL inside its belly :P What it does exactly (this is also wrong
coded preventing some ppl from running it XD) is exctracting WEH inside
C:\Windows and the DLL at the current directory.

All those who do not have a C:\ drive (like me :P) can't use it at all (my
windows directory is actually D:\WinXP so i dont stand a chance XD). After
the exctraction it runs WEH which has the curious filename DSCoreItem.dsf
,for further "protection" XD, using CreateProcessA..

The funny part is that they use this command line "2587746730261237437425"
0.o .. w0ah like now it's seriously protected XD

Anyway..they packed both files (WEH, DLL) with UPX so it was as easy as
peeing to get those things unpacked. So you are free to look around with
Ollydbg or your favorite debugger w/e

This way you can get you values for flying or speedhacking for your own
hack tool this will prevent warden from blacklisting WEH or similar public
releases!


EDIT:
No need for a loader anymore and removed some protections
You can now do what you want freely

Have fun
jOHNIDIs [c]

[suicidity]

gasp

seems to easy lol...

[robotkid]

Yes it is indeed all you need is to monitor Readprocessmemory and Writeprocessmemory
to trace where WEH read/writes in WoW's memory

Thing is that you should attach to WEH not open in and load it cause it wont work..

Keep in mind that there is a IsDebbugerPresent lurking around so make sure you
patch it first :P


Edit:
I just figured out how to get the player's base from a static pointer with this sh1t XD
this is my post..NO TLS involved plus i've added some delphi code

http://www.mmowned.com/forums/wow-me...e-2-3-3-a.html

[Demonshade]

lol i actually knew about this but didnt post it, never crossed my mind cuz i didnt think of what can b done with it. Kaspersky, my trusted anti-virus picked up the creation of files and i knew what they were i just didnt see any use for them but u did so gj to u. +2rep

edit: cant rep u yet but its comin eventually

[robotkid]

lol i actually knew about this but didnt post it, never crossed my mind cuz i didnt think of what can b done with it. Kaspersky, my trusted anti-virus picked up the creation of files and i knew what they were i just didnt see any use for them but u did so gj to u. +2rep

edit: cant rep u yet but its comin eventually

Hope you find usefull things inside WEH
Dont rush about the +Rep np

[mrnipply]

When using this in wow it kiks me off when i boost the speed....is there anyway to move faster without being kicked outta wow?

[matracapx]

up file rapidsire or megaupload ;/
i have problems down forum

[Demonshade]

When using this in wow it kiks me off when i boost the speed....is there anyway to move faster without being kicked outta wow?

there is, u gotta use oengine.

[Nikita749]

Hi Robotkid

I asked me if with resource hacker or Dev C++ i can modify WEH.exe to add command, like .addmoney??

See ya

[ameno12345678]

eem....some difference between my WEH and this? dont see any shit

[ameno12345678]

guys somebody can give me clue how you enter any hexxes in WEH ? ^_- please

[robotkid]

This is not a newer version of WEH ~_~

Its just an unpacked version which allows you to poke with its memory and
figure which addresses WEH manipulates for the haxz...

[jamstar123]

Is there any virus on it??

[Cypher]

Is there any virus on it??

Yes, it's full of viruses......

[robotkid]

Yes, it's full of viruses......

Although you try to be sarcastic some ppl will believe it ..