How to find the warp offset (1 Viewer)

[Cade]

I'm sure they're out there, but I've never found a guide on how to find the warp offset. And if I do find one it won't be a 1337 Cade guide :p

Anything inside {'s is a button I want you to push (ie {Enter})




First thing's first. You'll need XVI32 (attached). Download it and extract to your desktop (to make things easy).

Run XVI32

Go to File -> New

In the window that open, navigate to eqgame.exe (default path is C:\Program Files\Sony\EverQuest\eqgame.exe).

Go to Search -> Find

Check the box that says

Joker char hex

and in the little box to the right of it replace whatever's there with

FF

Like this:

Above that, make sure "Hex String" is selected and in the search box type

A1 FF FF FF 00 D9 05 FF FF FF 00 D9 05 FF FF FF 00 8B

(just c/p it :p)
Like this:

Once it gets to the first match, write down the address:

Get it written down yet? Ok, I'll wait....

Dum Dee Doo Doo Doo Dee Doo

Ok now that it's done, go to Start -> Run -> Type Calc {enter}

In the calculator, go to View -> Scientific

Now go back to XVI32 and count the squares after the adress untill you get to the function start (A1)

As you see, in this case there's 4 squares before you get to A1, so set your calculator to Hex

And type the adress you wrote down.

Now remember there were 4 squared before A1, so add 4 to that.

Then add 0x004 to the front of the number you come up with....and you have your warp offset.

 

[armysoldier]

ok now how do u find other offsets.. for the docrack stuff...

THIS IS GREAT BTW... thanks

bandrent has been walking me through using winhack...

gimme more

gimme more

my mind is like a sponge....









ok ok more like a rock .. but hey ... i try 8-P

 

[smokinghot]

Nice little guide here thx Cade Nicely Done

 

[Mikiky]

OMG... Cade is my new hero!!!! This is an awesome guide, Cade, thanks so much for the simple explanations!!

BTW, you can now say as many smart ass comments to me as you wish at any time

 

[Cade]

I'm not your hero...unless you actually look like that person in your avatar....in which case I'll be your "hero" any time!

 

[armysoldier]

ok now how do u find other offsets.. for the docrack stuff...

THIS IS GREAT BTW... thanks

bandrent has been walking me through using winhack...

anymore info cade? I am eager to try more

 

[Cade]

I know how to find docrack offsets, but I can't get a working disassembeler to do so.

If I get one, I'll post a guilde ASAP

 

[jbone]

W32DASM doesn't work for you?

 

[Riddlerr]

Umm. your doing alot more work than whats needed ... use XVI32 is correct... but if you look at the very bottem left corner.. it tells you the offset w/o having to use the calc..... its built into xvi ... if you look on your screenshot. you will see the offset. which is 1d395....

 

[Cade]

W32DASM doesn't work for you?

Nope, when I use W32DASM it looks like I opened it with notepad

Umm. your doing alot more work than whats needed ... use XVI32 is correct... but if you look at the very bottem left corner.. it tells you the offset w/o having to use the calc..... its built into xvi ... if you look on your screenshot. you will see the offset. which is 1d395....

Eh, well, I'm an idiot

 

[Riddlerr]

No so.. just never was never told about it.. you did a great job figureing it out.. just doing work that was not needed. figured i would say it. since no one else did

 

[armysoldier]

cade i think this is easier than the other way... can we

A. add this to the Guide forfinding warp offset..

or

B. move this to guides as an alternate means to find it

thanks

 

[odessa]

Finding easy offsets is pretty trivial. I use IDA because I'm interested in tougher cracks but for beginners all you need is something like w32dasm.

I have no idea if I am allowed to do that but I will post it anyways, it's a guide by someone else since I don't feel like explaining something that's been explained hundreds of times.

This is a guide to finding "no encumber" offset by powder:

Offset Hunting - No encumber

First of all, open your eqstr_en.txt and find the encumber message:
12392 You are encumbered!
Take the numbers and dump them into windows calculator (in decimal mode) then change to hex mode to convert it. you should now have the number 3068.

This number is EQ's internal reference to what to display, you'll find that MANY offsets can be discovered by filtering through the eqstr_en.txt file.

But back to the guide.

Take 3068, and add the push line, so it looks like this:
PUSH 00003068
This is the command that says "display message 3068 (you are encumbered)"

In w32DASM, do a search for that line

In the current client ver (updated 10 march 04) it will take you to the following address:
:00423AFE 6868300000 push 00003068

This block of code (whats above and below it, this particular section) is what we want to kill.
Scroll up til you see
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00423AEC

That particular couple lines says that the address 00423AEC is requesting that this code be run - so what we want to do is stop this code from running.
Open up the Go To Code Location window in w32dasm and put in the referencing address (00423AEC), you'll notice it jumps like 3 or 4 lines up, to:
:00423AEC 7C02 jl 00423AF0

This jump calls our code. we want it dead. Sort of.

To make it a bit simpler and to save time, i'll tell you that its NOT THIS bit we want to kill. In this particular instance we want to kill the code that calls the caller - as it just doesnt work if we kill the calling code in this instance.

So go up a little again, and see what calls THIS block.
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00423AA9

Hey, if we compare that to the current offset hack, dont it look familiar??
HACK "No Encumberance"
ADDR 423AA9 7A5F 9090
END

Yeah!

So take this second jump we found and we change it to NOPNOP (or 9090 in code)

Tada, you have found the no enc offset.

Quick rundown.
1) find the error in eqstr_en.txt
2) change error number to hex (from decimal)
3) make it PUSH xxxxxxxx (there must be 8 numbers after PUSH, so add 0's to fit)
4) find PUSH xxxxxxxx
5) scroll up, try nop'ing the jump that calls this block of code.
6) Doesnt work, try nop'ing the jump that calls the code that calls the code with the PUSH in it (NOP the 2nd jump)
7) Drop your offset into docrack or fh-trainer and start cheating!

 

[armysoldier]

i usually post a link to this thread when i am the one to start the docrack thread...

but This thread has been the best tutorial for finding docrack offsets i have seen.

What i have asked before.. and will ask again... anyone wanna take a stab at finding other offsets needed for other things... Not talking docrack.. talking other things like Csum or Cgank.. etc etc

and what about some of the harder docrack offsets.. hide-run comes to mind...

just some thoughts

 

[odessa]

i usually post a link to this thread when i am the one to start the docrack thread...

but This thread has been the best tutorial for finding docrack offsets i have seen.

What i have asked before.. and will ask again... anyone wanna take a stab at finding other offsets needed for other things... Not talking docrack.. talking other things like Csum or Cgank.. etc etc

and what about some of the harder docrack offsets.. hide-run comes to mind...

just some thoughts

I think there's a reason there are no 'simple' tutorials explaining those. I can explain to you how you find and crack something like hide-run but it take quit a bit more knowledge to do these hacks and unless you really want to get banned I am not sure if you want to screw around with tougher hacks.

 

[maran]

Honest question. If this is found being used, will I get banned? I'm sorry for sounding like a "goodie two shoes" but I don't want to lose that lvl 52 wiz I have worked so hard, legally, on. If someone could answer relatively soon, it would be most appreciated!

 

[odessa]

Honest question. If this is found being used, will I get banned? I'm sorry for sounding like a "goodie two shoes" but I don't want to lose that lvl 52 wiz I have worked so hard, legally, on. If someone could answer relatively soon, it would be most appreciated!

yes you will get banned

 

[Crypto]

Honest question. If this is found being used, will I get banned? I'm sorry for sounding like a "goodie two shoes" but I don't want to lose that lvl 52 wiz I have worked so hard, legally, on. If someone could answer relatively soon, it would be most appreciated!

By the way.. if you learn to play a bit and hang around here more.. a level 52... anything won't be considered much work

I can have one of my toons to 52 in a couple weekend days.

Don't get too attached till you start getting the no drop stuffs.. hehe

 

[Protsadak]

does this still work?

I know i could test this out and try but i do no have eq on this computer because im in the processes of moving.

From what i understand(not alot) the non safe version is not that hard to find and make a plugin of.. so i dont understand why yall dont post it with a warning.. i mean we pay to visit this site why not let just get what we pay for? i mean yall still advertise it(wel when i joined the site a few months ago) as one of the plugins when people join the site...

you dont have to flame im just wondering...

 

[Spunge16]

Yeah sure we'll put up a non safe plugin in our precompiles! Excellent idea, really!!

We could put it up and have over half our members get banned for being idiots, then how would that look for the site?

Not the first time ive said it, but if ya want warp, just look elsewhere. Its not hard to find and is very inexpensive.

RGs isnt just a place to DL hax, its a community which shares a large wealth of knowledge and tips, and most of them arent even close enough to get you banned but will earn you good plat and or nice xp etc

Im not flaming, but its beginning to sound like a broken record hearing people here asking for Warp , GK/ND etc

If ya want, i'll compile you the old Warp code, get it running for ya, and let you use it. I give you 2 hours until your banned. Its not unsafe because its more noticable, Its unsafe because it sends packets to the server flagging your account up automatically saying "IM A HAXXOR!" and when that happens, what excuse you gonna give?

Ffs now im running late to get ready to play a gig!

 

[Protsadak]

it cant be that noticable i konw people that go to other sites and have a working version and warp(not alot but they do) and they have had no problems... its not like 90+% of the stuff on here would get u banned if they notice.. and its alwasy the users responsibility if they do get banned... id love to see a working version of warp i got a few accounts i could test it on and see how long it takes to get banned. PM me with if ya dont mind id appericate it and ill post a thred saying how long it took me and how many warps i did in that time frame to get banned to shut up a lot of the people up.

 

[Jmo]

Those "other sites" you speak of that have a working warp have paid developers working on theirs sites that created a packet blocker. Everyone here is a volunteer and have not been able to create a safe packet blocker as of yet. The other sites do not share their code on these blockers. So please just STOP being persistent and don't argue when someone says that we won't compile it for you. When warp is available here again, and we feel it is safe, you will know it.

 

[Protsadak]

first off jmo he offerd to compile it for me.. so yeah your whole point is null.. and second of all the other sites i konw of cost the same if not 1$ more per year.. and if we dont have paid devs then were does all our money go? i mean 1$ per member cant pay jack so its not like we are not forkin over the cash...and their sites are better looking and more functional...
look up at the last 4 msgs between me and you and spunge16 and you will find that you are out of line and just jumped in thinking you know everything and dont have to read the conversation.. so butt out.

 

[Ccomp5950]

Work out your exchange via PM's

Far as money goes, I think Redbot is riding the Synthetic Pony (He drinks oil like it's water you know, and price of oil per barrel keeps going up...) Also you will notice that we give a lot of free time out, I don't know the numbers but just thinking about it makes me O_o.

If you want a compiled up to date "megawarp.dll" I'm sure someone can provide it but the problem with the oldschool warps isn't that it checks for packets because we aren't using a packet with movelocalplayertosafe we're using an offset and a pretty much the succor function, the problem is in the checks around that function to make sure it's a legit call. I wouldn't be surprised if even if you got a oldschool MLPTS warp that it would warp you, it probably will just CTD even though it's doing it right.

Either way good luck