ok so nameLengthOffset=0xFFFFFFF8 is on 99% correct too
next ones
- playerCounterOffset=0x00000900
- playerIntervalOffset=0x000008B4
dont know what this is, or what variable i must search for in CE, but when i look in source i find only 1 function when they are used, and that was FlyUp()
dont have this sendpacket function in my list, so i simulate it myself and get this
Code:
2. 6. 2011 21:21:17: 07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-77-06-2C-61-98-11-AD-00
2. 6. 2011 21:21:30: 07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-00-00-2C-61-99-11-44-00
2. 6. 2011 21:21:31: 07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-00-00-2C-61-9A-11-45-00
2. 6. 2011 21:21:32: 07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-00-00-2C-61-9B-11-64-00
2. 6. 2011 21:21:33: 07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-00-00-2C-61-9C-11-A5-00
2. 6. 2011 21:21:33: 07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-00-00-2C-61-9D-11-A6-00
2. 6. 2011 21:21:33: 07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-00-00-2C-61-9E-11-2F-01
and function in source:
Code:
local [COLOR="Lime"]packet := "0700"[/COLOR]
local counter := readmemory(player+playerCounterOffset, client, 2)
local interval := readmemory(player+playerIntervalOffset, client, 2) ;0x01F4 -variable "interval" never used in source!!!
local xCoord := readmemory(player+playerXposOffset, client, 4)
local zCoord := readmemory(player+playerZposOffset, client, 4)
local speed := readmemory(player+playerFlySpdOffset, client, 4)
local moveType := 0x61
local speedFloat := hextofloat(speed)
local yCoordFloat := yCoordFloat + speedFloat * time
local sendSpeedFloat := speedFloat * 256 + 0.5
local sendSpeedHex := floor(sendSpeedFloat)
local sendYcoordHex := floattohex(yCoordFloat)
[COLOR="lime"]revHex(value, xCoord)
packet := packet . value[/COLOR]
[COLOR="lime"]revHex(value, sendYcoordHex)
packet := packet . value
revHex(value, zCoord)
packet := packet . value
revHex(value, sendSpeedHex, 4)
packet := packet . value
packet := packet . "00" [/COLOR] ;direction
[COLOR="lime"]revHex(value, moveType, 2)
packet := packet . value
revHex(value, counter, 4)
packet := packet . value
packet := packet . [COLOR="Red"]"F401"[/COLOR][/COLOR] ;unknown value
writeMemory(counter + 1,player+playerCounterOffset, client, 2)
writeMemory(sendYcoordHex,player+playerYposOffset, client)
sendPacket(packet, "16", 0x16, client)
from this, packet = 07-00 & Xcoord & Ycoord & Zcoord & speed & 00 & move type & counter & F4-01
btw F4-01 is not offset so i think no need change it in WQing.ini because its hardcoded in source
for example last line
07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-00-00-2C-61-9E-11-2F-01
00-00-
00-00-00-00-
00-00-00-00-
00-00-00-00-
00-00-
00-
00-
00-00-
00-00
packet := "0700"
revHex(value, xCoord)
packet := packet . value
revHex(value, sendYcoordHex)
packet := packet . value
revHex(value, zCoord)
packet := packet . value
revHex(value, sendSpeedHex, 4)
packet := packet . value
packet := packet . "00" ;direction -allways "00"
revHex(value, moveType, 2) -allways "61"
packet := packet . value
revHex(value, counter, 4)
packet := packet . value
packet := packet . "F401" ;unknown value - allways this value (hardcoded)
next....
Code:
2. 6. 2011 21:21:17: 07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-77-06-2C-61-[COLOR="red"]98-11[/COLOR]-AD-00
2. 6. 2011 21:21:30: 07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-00-00-2C-61-[COLOR="red"]99-11[/COLOR]-44-00
2. 6. 2011 21:21:31: 07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-00-00-2C-61-[COLOR="red"]9A-11[/COLOR]-45-00
2. 6. 2011 21:21:32: 07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-00-00-2C-61-[COLOR="red"]9B-11[/COLOR]-64-00
2. 6. 2011 21:21:33: 07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-00-00-2C-61-[COLOR="red"]9C-11[/COLOR]-A5-00
2. 6. 2011 21:21:33: 07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-00-00-2C-61-[COLOR="red"]9D-11[/COLOR]-A6-00
2. 6. 2011 21:21:33: 07-00-0B-00-25-45-41-CD-1C-44-58-80-17-44-00-00-2C-61-[COLOR="Red"]9E-11[/COLOR]-2F-01
with this u can see that "counter" change every time when u tap spacebar so u can easily search for that value with CE.... after few searches i get offset 0x928 so playerCounterOffset=0x00000928 and player interval probably nont needed (hardcoded, maybe iam wrong but i dont find any use of this offset)
------------------------------------
questFunctionOffset=0x1018
questFunctionAddress=0x0071BEA0
last 2 offsets for taking a quest can be found with interest07 tutorial in IDA, iam IDA noob, so i can try find this but no promisses with this
for now we have this:
Code:
[main]
logActivities=0
[offsets]
[COLOR="Green"]realBaseAddress=0x00AF6DA4[/COLOR] OK
[COLOR="Green"]SendPacketAddress=0x00659450[/COLOR] OK
[COLOR="Green"]playerCounterOffset=0x00000928[/COLOR] OK
[COLOR="Green"]playerIntervalOffset=0x000008B4[/COLOR] think this will be OK
[COLOR="Red"]questFunctionOffset=0x1018
questFunctionAddress=0x0071BEA0[/COLOR]
[COLOR="Green"]playerNameOffset=0x638[/COLOR] OK
[COLOR="Green"]playerTransportModeOffset=0x64C[/COLOR] OK
[COLOR="Green"]playerFlySpdOffset=0x4EC[/COLOR] OK
[COLOR="Green"]playerFlyMountOffset=0x0000058C[/COLOR] OK
[COLOR="Green"]playerXposOffset=0x3C[/COLOR] OK
[COLOR="Green"]playerYposOffset=0x40[/COLOR] OK
[COLOR="Green"]playerZposOffset=0x44[/COLOR] OK
[COLOR="Green"]playerActionStructOffset=0x1048[/COLOR] OK
[COLOR="Green"]baseOffset=0x1C[/COLOR] OK
[COLOR="Green"]playerOffSet=0x34[/COLOR] OK
[COLOR="Green"]nameLengthOffset=0xFFFFFFF8[/COLOR] OK
[COLOR="Green"]playerTargetIdOffset=0xB60[/COLOR] OK
[COLOR="Green"]npcIdOffset=0x11C[/COLOR] OK
[COLOR="Green"]sortedNpcListOffset=0x50[/COLOR] OK
[COLOR="Green"]baseListsOffset=0x1C[/COLOR] OK
[COLOR="Green"]npcListOffset=0x24[/COLOR] OK
ty for offsets, i cans still find quest adress and offset by myself even with tutorial 
(like i said ... IDA noob) 
