CanSeeLoc aka OSI's LOS (Line Of Sight)
Posted: Thu Dec 30, 2010 11:26 amThis article is about the LOS algorithm which we can find inside the demo. Everything starts with the 2 script functions we have: canSeeLoc and canSeeObj. Both of them will end up calling a class function I named CanSeeLoc located at EIP 0x46ADA5. FUNC_XXX_CanSeeLoc is the internal name I gave (because it belongs to a class I could give a proper name for yet)
Let's first take a look at canSeeLoc:
canSeeObj is a bit different:
This is the canSeeObj of the item class:
The actual magic is going on in the CanSeeLoc (FUNC_XXX_CanSeeLoc) function. This is a screenshot of all cross references to this function :
I converted all the assembler to readable C(++) code and turned it into a DLL using the UODEMODLL technique introduced here : . You can download the full source code and a precompiled DLL here : . Posting the full source code would only clutter this post and if you're interested I guess you're gonna download it anyways
.
This DLL contains advanced hacking techniques that redirect all calls to CanSeeLoc (see the picture above) to the DLL, tthe DLL will then call both the original function and the decompiled function. I did this so we could/can detect mismatches (= errors in the decompilation).
One note about the algo, there are some "<< 16" lines in there, they act as an optimization to avoid slow floating point math in the algo. If someone else also understands the optimization and can explain it better than myself, please do so.
Screenshot of the DLL in action:
As always, feel free to ask any questions.
Let's first take a look at canSeeLoc:
- canSeeLoc.png (44.12 KiB) Viewed 3631 times
canSeeObj is a bit different:
- canSeeObj.png (57.69 KiB) Viewed 3631 times
This is the canSeeObj of the item class:
- ItemObject_CanSeeObj.png (45.23 KiB) Viewed 3631 times
The actual magic is going on in the CanSeeLoc (FUNC_XXX_CanSeeLoc) function. This is a screenshot of all cross references to this function :
- xrefs to CanSeeLoc.png (14.97 KiB) Viewed 3631 times
I converted all the assembler to readable C(++) code and turned it into a DLL using the UODEMODLL technique introduced here : . You can download the full source code and a precompiled DLL here : . Posting the full source code would only clutter this post and if you're interested I guess you're gonna download it anyways
.This DLL contains advanced hacking techniques that redirect all calls to CanSeeLoc (see the picture above) to the DLL, tthe DLL will then call both the original function and the decompiled function. I did this so we could/can detect mismatches (= errors in the decompilation).
One note about the algo, there are some "<< 16" lines in there, they act as an optimization to avoid slow floating point math in the algo. If someone else also understands the optimization and can explain it better than myself, please do so.
Screenshot of the DLL in action:
- CanSeeLoc DLL.png (267.27 KiB) Viewed 3628 times
As always, feel free to ask any questions.