This article is about the LOS algorithm which we can find inside the demo. Everything starts with the 2 script functions we have: canSeeLoc and canSeeObj. Both of them will end up calling a class function I named CanSeeLoc located at EIP 0x46ADA5. FUNC_XXX_CanSeeLoc is the internal name I gave (because it belongs to a class I could give a proper name for yet)
Let's first take a look at canSeeLoc: canSeeLoc takes an object as parameter and a location variable. The function will thus test if a certain object can see a certain location. The object is converted to a location by taking its location and adding halve the height of the object to the Z-axis. Not shown in the dissambly but all mobiles have a fixed height of 16 (even those tiny, nasty rats).
canSeeObj is a bit different: It takes two objects as a parameter and will check if the target object is a hidden mobile. If the target object is a hidden mobile no further action is taken and 0 is returned. Also, looking at 'yourself' will result in a quick termination of the function with a return value of 1. Otherwise the canSeeObj class function of the item class is called. Refer to this post about the class structure for the game objects : http://www.joinuo.com/forums/viewtopic.php?f=32&t=539.
This is the canSeeObj of the item class: Again, both objects are converted by adding halve their height to the Z axis and then calling the internal CanSeeLoc function.
The actual magic is going on in the CanSeeLoc (FUNC_XXX_CanSeeLoc) function. This is a screenshot of all cross references to this function :
I converted all the assembler to readable C(++) code and turned it into a DLL using the UODEMODLL technique introduced here : http://www.joinuo.com/forums/viewtopic.php?f=32&t=608. You can download the full source code and a precompiled DLL here : http://download.joinuo.com/UoDemoDLL/Version%201.1.rar. Posting the full source code would only clutter this post and if you're interested I guess you're gonna download it anyways .
This DLL contains advanced hacking techniques that redirect all calls to CanSeeLoc (see the picture above) to the DLL, tthe DLL will then call both the original function and the decompiled function. I did this so we could/can detect mismatches (= errors in the decompilation).
One note about the algo, there are some "<< 16" lines in there, they act as an optimization to avoid slow floating point math in the algo. If someone else also understands the optimization and can explain it better than myself, please do so.
Screenshot of the DLL in action:
As always, feel free to ask any questions.