Find and patch instructions responsible for changes to the Light address when we get into a cave
If you got this far, this will be easy for you.
At this point, everytime we use a torch or cast something like utevo lux, the client writes our full light to the light address. The problem is that somewhere in OTClient, when we are in the main floor and go down + 1, you will see the dark again.
I don't like to guess where OTClient developer wrote these things, so we will do pretty much everything we have done so far for the Torch case, except that at first step, we'll use a torch to activate our "almost finished light hack".
Steps:
- Turn a torch on/off - DO NOT CAST MAGIC SPELLS (full light gets enabled)
- In the Light address path from 'Pointer scan' in the address list, right click it and Find out what writes to this address
- Find what writes the address pointed at by this pointer
- Go down main floor + 1 (e.g.: go to a cave). At this step, everything shall be in the darkness and Cheat Engine shown some instruction
- You can follow the "same" instructions from the Torch case in the second post to get:
How To Code
Now, this can be done programmatically:
- Patch Torch-case address (given by Address column) with opcode bytes (given by Bytes column)
- Patch Cave-case address (given by Address column) with opcode bytes (given by Bytes column)
- Write full light address to Light address
Check and test this sample code to be executed in Cheat Engine (Medivia OpenGL) to understand the process:
Code:
-- get the base address
local baseAddress = getAddress("Medivia_OGL.exe")
-- light intensity = 0xFF
-- light color = 0xD7
local lightValue = { 0xFF, 0xD7 }
-- address to creature pointer
local creaturePtrAddress = baseAddress + 0x00579A68
-- offset to light address
local lightOffset = 0xA4
-- address to patch when we turn torch on or
-- cast something that changes current light
local torchAddress = baseAddress + 0xDF336
-- address to patch when we change our character
-- z position (e.g.: get into a cave) and we get a light change
local floorChangeAddress = baseAddress + 0xE5B76
-- cheat code: mov ax, D7FF
local opcode = { 0x66, 0xB8, 0xFF, 0xD7 }
-- patch with our cheat code
writeBytes(torchAddress, opcode)
writeBytes(floorChangeAddress, opcode)
-- at end, we write our desired light to the light address
-- to force the client display our new light:
-- first, read pointer
-- later, write light value to light offset
local creaturePtr = readInteger(creaturePtrAddress)
local lightAddress = creaturePtr + lightOffset
writeBytes(lightAddress, lightValue)