Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex
TrainerDex
TypeDex
UnownDex
More

Major Glitches
Trainer escape glitch
Old man trick
Celebi Egg trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitches
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
Glitch Pokémon cries
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Technical
Site Source Code

Search Wiki

 

Search Forums

 

Author Topic: Where to start for understanding exactly how glitches work programming-wise?  (Read 156 times)

0 Members and 1 Guest are viewing this topic.

vhs

  • GCLF Member
  • Offline Offline
    • View Profile
Hiya. I'm completely and totally a new person to this forum, and honest to god I don't quite know where else to look for this, but I'd like to find out where I can learn exactly how gen-1 glitches work in terms of things like hexadecimals and how people can abuse them to achieve different things. I've been interested in glitches for R/B/Y for a long portion of my life and I wish to understand more, however I've reached the hurdle of actually understanding the programming of the game itself.
If there's a post that explains all of this that I've overlooked, my sincere apologies. Thank you for your time.
« Last Edit: October 22, 2017, 10:22:14 pm by vhs »
Hiya, my name is Link. I'm a nonbinary (I don't really identify as a boy or a girl, singular they/them pronouns please) teenager who lives in the middle of nowhere, Illinois. I've always had an interest in video game glitches from a young age, and I wish to learn more about it.

Couldntthinkofaname

  • Zeta
  • GCLF Member
  • *
  • Offline Offline
  • The default personal text makes no sense
    • View Profile
Hi!

If you're looking for gen 1 glitch information, most of it can be found here at the Gen 1 glitch discussion child board. Most posts here are well explained in technological terms.

If you have a question, feel free to ask!
"What's a stack? Can you eat that?"

"Sure, just POP it into your mouth!" (someoneplskillme)

Clash Royale profile: #LYQC9LLV. Join our clan because we're lonely.

Does anybody really know what time it is?

Does anybody really care?
- Chicago

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
I think the first thing you need to understand the internal of glitches - any generation included - is coding. Have solid programming knowledge. This way - even not looking at the game's code ! - you can get a grasp of how "things work". Then, though things were programmed so this happens, what would happen if *this* happened instead ? (To put it differently, there are many different ways to have an given action trigger another, but they have different effects when unintended situations are encountered.) That's what you need to understand to get "how glitches work programming-wise".

To be fair, when I started, I had no idea how the Game Boy worked. I researched how WTW worked by poking around memory, not even code.
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Evie ✿

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Hi vhs. :) That's OK! I started in a similar position of not knowing much about the game's code or programming.

Related to what ISSOtm said, I personally feel before understanding the Game Boy's programming (CPU) it's important to understand the system's memory structure (which in this case of RBY/GSC is sometimes called the Game Boy bus and is described here).

The region that is at C000-CFFF, D000-DFFF, E000-FDFF (and sometimes A000-BFFF, 8000-9FFF) is usually the region that cheating devices for the Game Boy/Color such as the GameShark will change. For example, you might know of the code 01xx59D0 that allows you to fight any Pokémon in Red/Blue. What this code does is write a value to the banked RAM (also known as WRAM) address D059.

What RAM essentially is (although I don't personally understand electronical side of it, and most of the time you don't need to) is like you're making database of many changeable things in run-time (or in the case of SRAM save file data), whether it be how many badges you have, the species of the wild Pokémon in battle, your character's name, to as intricate as the tile on the screen at specific coordinates. On many occasions changing a RAM address will apply the change in game (although there are exceptions, for debugging the developer's might store the value there only like scratch paper).

I feel a good place to begin is by using a memory editor (or cheating device although the process takes longer) to set up glitches. These glitches could be techniques such as the old man glitch, out of bounds values like glitch items with IDs beyond hexadecimal 53 and so on.

When you do this I feel it's best to familiarize yourself with the hexadecimal number system. Our system, decimal has numbers ranging from 0 to 10. Hexadecimal has values ranging from 0 to 15 before you move on to the next digit, and decimal values 11 to 15 are written in hexadecimal as 0A-0F.

When clarifying that a number is in hexadecimal, we give it the prefix 0x or $ (depending on your preference); so 5A could be represented as 0x5A or $5A. The 0x doesn't mean "zero times", and I don't know why they chose it but it's like that.

If you're using Windows, Windows Calculator on Programmer mode is a great way to convert decimal to hexadecimal.

Simply enter a number in the "dec" field and then click on "hex", and the calculator will convert it for you.



We also have an article about hexadecimal here that tells you how to make conversions by hand if you ever need to do that. :)

This table known as the Big HEX List documents the hex values you need (for a memory editor such as the emulator BGB's and Visual Boy Advance (VBA)'s and the xx in a GameShark code) to obtain certain things.

For a list of memory addresses or GameShark codes I suggest the following resources:

1. Datacrystals' Pokémon Red and Blue RAM Map

2. Pokémon Red disassembly WRAM map (more complete)

3. Our wiki's GameShark codes archive

If you ever need to convert a GameShark code to a memory address and vice versa, consider a GameShark code as 01xxYYZZ. Address ZZYY should be the memory address for most memory editors. The reason for this is the older GameSharks always work by writing a value to a memory address, and that memory address is stored in the code in a format known as little-endian; meaning the smaller values go first. Hence 01xx59D0 is modifying big-endian D059.

If you want to get into testing out a particular glitch quickly on an emulator, I have prepared save files on my Google Sites (link), which you can use by saving them in the same directory as a ROM of the same name (for BGB) or using the import battery file feature from File>Load Game (for VBA).

In terms of programming, basically glitch items such as 8F (Red/Blue) and ws m (Yellow) will interpret RAM as programming code (known as arbitrary code execution). ROM is read-only and is often reserved for both code (such as the routine to start a new game), as well as data that shouldn't be changed during gameplay (like PIDGEY's species name for instance). Nothing stops the game executing RAM as code (in fact some games intentionally do this; not just HRAM), so using a software vulnerability like an out of bounds glitch item we can execute code from a certain address in RAM.

The game reads the hexadecimal bytes and doesn't consider the nature of what it is (hence a Lemonade for instance is 3E XX), but each hexadecimal value corresponds with an opcode (instruction) or operand (parameter for instruction only if the instruction precedes it). Most opcodes are covered on the Big HEX List linked above, but if you want a plainer version I personally suggest IIMarckus' text file.

This document is what helped me in understanding some of the basics in Game Boy programming, and the registers (like memory addresses but used by the hardware for almost every purpose): a, b, c, d, e, h, l, sp.

This is an example code:

ld a,0x15
ld (d059),a
ret

Here we store the value 0x15 (Mew's hex ID) into a. a is then moved into d059, and the ret is necessary to terminate the code. This results in us encountering a wild Mew.

Hope this helps! If you like I can help you learn more :)

Remember though: baby steps. I feel it's a good approach to take your time and try out things one step at a time, and when you perform a glitch deconstruct it by doing something slightly different to see how it changes things. It was only until a few years ago I started experimenting with the programming side of glitches.
« Last Edit: November 04, 2017, 09:17:01 pm by Evie ✿ »
Hi! I identify as transgender female.  She/her pronouns, please.

Online I most often use the username Torchickens or Chickasaurus.



Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:

Email Youtube Twitter
Skype: Torchickens
Bulbapedia Starfy Wiki

I like to collect interesting video games.
https://www.vgcollect.com/Torchickens

The psychology of birth (including spiritual birth): pain>acceptance/courage in face of pain>embracement>unconditional love and strength

Beyond all philosophies are the things that go best for you; what makes you feel content. It's important to always follow your heart, so unless you feel perfectly happy about it don't just follow something because it is popular, fits a style or is conventional. Sometimes you may reach a point you're not sure who you are, but as things settle I'm convinced things do work out in time.

Parzival

  • The Betrayed, The Cleansed, The Reborn
  • GCLF Member
  • *
  • Offline Offline
  • It begins.
    • View Profile
    • YT Channel
Hex can also be represented as xxh, the h being at the end of the number and denoting a hex number.
Ask me about betrayal.
Ask me about depression.
Ask me about death.
Ask me about destruction.
Ask me about hardship.
I've been through s**t.
If you need to talk to someone, my PM inbox is always open.