Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex
TrainerDex
TypeDex
UnownDex
More

Major Glitches
Trainer escape glitch
Old man trick
Celebi Egg trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitches
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
Glitch Pokémon cries
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Technical
Site Source Code

Search Wiki

 

Search Forums

 

Author Topic: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!  (Read 459 times)

0 Members and 1 Guest are viewing this topic.

Couldntthinkofaname

  • Zeta
  • GCLF Member
  • *
  • Offline Offline
  • The default personal text makes no sense
    • View Profile
Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!
« Reply #15 on: November 05, 2017, 12:43:19 pm »
Regarding the OAM DMA Hijacking, I'm unsure whether we can replace 2'd with péZ×.9'l'l'l'lx'd or péZ×.9'l'l'l'l2'd.

Use the forward code. The latter code is an ld command, which doesn't affect the carry flag. In order for Ret NC to return, the carry flag must not be set.

Also, the ld command would swallow the 'd by using it as an operand.
« Last Edit: November 05, 2017, 12:48:09 pm by Couldntthinkofaname »
"What's a stack? Can you eat that?"

"Sure, just POP it into your mouth!" (someoneplskillme)

Clash Royale profile: #LYQC9LLV. Join our clan because we're lonely.

Does anybody really know what time it is?

Does anybody really care?
- Chicago

Krys3000

  • The frenchie
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - Main french Pokémon glitch website
Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!
« Reply #16 on: November 06, 2017, 08:38:44 am »
Alright, all codes (except the first one obviously) are available for both techniques now, and I've added links to some threads. I'm going to start writing a quick and basic introduction to opcodes.

Of course, I should be writing a french adaptation to box codes for PRAMA, but the absence of ret nc and sub x instructions in french characters is very annoying because to use ret c or sbc x, the code itself must be modified a bit  :(

Admin of the PRAMA Initiative, the main french Pokémon glitch website
http://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

Evie ✿

  • Administrator
  • *****
  • Offline Offline
  • Gender: Female
    • View Profile
Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!
« Reply #17 on: November 06, 2017, 10:15:18 am »
Awesome. Thank you! ^_^

Yeah I relate to that, self-modifying codes can be a pain sometimes.
Hi! I identify as transgender female.  She/her pronouns, please.

Online I most often use the username Torchickens or Chickasaurus.



Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:

Email Youtube Twitter
Skype: Torchickens
Bulbapedia Starfy Wiki

I like to collect interesting video games.
https://www.vgcollect.com/Torchickens

The psychology of birth (including spiritual birth): pain>acceptance/courage in face of pain>embracement>unconditional love and strength

Beyond all philosophies are the things that go best for you; what makes you feel content. It's important to always follow your heart, so unless you feel perfectly happy about it don't just follow something because it is popular, fits a style or is conventional. Sometimes you may reach a point you're not sure who you are, but as things settle I'm convinced things do work out in time.

Krys3000

  • The frenchie
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - Main french Pokémon glitch website
Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!
« Reply #18 on: November 07, 2017, 07:10:27 am »
I've added a quick introduction to opcodes. Don't hesitate to review it! :)

Admin of the PRAMA Initiative, the main french Pokémon glitch website
http://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

spamviech

  • GCLF Member
  • *
  • Offline Offline
  • Gender: Male
    • View Profile
Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!
« Reply #19 on: November 07, 2017, 07:45:42 am »
You should probably add the guide to GB Programming. Helped me a ton when I started messing around with 8F codes.

Also, the first avialable character for box names is space which is 0x7f. The corresponding instruction (ld a,a) can only be used as save passing code, but can be useful to reach certain numbers (e.g. using and).
Nothing major, but still a slight error. ;)

Couldntthinkofaname

  • Zeta
  • GCLF Member
  • *
  • Offline Offline
  • The default personal text makes no sense
    • View Profile
Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!
« Reply #20 on: November 07, 2017, 07:48:14 am »
I've added a quick introduction to opcodes. Don't hesitate to review it! :)

You may want to add that "ret" does not necessarily mean the code has ended. "Ret" pops the top of the stack to the pc (Program Counter).

So...

Ld bc,d61a
Push bc
Ret

...is effectively executed as...

Jp d61a
"What's a stack? Can you eat that?"

"Sure, just POP it into your mouth!" (someoneplskillme)

Clash Royale profile: #LYQC9LLV. Join our clan because we're lonely.

Does anybody really know what time it is?

Does anybody really care?
- Chicago

Krys3000

  • The frenchie
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - Main french Pokémon glitch website
Re: The newcomer and experienced user's guide to G/S Arbitrary Code Execution!
« Reply #21 on: November 07, 2017, 08:11:05 am »
Haha yeah, in fact I said that 'I'll put some ressources about opcodes later in the guide' but then totally forgot to do it  ;D

I've added a few links including this one, and also the space and ret suggestions :) Thanks to both of you!



Admin of the PRAMA Initiative, the main french Pokémon glitch website
http://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov