Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex

Major Glitches
Trainer escape glitch
Old man trick
Celebi trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitch
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Search Wiki

 

Search Forums

 

Recent Posts

Pages: 1 2 [3] 4 5 ... 10
21
If you want to get into big ACE things, I recommend you use the BGB emulator. Once you get used to its not very intuitive UI, you'll love its powerful debugger, memory watcher, etc.

And if you already got it, then you made a very good choice :D
22
When executing arbitrary code it's about converting the GBZ80 (where you can find a list of opcodes here and on the wiki's Big HEX List) into a representable form.

To do this for 8F and ws m redirected to the items pack you need to do is know the hex code and form for an ASM instruction and then use the item or quantities with the same hex IDs (you can use the Big HEX List or Windows Calculator to convert if necessary).

But importantly a little knowledge of GBZ80 is needed. Personally I feel it's good to start with things like understanding the registers like a, b, c, d, e, hl (from the hardware, you can view them as storage bytes like memory addresses but used everywhere) and basic instructions (read, write, etc).

This page is a good place to learn about the instructions in the context of what they do.

Here are a few examples of basic arbitrary code execution with an explanation for every line (read the comments in the square brackets [ ]):

Code to encounter Mew.

ld a, 15 [when you see ld [register] first, it means we're storing a value into a register. In this case we're storing hex:15 (the value of Mew) into the register 'a'.
ld (d059),a [when the register is on the right side of the instruction it means it will be moved elsewhere. In this case we're storing a (which was changed to hex:15) into D059 (the memory address for an instant encounter)]
ret [ret is needed to end the flow of the code or else the game will carry on executing the data beyond it as if it was code, which would likely freeze the game]

In hexadecimal this is the following:
Code: [Select]
3E 15 EA 59 D0 C9
So to represent it in items we just need item hex:3E (Lemonade) x 21 (hex:15), followed by item hex:EA (TM34) x 89 (hex:59), followed by TM08 (D0) x 201 (hex:C9).

Pseudo-GameShark (change anything in RAM to anything) (copied from this post)

ld a, xx [as before, we add a value into register a, in this case the value we want to write for our pseudo-GameShark]
ld l, xx [the second byte in a Datacrystal order memory address is also put into register l]
ld h, xx [the first byte in a Datacrystal order memory address is put into register h]
inc b [add 1 to register b. Technically useless but sometimes this is helpful so that you can avoid using a bad item and instead use a quantity]
ld (hl), a [when the register pair on the left side is in brackets, it means you're putting the value into the address represented by those registers; so if h and l were D0 and 59 we would be storing a into D059]
inc a [see inc b]
ret [end of code as usual]


In items it ends up as this:

Lemonade, quantity (byte to change to, or 2nd byte of GScode)
X Accuracy, quantity (low byte of RAM address to change, or 3rd byte of GScode)
Carbos, quantity (high byte of RAM address to change, or 4th byte of GScode)
Poké Ball, quantity 119
Fresh Water, quantity 201

Code: [Select]
3E xx 2E xx 26 xx 04 77 3C C9

If you just want to edit the contents of the memory these two examples are all you need to work on, and it's where I started but if you want to do more things here is a more complex example:

Enter the Hall of Fame with 8F: (copied from this post)

Before we begin, this code uses call. This basically causes the game to execute code from elsewhere and return back to where it was later, and anything from 0000-7FFF is in the ROM (unlike 8000-FFFF which is in [generally] writable memory like RAM) according to the Game Boy BUS. This is different to jp ('jump') which redirects the flow of code without returning to where we originally were.

0000-3FFF will be an offset (what you would find in a hex editor like the program "HxD"), while 4000-7FFF in the Pokémon games are banked [also known as "three-byte"] pointers. For more information about banked pointers see the section on this article).

This code runs the code at 16:64BB in GBZ80 (which according to Game Boy Pointer Calculator is 5A4BB in a hex editor by using the 35D6 function which is used to run a script anywhere in the ROM.

ld c,16 [c is now 16 for bank 16]
ld h,64 [h is now 64 for 64XX]
ld l, bb [l is now BB. HL now=64BB]
ld b,c [c is moved into b, which serves as the bank for the below function]
ld b,b [technically not needed]
call 35d6 [run the bank switch function, which runs the script as b:hl]
ret [end of code]

Code: [Select]
0e 16 26 64 2e bb 41 40 cd d6 35 c9
Awakening  x 22
Carbos     x100
X Accuracy x187
X Attack   x 64
TM05       x214
Revive     x201

To find the locations of other routines in the game you can download a SYM file which is a list of routines and their locations, but you may need to refer to the Pokémon Red (etc.) disassembly project to find out how they work (so what registers before the code will do what).

Hope that helps, and if you have any further questions let me know and I'll try to help! :)


Thanks for the big, informative answer! I'll be sure to look at the pages and such, and try out your examples and modify them a bit to fit my needs, then get into bigger projects.
23
Pokémon Discussion / Re: Debug menus in Japanese Crystal
« Last post by ISSOtm on May 19, 2017, 03:20:20 pm »
It also depends on the ROM's localization AFAIK, but I'd need Wakc0 to confirm that.
24
Pokémon Discussion / Re: Debug menus in Japanese Crystal
« Last post by Hexatendo on May 19, 2017, 02:06:09 pm »
Sorry, I'm new here, but, is there any patch that enables all debugging functions? I tried one patch a few months ago, but that didn't work. And the patch I found on TCRF a few days ago only enables the ROM Debug (The one that displays a build date). Maybe in the case of the latter, there were different button combinations to enable the different functions? Also, I tried Game Genie codes to enable the quick start debug, but it didn't work in either. Is there at least different patches for different debug functions? (Although I would rather access all of them at once). And I tested the patches in VBA-M. Thank you.
25
Generation VII Glitch Discussion / Re: Spiky Shield Sky Drop glitch
« Last post by Caveat on May 19, 2017, 01:32:21 pm »
If the Gen 3 incarnation of the Pomeg glitch caused so much havoc, who knows what this glitch could do...
Does the game think you have no Pokemon left if you, say, have one "living dead" Pokemon and one normal one who knocks itself out?
26
Trying to make a legit shiny Mew...

It was painful and several saves were lost, but I did it and it was fun!
27
When executing arbitrary code it's about converting the GBZ80 (where you can find a list of opcodes here and on the wiki's Big HEX List) into a representable form.

To do this for 8F and ws m redirected to the items pack you need to do is know the hex code and form for an ASM instruction and then use the item or quantities with the same hex IDs (you can use the Big HEX List or Windows Calculator to convert if necessary).

But importantly a little knowledge of GBZ80 is needed. Personally I feel it's good to start with things like understanding the registers like a, b, c, d, e, hl (from the hardware, you can view them as storage bytes like memory addresses but used everywhere) and basic instructions (read, write, etc).

This page is a good place to learn about the instructions in the context of what they do.

Here are a few examples of basic arbitrary code execution with an explanation for every line (read the comments in the square brackets [ ]):

Code to encounter Mew.

ld a, 15 [when you see ld [register] first, it means we're storing a value into a register. In this case we're storing hex:15 (the value of Mew) into the register 'a'.
ld (d059),a [when the register is on the right side of the instruction it means it will be moved elsewhere. In this case we're storing a (which was changed to hex:15) into D059 (the memory address for an instant encounter)]
ret [ret is needed to end the flow of the code or else the game will carry on executing the data beyond it as if it was code, which would likely freeze the game]

In hexadecimal this is the following:
Code: [Select]
3E 15 EA 59 D0 C9
So to represent it in items we just need item hex:3E (Lemonade) x 21 (hex:15), followed by item hex:EA (TM34) x 89 (hex:59), followed by TM08 (D0) x 201 (hex:C9).

Pseudo-GameShark (change anything in RAM to anything) (copied from this post)

ld a, xx [as before, we add a value into register a, in this case the value we want to write for our pseudo-GameShark]
ld l, xx [the second byte in a Datacrystal order memory address is also put into register l]
ld h, xx [the first byte in a Datacrystal order memory address is put into register h]
inc b [add 1 to register b. Technically useless but sometimes this is helpful so that you can avoid using a bad item and instead use a quantity]
ld (hl), a [when the register pair on the left side is in brackets, it means you're putting the value into the address represented by those registers; so if h and l were D0 and 59 we would be storing a into D059]
inc a [see inc b]
ret [end of code as usual]


In items it ends up as this:

Lemonade, quantity (byte to change to, or 2nd byte of GScode)
X Accuracy, quantity (low byte of RAM address to change, or 3rd byte of GScode)
Carbos, quantity (high byte of RAM address to change, or 4th byte of GScode)
Poké Ball, quantity 119
Fresh Water, quantity 201

Code: [Select]
3E xx 2E xx 26 xx 04 77 3C C9

If you just want to edit the contents of the memory these two examples are all you need to work on, and it's where I started but if you want to do more things here is a more complex example:

Enter the Hall of Fame with 8F: (copied from this post)

Before we begin, this code uses call. This basically causes the game to execute code from elsewhere and return back to where it was later, and anything from 0000-7FFF is in the ROM (unlike 8000-FFFF which is in [generally] writable memory like RAM) according to the Game Boy BUS. This is different to jp ('jump') which redirects the flow of code without returning to where we originally were.

0000-3FFF will be an offset (what you would find in a hex editor like the program "HxD"), while 4000-7FFF in the Pokémon games are banked [also known as "three-byte"] pointers. For more information about banked pointers see the section on this article).

This code runs the code at 16:64BB in GBZ80 (which according to Game Boy Pointer Calculator is 5A4BB in a hex editor by using the 35D6 function which is used to run a script anywhere in the ROM.

ld c,16 [c is now 16 for bank 16]
ld h,64 [h is now 64 for 64XX]
ld l, bb [l is now BB. HL now=64BB]
ld b,c [c is moved into b, which serves as the bank for the below function]
ld b,b [technically not needed]
call 35d6 [run the bank switch function, which runs the script as b:hl]
ret [end of code]

Code: [Select]
0e 16 26 64 2e bb 41 40 cd d6 35 c9
Awakening  x 22
Carbos     x100
X Accuracy x187
X Attack   x 64
TM05       x214
Revive     x201

To find the locations of other routines in the game you can download a SYM file which is a list of routines and their locations, but you may need to refer to the Pokémon Red (etc.) disassembly project to find out how they work (so what registers before the code will do what).

Hope that helps, and if you have any further questions let me know and I'll try to help! :)
28
You don't seem to have understood the way 8F Code Execution executes code.

Maybe you can find what you need by reading this: http://forums.glitchcity.info/index.php?topic=7906.msg204874#msg204874

Hope this helps, but don't hesitate to ask more specific questions if needed :)
29
Generation VII Glitch Discussion / Re: Spiky Shield Sky Drop glitch
« Last post by Krys3000 on May 19, 2017, 09:51:01 am »
Before this glitch is patched to everyone with the latest update, do we know what happens when you finish by winning a battle with only a zombie Pokémon?

Do you black out or just hang around with a team of fainted Pokémon?
https://www.youtube.com/watch?v=M32v9L5jGjQ
Doing this in a link battle just skips you but we should try this with rocky helmet. Glitzer Popping Part 2 Anyone?
O... You can't hit that slot.
GOD, would this be easier in BW2

Yes it skips you, but if you're invincible and can't play, the opponent will Struggle to death. And if it's your only Pokémon, and if the game don't understand that your team is fainted, yeah it could lead to Pomeg glitch-related stuff.
30
So, I know basic ASM, and I'm learning GBZ80 ASM (that's what it's called, correct?), and was wondering about all the resources, etc, you guys have used.
More specifically, how do you know which items lead to which results? I know there's the big HEX list, but.

The only resources I currently know of are the big HEX list, the pokemon red dissassembly project (https://github.com/pret/pokered/), and the Pokemon Red RAM map.
Any help's appreciated :P
Pages: 1 2 [3] 4 5 ... 10