Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex
TrainerDex
TypeDex
UnownDex
More

Major Glitches
Trainer escape glitch
Old man trick
Celebi Egg trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitches
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
Glitch Pokémon cries
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Technical
Site Source Code

Search Wiki

 

Search Forums

 

Author Topic: Where did all of you start with ACE and such?  (Read 598 times)

0 Members and 1 Guest are viewing this topic.

Minty_Latios

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Where did all of you start with ACE and such?
« on: May 19, 2017, 07:28:40 am »
So, I know basic ASM, and I'm learning GBZ80 ASM (that's what it's called, correct?), and was wondering about all the resources, etc, you guys have used.
More specifically, how do you know which items lead to which results? I know there's the big HEX list, but.

The only resources I currently know of are the big HEX list, the pokemon red dissassembly project (https://github.com/pret/pokered/), and the Pokemon Red RAM map.
Any help's appreciated :P

Krys3000

  • The frenchie
  • Distinguished Member
  • *
  • Offline Offline
  • Gender: Male
  • Head admin of the PRAMA Initiative
    • View Profile
    • PRAMA Initiative - Main french Pokémon glitch website
Re: Where did all of you start with ACE and such?
« Reply #1 on: May 19, 2017, 09:55:38 am »
You don't seem to have understood the way 8F Code Execution executes code.

Maybe you can find what you need by reading this: http://forums.glitchcity.info/index.php?topic=7906.msg204874#msg204874

Hope this helps, but don't hesitate to ask more specific questions if needed :)

Admin of the PRAMA Initiative, the main french Pokémon glitch website
http://www.prama-initiative.com
“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” - Isaac Asimov

Princess Torchic ❤

  • Administrator
  • *****
  • Online Online
  • Gender: Female
  • The Chicken Girl
    • View Profile
Re: Where did all of you start with ACE and such?
« Reply #2 on: May 19, 2017, 01:08:59 pm »
When executing arbitrary code it's about converting the GBZ80 (where you can find a list of opcodes here and on the wiki's Big HEX List) into a representable form.

To do this for 8F and ws m redirected to the items pack you need to do is know the hex code and form for an ASM instruction and then use the item or quantities with the same hex IDs (you can use the Big HEX List or Windows Calculator to convert if necessary).

But importantly a little knowledge of GBZ80 is needed. Personally I feel it's good to start with things like understanding the registers like a, b, c, d, e, hl (from the hardware, you can view them as storage bytes like memory addresses but used everywhere) and basic instructions (read, write, etc).

This page is a good place to learn about the instructions in the context of what they do.

Here are a few examples of basic arbitrary code execution with an explanation for every line (read the comments in the square brackets [ ]):

Code to encounter Mew.

ld a, 15 [when you see ld [register] first, it means we're storing a value into a register. In this case we're storing hex:15 (the value of Mew) into the register 'a'.
ld (d059),a [when the register is on the right side of the instruction it means it will be moved elsewhere. In this case we're storing a (which was changed to hex:15) into D059 (the memory address for an instant encounter)]
ret [ret is needed to end the flow of the code or else the game will carry on executing the data beyond it as if it was code, which would likely freeze the game]

In hexadecimal this is the following:
Code: [Select]
3E 15 EA 59 D0 C9
So to represent it in items we just need item hex:3E (Lemonade) x 21 (hex:15), followed by item hex:EA (TM34) x 89 (hex:59), followed by TM08 (D0) x 201 (hex:C9).

Pseudo-GameShark (change anything in RAM to anything) (copied from this post)

ld a, xx [as before, we add a value into register a, in this case the value we want to write for our pseudo-GameShark]
ld l, xx [the second byte in a Datacrystal order memory address is also put into register l]
ld h, xx [the first byte in a Datacrystal order memory address is put into register h]
inc b [add 1 to register b. Technically useless but sometimes this is helpful so that you can avoid using a bad item and instead use a quantity]
ld (hl), a [when the register pair on the left side is in brackets, it means you're putting the value into the address represented by those registers; so if h and l were D0 and 59 we would be storing a into D059]
inc a [see inc b]
ret [end of code as usual]


In items it ends up as this:

Lemonade, quantity (byte to change to, or 2nd byte of GScode)
X Accuracy, quantity (low byte of RAM address to change, or 3rd byte of GScode)
Carbos, quantity (high byte of RAM address to change, or 4th byte of GScode)
Poké Ball, quantity 119
Fresh Water, quantity 201

Code: [Select]
3E xx 2E xx 26 xx 04 77 3C C9

If you just want to edit the contents of the memory these two examples are all you need to work on, and it's where I started but if you want to do more things here is a more complex example:

Enter the Hall of Fame with 8F: (copied from this post)

Before we begin, this code uses call. This basically causes the game to execute code from elsewhere and return back to where it was later, and anything from 0000-7FFF is in the ROM (unlike 8000-FFFF which is in [generally] writable memory like RAM) according to the Game Boy BUS. This is different to jp ('jump') which redirects the flow of code without returning to where we originally were.

0000-3FFF will be an offset (what you would find in a hex editor like the program "HxD"), while 4000-7FFF in the Pokémon games are banked [also known as "three-byte"] pointers. For more information about banked pointers see the section on this article).

This code runs the code at 16:64BB in GBZ80 (which according to Game Boy Pointer Calculator is 5A4BB in a hex editor by using the 35D6 function which is used to run a script anywhere in the ROM.

ld c,16 [c is now 16 for bank 16]
ld h,64 [h is now 64 for 64XX]
ld l, bb [l is now BB. HL now=64BB]
ld b,c [c is moved into b, which serves as the bank for the below function]
ld b,b [technically not needed]
call 35d6 [run the bank switch function, which runs the script as b:hl]
ret [end of code]

Code: [Select]
0e 16 26 64 2e bb 41 40 cd d6 35 c9
Awakening  x 22
Carbos     x100
X Accuracy x187
X Attack   x 64
TM05       x214
Revive     x201

To find the locations of other routines in the game you can download a SYM file which is a list of routines and their locations, but you may need to refer to the Pokémon Red (etc.) disassembly project to find out how they work (so what registers before the code will do what).

Hope that helps, and if you have any further questions let me know and I'll try to help! :)
Hi! I identify as female.  She/her pronouns, please.

Online I most often use the username Torchickens or Chickasaurus.

Ah.. koucha ga oishii ♪





Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:
If you like, please contact me by private message here on the forums as I no longer check other places very often.

YouTube: http://www.youtube.com/user/ChickasaurusGL

I like to collect interesting video games. ^_^
https://www.vgcollect.com/Torchickens

Give love, receive love, repeat. But in order to love others you must first love yourself unconditionally, even if it means abandoning pressure from projects or taking time off work and empathise with the self as you are your own best friend. The key often is simply to follow your heart, your urges and have faith they are valid; use them to do what you want to do as long as it doesn't harm anyone, and/or sympathise and respect it as we all have bad days (even the prettiest rose has thorns but is still beautiful).

Caveat

  • The Metropolitan Mutant of Ark
  • GCLF Member
  • *
  • Offline Offline
  • Wrrrooooooaaaar! Peeko!
    • View Profile
Re: Where did all of you start with ACE and such?
« Reply #3 on: May 19, 2017, 01:29:37 pm »
Trying to make a legit shiny Mew...

It was painful and several saves were lost, but I did it and it was fun!
HOLD ME, I'M A PALE MACHINE
LIFE IS JUST OKAY OUT HERE, ANYONE CAN SEE
I'M LONELY, WITH MY PALE MACHINE
EYES WILL RUN WITH TIRED TEARS, LIVING LIKE A DREAM


Japanese Glitchdex
Petscop Thread

Twitter
(warning: contains bad grammar and copious rambling)

Minty_Latios

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Where did all of you start with ACE and such?
« Reply #4 on: May 19, 2017, 05:44:30 pm »
When executing arbitrary code it's about converting the GBZ80 (where you can find a list of opcodes here and on the wiki's Big HEX List) into a representable form.

To do this for 8F and ws m redirected to the items pack you need to do is know the hex code and form for an ASM instruction and then use the item or quantities with the same hex IDs (you can use the Big HEX List or Windows Calculator to convert if necessary).

But importantly a little knowledge of GBZ80 is needed. Personally I feel it's good to start with things like understanding the registers like a, b, c, d, e, hl (from the hardware, you can view them as storage bytes like memory addresses but used everywhere) and basic instructions (read, write, etc).

This page is a good place to learn about the instructions in the context of what they do.

Here are a few examples of basic arbitrary code execution with an explanation for every line (read the comments in the square brackets [ ]):

Code to encounter Mew.

ld a, 15 [when you see ld [register] first, it means we're storing a value into a register. In this case we're storing hex:15 (the value of Mew) into the register 'a'.
ld (d059),a [when the register is on the right side of the instruction it means it will be moved elsewhere. In this case we're storing a (which was changed to hex:15) into D059 (the memory address for an instant encounter)]
ret [ret is needed to end the flow of the code or else the game will carry on executing the data beyond it as if it was code, which would likely freeze the game]

In hexadecimal this is the following:
Code: [Select]
3E 15 EA 59 D0 C9
So to represent it in items we just need item hex:3E (Lemonade) x 21 (hex:15), followed by item hex:EA (TM34) x 89 (hex:59), followed by TM08 (D0) x 201 (hex:C9).

Pseudo-GameShark (change anything in RAM to anything) (copied from this post)

ld a, xx [as before, we add a value into register a, in this case the value we want to write for our pseudo-GameShark]
ld l, xx [the second byte in a Datacrystal order memory address is also put into register l]
ld h, xx [the first byte in a Datacrystal order memory address is put into register h]
inc b [add 1 to register b. Technically useless but sometimes this is helpful so that you can avoid using a bad item and instead use a quantity]
ld (hl), a [when the register pair on the left side is in brackets, it means you're putting the value into the address represented by those registers; so if h and l were D0 and 59 we would be storing a into D059]
inc a [see inc b]
ret [end of code as usual]


In items it ends up as this:

Lemonade, quantity (byte to change to, or 2nd byte of GScode)
X Accuracy, quantity (low byte of RAM address to change, or 3rd byte of GScode)
Carbos, quantity (high byte of RAM address to change, or 4th byte of GScode)
Poké Ball, quantity 119
Fresh Water, quantity 201

Code: [Select]
3E xx 2E xx 26 xx 04 77 3C C9

If you just want to edit the contents of the memory these two examples are all you need to work on, and it's where I started but if you want to do more things here is a more complex example:

Enter the Hall of Fame with 8F: (copied from this post)

Before we begin, this code uses call. This basically causes the game to execute code from elsewhere and return back to where it was later, and anything from 0000-7FFF is in the ROM (unlike 8000-FFFF which is in [generally] writable memory like RAM) according to the Game Boy BUS. This is different to jp ('jump') which redirects the flow of code without returning to where we originally were.

0000-3FFF will be an offset (what you would find in a hex editor like the program "HxD"), while 4000-7FFF in the Pokémon games are banked [also known as "three-byte"] pointers. For more information about banked pointers see the section on this article).

This code runs the code at 16:64BB in GBZ80 (which according to Game Boy Pointer Calculator is 5A4BB in a hex editor by using the 35D6 function which is used to run a script anywhere in the ROM.

ld c,16 [c is now 16 for bank 16]
ld h,64 [h is now 64 for 64XX]
ld l, bb [l is now BB. HL now=64BB]
ld b,c [c is moved into b, which serves as the bank for the below function]
ld b,b [technically not needed]
call 35d6 [run the bank switch function, which runs the script as b:hl]
ret [end of code]

Code: [Select]
0e 16 26 64 2e bb 41 40 cd d6 35 c9
Awakening  x 22
Carbos     x100
X Accuracy x187
X Attack   x 64
TM05       x214
Revive     x201

To find the locations of other routines in the game you can download a SYM file which is a list of routines and their locations, but you may need to refer to the Pokémon Red (etc.) disassembly project to find out how they work (so what registers before the code will do what).

Hope that helps, and if you have any further questions let me know and I'll try to help! :)


Thanks for the big, informative answer! I'll be sure to look at the pages and such, and try out your examples and modify them a bit to fit my needs, then get into bigger projects.

ISSOtm

  • The French Lord of Laziness (and a huge The Legend Of Zelda fan)
  • Wiki Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Pewter City (B)rocks !
    • View Profile
    • My Little Website
Re: Where did all of you start with ACE and such?
« Reply #5 on: May 19, 2017, 06:45:41 pm »
If you want to get into big ACE things, I recommend you use the BGB emulator. Once you get used to its not very intuitive UI, you'll love its powerful debugger, memory watcher, etc.

And if you already got it, then you made a very good choice :D
"THOU SHALL NOT PASS !!"  RIVAL's effect, Gandalf.

Proudly glitching Pokémon Red and Yellow on a Black & White GB, Pocket GB, GB Color, GBA SP and new 3DS.

My Twitter (beware, I'm French)
My YouTube (same warning)

Here is an online tool to build 8F setups : GBz80 to Items !

They see me layzin', they ha-tin'...
Heavy contributor of the global augmentation of entropy (my room's is too damn high !)

Minty_Latios

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Where did all of you start with ACE and such?
« Reply #6 on: May 20, 2017, 04:21:43 am »
If you want to get into big ACE things, I recommend you use the BGB emulator. Once you get used to its not very intuitive UI, you'll love its powerful debugger, memory watcher, etc.

And if you already got it, then you made a very good choice :D

I got it recently, experimenting with cheats rn, and then I'll start getting into the debugger, etc.

Do you have a save compatible with the BGB emulator with 8F, and/or a bootstrap party (if possible), with all locations discovered or something or another. I heard torchickens has one, but...
« Last Edit: May 20, 2017, 04:28:15 am by Minty_Latios »

Minty_Latios

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Where did all of you start with ACE and such?
« Reply #7 on: May 20, 2017, 07:21:05 am »
Quick update with my progress on ACE: I made a quick thing with ACE that puts PK at the start of your rival's name, as a proof-of-concept
I also did a version with your name

Rival Name:

ASM:
Code: [Select]
WRA1:D321 3E E1                  ld a, 225
WRA1:D323 EA 4A                  ld ($D34A), a
WRA1:D326 C9                     ret

Item List:
Lemonade x225
TM34 x74
TM11 x201

Player name:

ASM:
Code: [Select]
WRA1:D321 3E E1                  ld a, 225
WRA1:D323 EA 4A                  ld ($D158), a
WRA1:D326 C9                     ret

Item List:
Lemonade x225
TM34 x88
TM09 x201

They should both work (the player one works, so the rival one should work, too, atleast I assume)

Change the lemonade quantity to a different number for a different letter (these can be found on the Big HEX List (http://glitchcity.info/wiki/The_Big_HEX_List), but I assume you already knew that)

This is my ACE script, so of course it's simple, but is it good for a first script?
« Last Edit: May 20, 2017, 07:22:52 am by Minty_Latios »

Princess Torchic ❤

  • Administrator
  • *****
  • Online Online
  • Gender: Female
  • The Chicken Girl
    • View Profile
Re: Where did all of you start with ACE and such?
« Reply #8 on: May 20, 2017, 08:23:38 am »
You're welcome!  Glad it was helpful ^^

If you want to get into big ACE things, I recommend you use the BGB emulator. Once you get used to its not very intuitive UI, you'll love its powerful debugger, memory watcher, etc.

And if you already got it, then you made a very good choice :D

I got it recently, experimenting with cheats rn, and then I'll start getting into the debugger, etc.

Do you have a save compatible with the BGB emulator with 8F, and/or a bootstrap party (if possible), with all locations discovered or something or another. I heard torchickens has one, but...

Yes, on my Google Sites I have a save files page where you can find save files with 8F or ws m set up.

https://sites.google.com/site/torchickens2/pokemon-save-files

If you go to D322 (or D321) on BGB Debugger you can see the raw code, and then right click and modify it to write the code you'd like.

Quick update with my progress on ACE: I made a quick thing with ACE that puts PK at the start of your rival's name, as a proof-of-concept
I also did a version with your name

Rival Name:

ASM:
Code: [Select]
WRA1:D321 3E E1                  ld a, 225
WRA1:D323 EA 4A                  ld ($D34A), a
WRA1:D326 C9                     ret

Item List:
Lemonade x225
TM34 x74
TM11 x201

Player name:

ASM:
Code: [Select]
WRA1:D321 3E E1                  ld a, 225
WRA1:D323 EA 4A                  ld ($D158), a
WRA1:D326 C9                     ret

Item List:
Lemonade x225
TM34 x88
TM09 x201

They should both work (the player one works, so the rival one should work, too, atleast I assume)

Change the lemonade quantity to a different number for a different letter (these can be found on the Big HEX List (http://glitchcity.info/wiki/The_Big_HEX_List), but I assume you already knew that)

This is my ACE script, so of course it's simple, but is it good for a first script?

Yes :). There's just a small error in the raw code (to make sure things are correct if you're copy and pasting it into a memory viewer/debugger).  EA 4A for the first code should be EA 4A D3, and EA 4A for the second code should be EA 58 D1.
« Last Edit: May 20, 2017, 08:24:57 am by Torchickens »
Hi! I identify as female.  She/her pronouns, please.

Online I most often use the username Torchickens or Chickasaurus.

Ah.. koucha ga oishii ♪





Thank you Aeriixion for the cute sprite above! :) Roelof also made different variations of the sprite (which I animated).

Contact:
If you like, please contact me by private message here on the forums as I no longer check other places very often.

YouTube: http://www.youtube.com/user/ChickasaurusGL

I like to collect interesting video games. ^_^
https://www.vgcollect.com/Torchickens

Give love, receive love, repeat. But in order to love others you must first love yourself unconditionally, even if it means abandoning pressure from projects or taking time off work and empathise with the self as you are your own best friend. The key often is simply to follow your heart, your urges and have faith they are valid; use them to do what you want to do as long as it doesn't harm anyone, and/or sympathise and respect it as we all have bad days (even the prettiest rose has thorns but is still beautiful).

Minty_Latios

  • GCLF Member
  • Offline Offline
  • CHARIZRAD 'M ROXORX or is it.
    • View Profile
Re: Where did all of you start with ACE and such?
« Reply #9 on: May 20, 2017, 06:01:15 pm »
You're welcome!  Glad it was helpful ^^

If you want to get into big ACE things, I recommend you use the BGB emulator. Once you get used to its not very intuitive UI, you'll love its powerful debugger, memory watcher, etc.

And if you already got it, then you made a very good choice :D

I got it recently, experimenting with cheats rn, and then I'll start getting into the debugger, etc.

Do you have a save compatible with the BGB emulator with 8F, and/or a bootstrap party (if possible), with all locations discovered or something or another. I heard torchickens has one, but...

Yes, on my Google Sites I have a save files page where you can find save files with 8F or ws m set up.

https://sites.google.com/site/torchickens2/pokemon-save-files

If you go to D322 (or D321) on BGB Debugger you can see the raw code, and then right click and modify it to write the code you'd like.

Quick update with my progress on ACE: I made a quick thing with ACE that puts PK at the start of your rival's name, as a proof-of-concept
I also did a version with your name

Rival Name:

ASM:
Code: [Select]
WRA1:D321 3E E1                  ld a, 225
WRA1:D323 EA 4A                  ld ($D34A), a
WRA1:D326 C9                     ret

Item List:
Lemonade x225
TM34 x74
TM11 x201

Player name:

ASM:
Code: [Select]
WRA1:D321 3E E1                  ld a, 225
WRA1:D323 EA 4A                  ld ($D158), a
WRA1:D326 C9                     ret

Item List:
Lemonade x225
TM34 x88
TM09 x201

They should both work (the player one works, so the rival one should work, too, atleast I assume)

Change the lemonade quantity to a different number for a different letter (these can be found on the Big HEX List (http://glitchcity.info/wiki/The_Big_HEX_List), but I assume you already knew that)

This is my ACE script, so of course it's simple, but is it good for a first script?

Yes :). There's just a small error in the raw code (to make sure things are correct if you're copy and pasting it into a memory viewer/debugger).  EA 4A for the first code should be EA 4A D3, and EA 4A for the second code should be EA 58 D1.

Ah, I saw your save files, I used your mew-setup for red to test out the rival/player name thing, cus I'm too lazy to do it on my VC, trying to find the other legendary birds, then gonna use JKSM to backup my save with my bootstrap n stuff, and mess around on real hardware

But thanks for the whole raw code error fix, I assume the D3 and D1 are for quantities, and the 58 on the second code is for the TM09? (just looked at the big hex list :P)
« Last Edit: May 20, 2017, 06:02:58 pm by Minty_Latios »