Anonymous user
0x1500 control code arbitrary code execution: Difference between revisions
0x1500 control code arbitrary code execution (view source)
Revision as of 09:33, 19 August 2019
, 4 years ago→Get TM17 with code at DA47 to go to DB75 (i.e. set up TM17 ACE to go to box names by default):
>Torchickens |
>Torchickens |
||
Line 7:
A specific variation of this glitch involving an [[unterminated name Pokémon (Generation II)|unterminated name glitch Pokémon]] is also known as '''unterminated name Pokémon arbitrary code execution'''.
Both of these exploits were discovered by
This glitch involves the combination of the byte 0x15 ("Day" control character) followed by 0x00 in a text string, and will lead to arbitrary code execution at memory address 0xCD52. Once the code is terminated with a ret, the program counter by default will be at the location following where the 0x1500 sequence was in the RAM.
Line 50:
====Get TM17 with code at DA47 to go to DB75 (i.e. set up TM17 ACE to go to box names by default):====
When a TM or HM is used in the wrong pocket, it will execute an unintended code pointer. TM17 executes DA47, which is in WRAM and this data persists after save and reset. Using this code, upon executing DA47 the game redirects to box names (DB75; specifically the codes start from PC Box 1 character 1 unlike common Coin Case box name ACE cheats)
p0'déT2(Pk)5
| |||