Map script arbitrary code execution: Difference between revisions
>Sherkel (Now THIS is an awesome find! Let me know if there's any problem with this kind of proofreading.) |
No edit summary |
||
| (One intermediate revision by one other user not shown) | |||
| Line 1: | Line 1: | ||
'''Map script arbitrary code execution''' is an [[arbitrary code execution]] method in {{RBY}}, requiring the [[expanded item pack]]. |
'''Map script arbitrary code execution''' is an [[arbitrary code execution]] method in {{RBY}}, requiring the [[expanded item pack]]. In speedrunning communities, it is also called APJM<ref>[https://pastebin.com/T5gHcAtb blue 151 full roaming items list - Pastebin]</ref>, and can be used as a type of arbitrary code execution or a specified [[unintended ROM code execution]], so is typically not allowed. |
||
==Summary== |
==Summary== |
||
Item 42 and item 42's quantity control wMapScriptPtr (D36E-F in {{RB}} and D36D-E in {{Yellow}}), with the index number of item 42 being the first byte to a little-endian pointer. This |
Item 42 and item 42's quantity control wMapScriptPtr (D36E-F in {{RB}} and D36D-E in {{Yellow}}), with the index number of item 42 being the first byte to a little-endian pointer, and item 42's quantity as the second. This [[word]] contains the current map script (not to be confused with [[glitch meta-map script activation|the meta-map script]] which is not controlled by wMapScriptPtr). |
||
This script is run continuously after the menu is closed. The address can be changed to one corresponding to a different item slot, such as Water Stone x211 (Thunderstone x211 in Yellow) to make the script point to item 3 (D322/D321). |
This script is run continuously after the menu is closed. The address can be changed to one corresponding to a different item slot, such as Water Stone x211 (Thunderstone x211 in Yellow) to make the script point to item 3 (D322/D321). |
||
| Line 11: | Line 11: | ||
#[[Expanded bag item documentation (Generation I)]] |
#[[Expanded bag item documentation (Generation I)]] |
||
==References== |
|||
<references/> |
|||
[[Category:Generation I glitches]] |
[[Category:Generation I glitches]] |
||
[[Category:Arbitrary code execution]] |
[[Category:Arbitrary code execution]] |
||
Latest revision as of 10:51, 3 November 2023
Map script arbitrary code execution is an arbitrary code execution method in Pokémon Red, Blue, and Yellow, requiring the expanded item pack. In speedrunning communities, it is also called APJM[1], and can be used as a type of arbitrary code execution or a specified unintended ROM code execution, so is typically not allowed.
Summary
Item 42 and item 42's quantity control wMapScriptPtr (D36E-F in Pokémon Red and Blue and D36D-E in Pokémon Yellow), with the index number of item 42 being the first byte to a little-endian pointer, and item 42's quantity as the second. This word contains the current map script (not to be confused with the meta-map script which is not controlled by wMapScriptPtr).
This script is run continuously after the menu is closed. The address can be changed to one corresponding to a different item slot, such as Water Stone x211 (Thunderstone x211 in Yellow) to make the script point to item 3 (D322/D321).
This is an efficient way of arbitrary code execution, but the items in slot 42 will be wiped after leaving the map, so it may be a good idea to swap the original map script back in before moving to a new map.