Map script arbitrary code execution: Difference between revisions

Jump to navigation Jump to search
Content added Content deleted
VisualWikitext
>Sherkel
(Now THIS is an awesome find! Let me know if there's any problem with this kind of proofreading.)
>Torchickens
(Thanks Sherkel! This was already known since a long time ago though. Some minor changes for clarity.)
Line 2: Line 2:


==Summary==
==Summary==
Item 42 and item 42's quantity control wMapScriptPtr (D36E-F in {{RB}} and D36D-E in {{Yellow}}), with the index number of item 42 being the first byte to a little-endian pointer. This address contain the current map script (not to be confused with [[glitch meta-map script activation|the meta-map script]] which is not controlled by wMapScriptPtr).
Item 42 and item 42's quantity control wMapScriptPtr (D36E-F in {{RB}} and D36D-E in {{Yellow}}), with the index number of item 42 being the first byte to a little-endian pointer, and item 42's quantity as the second. This [[word]] contains the current map script (not to be confused with [[glitch meta-map script activation|the meta-map script]] which is not controlled by wMapScriptPtr).


This script is run continuously after the menu is closed. The address can be changed to one corresponding to a different item slot, such as Water Stone x211 (Thunderstone x211 in Yellow) to make the script point to item 3 (D322/D321).
This script is run continuously after the menu is closed. The address can be changed to one corresponding to a different item slot, such as Water Stone x211 (Thunderstone x211 in Yellow) to make the script point to item 3 (D322/D321).
Retrieved from "https://glitchcity.wiki/wiki/Map_script_arbitrary_code_execution"