Map script arbitrary code execution: Difference between revisions

Map script arbitrary code execution (view source)

40 bytes added , 5 years ago

Thanks Sherkel! This was already known since a long time ago though. Some minor changes for clarity.

Anonymous user

Revision as of 16:59, 7 February 2019 (view source) >Sherkel (Now THIS is an awesome find! Let me know if there's any problem with this kind of proofreading.) ← Older edit		Revision as of 17:04, 7 February 2019 (view source) >Torchickens (Thanks Sherkel! This was already known since a long time ago though. Some minor changes for clarity.) Newer edit →
Line 2: ==Summary== Item 42 and item 42's quantity control wMapScriptPtr (D36E-F in {{RB}} and D36D-E in {{Yellow}}), with the index number of item 42 being the first byte to a little-endian pointer, and item 42's quantity as the second. This ~~address~~[[word]] ~~contain~~contains the current map script (not to be confused with [[glitch meta-map script activation\|the meta-map script]] which is not controlled by wMapScriptPtr). This script is run continuously after the menu is closed. The address can be changed to one corresponding to a different item slot, such as Water Stone x211 (Thunderstone x211 in Yellow) to make the script point to item 3 (D322/D321).