Map script arbitrary code execution

From Glitch City Wiki
Revision as of 16:46, 7 February 2019 by >Torchickens (Created page with "'''Map script arbitrary code execution''' is an arbitrary code execution method in {{RBY}}, usually requiring the expanded item pack. ==Summary== Item 42 and item 42'...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Map script arbitrary code execution is an arbitrary code execution method in Pokémon Red, Blue, and Yellow, usually requiring the expanded item pack.

Summary

Item 42 and item 42's quantity control wMapScriptPtr (D36E-F in Pokémon Red and Blue and D36D-E in Pokémon Yellow), with item 42 being the first byte to a little-endian pointer. These addresses contain the current map script (not to be confused with the meta-map script which is not controlled by wMapScriptPtr).

This script is run continuously after the menu is closed. The address can be changed to viable items, such as Water Stone x 211 (Thunderstone x 211 in Yellow) to make the script point to item 3 (D322/D321).

This is an efficient way of arbitrary code execution, but the items in slot 42 will be wiped after leaving the map, so it may be a good idea to swap the original map script back in before moving to a new map.

Retrieved from "https://glitchcity.wiki/wiki/Map_script_arbitrary_code_execution?oldid=28089"