Anonymous user
OAM DMA hijacking: Difference between revisions
→Setup (additional arbitrary code execution)
Line 16:
Using another [[arbitrary code execution]] method (such an item configuration to run applicable GBZ80), write to the regions. Note the following:
1. Before doing anything, make sure to write C9 (ret) to FF80 first; unless the code writes to the region all at once
2. (Option 1 - Simplest but breaks OAM sprites) The player can write bytes from FF81 onward, such as a simple RAM modification code (15 EA 59 D0 C9), before adding 3E back to FF80. Another option for longer codes is to make FF80 read jp (source address). The ld a,C3 ld (ff00+46),a if overwritten like this will break OAM sprites (i.e. the sprites like Red on the screen), although from now on the code will run every frame regardless of where the player is in game; something that other arbitrary code execution methods cannot do.
| |||