Pokémon Red and Blue: Difference between revisions
Jump to navigation
Jump to search
Content added Content deleted
m (→Glitch items: Changed tildes for range to en dashes) |
m (Text replacement - "(\bld(?:|i|l|d|h) (?:.+, ?)?)\((.+)\)" to "$1[$2]") |
||
| Line 62: | Line 62: | ||
When finding the address of the effect pointer, the game computes (item ID - 1) * 2 to find out the byte offset first, and makes an assumption that this calculation does not underflow or overflow the byte. This assumption is sound for valid non-TM, non-HM items, but not for glitch items with ID 0 or 129–195. This has the effect of "wrapping" the item ID to the 1–128 range by adding or subtracting 128, for the purpose of finding the effect pointer only. As a result, the glitch items with ID 129–195 have the same effect pointers, and thus similar effects, as the corresponding items with ID 1–67. The effects may not be completely the same because they may check the exact item ID, or the Rival's effect (see below) may happen. |
When finding the address of the effect pointer, the game computes (item ID - 1) * 2 to find out the byte offset first, and makes an assumption that this calculation does not underflow or overflow the byte. This assumption is sound for valid non-TM, non-HM items, but not for glitch items with ID 0 or 129–195. This has the effect of "wrapping" the item ID to the 1–128 range by adding or subtracting 128, for the purpose of finding the effect pointer only. As a result, the glitch items with ID 129–195 have the same effect pointers, and thus similar effects, as the corresponding items with ID 1–67. The effects may not be completely the same because they may check the exact item ID, or the Rival's effect (see below) may happen. |
||
As for glitch items with ID 84–128, their effect pointers are actually the code of the function ItemUseBall<ref>[https://github.com/pret/pokered/blob/fbbade2becdbbbaad787ec4ad957b8b5253498c0/engine/items/item_effects.asm#L104 The function ItemUseBall], which appears just below the effect pointer table</ref>, split into 2-byte words and interpreted as pointers. Some of those 2-byte words are actually pointers: They are the operand of a 3-byte instruction, such as <code>ld a, |
As for glitch items with ID 84–128, their effect pointers are actually the code of the function ItemUseBall<ref>[https://github.com/pret/pokered/blob/fbbade2becdbbbaad787ec4ad957b8b5253498c0/engine/items/item_effects.asm#L104 The function ItemUseBall], which appears just below the effect pointer table</ref>, split into 2-byte words and interpreted as pointers. Some of those 2-byte words are actually pointers: They are the operand of a 3-byte instruction, such as <code>ld a, [$xxyy]</code>, <code>ld hl, $xxyy</code>, or <code>jp z, $xxyy</code>. This is why the aforementioned [[ItemDex/RB:093|8F]] and [[ItemDex/RB:106|-gm]] always jump to the party count and the Safari Ball count respectively, even on various European versions of the game where the RAM layout is slightly different, as well as why [[ItemDex/RB:099|ws m]] in Red and Blue always print the "box is full" message. |
||
Other glitch items' effect pointers consist of two separate bytes with usually different meanings in assembly. For example, the effect pointer of [[ItemDex/RB:089|4F]] is $FA65, which comes from two assembly instructions <code>jp nz, $658B</code> and <code>ld a, |
Other glitch items' effect pointers consist of two separate bytes with usually different meanings in assembly. For example, the effect pointer of [[ItemDex/RB:089|4F]] is $FA65, which comes from two assembly instructions <code>jp nz, $658B</code> and <code>ld a, [$D05A]</code>, encoded as the byte sequence "C2 8B '''65 FA''' 5A D0", and the middle two bytes decoded as a 2-byte pointer in little-endian. This address happens to be in the Echo RAM, and "echos" the WRAM address $DA65, leading to another relatively popular ACE exploit. |
||
==== Rival's effect ==== |
==== Rival's effect ==== |
||