Reusable RAM writer: Difference between revisions
>Torchickens |
m (Text replacement - "(\bld(?:|i|l|d|h) (?:.+, ?)?)\((.+)\)" to "$1[$2]") |
||
Line 41: | Line 41: | ||
inc b - useless code |
inc b - useless code |
||
ld |
ld [hl],a - load a into the address (e.g. D059) |
||
ld h, D3 - we load the address byte 1 as D3 (item quantities are in the D3XX region) |
ld h, D3 - we load the address byte 1 as D3 (item quantities are in the D3XX region) |
||
Line 51: | Line 51: | ||
inc b - useless code |
inc b - useless code |
||
ld |
ld [hli],a - means we put 'a' in D323, and then increase the hl value to D324 |
||
inc hl - hl value= D325 |
inc hl - hl value= D325 |
||
ld |
ld [hli],a - means we will load a (0) into D325 (item 4 quantity), and increase hl to D326 |
||
inc hl - hl value = D327 |
inc hl - hl value = D327 |
||
ld |
ld [hli],a - means we put 'a' in D327 (item 5 quantity) |
||
ret - ends the code. |
ret - ends the code. |
Latest revision as of 20:59, 19 January 2021
The reusable RAM writer is an arbitrary code execution program for Pokémon Red, Blue, and Yellow, created by Torchickens/ChickasaurusGL.
It allows the player to write to any RAM address that is not locked, based on the quantities of item 3, item 4 and item 5. Upon use, these quantities are set to 0 (or x256), allowing the player to re-use it and write any value to any unlocked RAM address.
A bootstrap setup is required. For more information please see the arbitrary code execution article.
Code at D322/D321
3E xx 26 xx 2E xx 04 77 26 D3 3E 00 2E 23 04 22 23 22 23 22 C9
Item representation from item 3
Lemonade x (xx) [this is the value]
Carbos x (yy) [address, first byte big endian]
X Accuracy x(zz) [address, second byte big endian]
Poké Ball x119
Carbos x211
Lemonade x0
X Accuracy x35 (x34 in Yellow)
Poké Ball x34
HP Up x34
HP Up x34
TM01 x0
Assembly code (for learning)
ld a, 00 - a (value)=xx
ld h, 00 - h (address byte 1)=yy
ld l, 00 - l (address byte 2)=zz inc b - useless code
ld [hl],a - load a into the address (e.g. D059)
ld h, D3 - we load the address byte 1 as D3 (item quantities are in the D3XX region)
ld a, 00 - we load 'a' as 0 (quantity of 0)
ld l, 23 - l=23, now our address is D323 (item 3 quantity)
inc b - useless code
ld [hli],a - means we put 'a' in D323, and then increase the hl value to D324
inc hl - hl value= D325
ld [hli],a - means we will load a (0) into D325 (item 4 quantity), and increase hl to D326
inc hl - hl value = D327
ld [hli],a - means we put 'a' in D327 (item 5 quantity)
ret - ends the code.