Reusable RAM writer: Difference between revisions
>Torchickens (Created page with "The '''reusable RAM writer''' is an arbitrary code execution program for {{RBY}}, created by Torchickens. It allows the player t...") |
m (Text replacement - "(\bld(?:|i|l|d|h) (?:.+, ?)?)\((.+)\)" to "$1[$2]") |
||
| (3 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
The '''reusable RAM writer''' is an [[list of arbitrary code execution programs|arbitrary code execution program]] for {{RBY}}, created by Torchickens. |
The '''reusable RAM writer''' is an [[list of arbitrary code execution programs|arbitrary code execution program]] for {{RBY}}, created by Torchickens/ChickasaurusGL. |
||
It allows the player to write to any RAM address that is not locked, based on the quantities of item 3, item 4 and item 5. Upon use, these quantities are set to 0 (or x256), allowing the player to re-use it and write any value to any unlocked RAM address. |
It allows the player to write to any RAM address that is not locked, based on the quantities of item 3, item 4 and item 5. Upon use, these quantities are set to 0 (or x256), allowing the player to re-use it and write any value to any unlocked RAM address. |
||
| Line 14: | Line 14: | ||
Carbos x (yy) [address, first byte big endian] |
Carbos x (yy) [address, first byte big endian] |
||
X Accuracy x(zz) [address, second byte |
X Accuracy x(zz) [address, second byte big endian] |
||
Poké Ball x119 |
Poké Ball x119 |
||
| Line 31: | Line 31: | ||
TM01 x0 |
TM01 x0 |
||
==Assembly code (for learning)== |
==Assembly code (for learning)== |
||
| Line 42: | Line 41: | ||
inc b - useless code |
inc b - useless code |
||
ld |
ld [hl],a - load a into the address (e.g. D059) |
||
ld h, D3 - we load the address byte 1 as D3 (item quantities are in the D3XX region) |
ld h, D3 - we load the address byte 1 as D3 (item quantities are in the D3XX region) |
||
| Line 52: | Line 51: | ||
inc b - useless code |
inc b - useless code |
||
ld |
ld [hli],a - means we put 'a' in D323, and then increase the hl value to D324 |
||
inc hl - hl value= D325 |
inc hl - hl value= D325 |
||
ld |
ld [hli],a - means we will load a (0) into D325 (item 4 quantity), and increase hl to D326 |
||
inc hl - hl value = D327 |
inc hl - hl value = D327 |
||
ld |
ld [hli],a - means we put 'a' in D327 (item 5 quantity) |
||
ret - ends the code. |
|||
[[Category:Arbitrary code execution]] |
[[Category:Arbitrary code execution]] |
||
Latest revision as of 20:59, 19 January 2021
The reusable RAM writer is an arbitrary code execution program for Pokémon Red, Blue, and Yellow, created by Torchickens/ChickasaurusGL.
It allows the player to write to any RAM address that is not locked, based on the quantities of item 3, item 4 and item 5. Upon use, these quantities are set to 0 (or x256), allowing the player to re-use it and write any value to any unlocked RAM address.
A bootstrap setup is required. For more information please see the arbitrary code execution article.
Code at D322/D321
3E xx 26 xx 2E xx 04 77 26 D3 3E 00 2E 23 04 22 23 22 23 22 C9
Item representation from item 3
Lemonade x (xx) [this is the value]
Carbos x (yy) [address, first byte big endian]
X Accuracy x(zz) [address, second byte big endian]
Poké Ball x119
Carbos x211
Lemonade x0
X Accuracy x35 (x34 in Yellow)
Poké Ball x34
HP Up x34
HP Up x34
TM01 x0
Assembly code (for learning)
ld a, 00 - a (value)=xx
ld h, 00 - h (address byte 1)=yy
ld l, 00 - l (address byte 2)=zz inc b - useless code
ld [hl],a - load a into the address (e.g. D059)
ld h, D3 - we load the address byte 1 as D3 (item quantities are in the D3XX region)
ld a, 00 - we load 'a' as 0 (quantity of 0)
ld l, 23 - l=23, now our address is D323 (item 3 quantity)
inc b - useless code
ld [hli],a - means we put 'a' in D323, and then increase the hl value to D324
inc hl - hl value= D325
ld [hli],a - means we will load a (0) into D325 (item 4 quantity), and increase hl to D326
inc hl - hl value = D327
ld [hli],a - means we put 'a' in D327 (item 5 quantity)
ret - ends the code.