Recording the ASM of all glitch items.
Posted by: luckytyphlosion
Date: 2014-12-31 13:09:28
0x00 - "[].j"
01D1: ld b,b
01D2: nop
01D3: ld b,b
01D4: dec l
01D5: ld b,c
01D6: add (hl)
01D7: ld b,(hl)
01D8: call nc,BE42 ; carry will always not be set
BE42: rst $38 ; game = rekt
0x54 - "B2F"
This one lands somewhere in the BallSuccess code in the disasm. This is basically the game jumping to .ballsuccess2, so no point in completely documenting the ASM. (just look at .ballsuccess2 in the disasm)
57FA: ld b,(hl)
57FB: ld b,62
57FD: jr c,5801 ; carry will always never be set
57FF: ld b,63
5801: ld a,b
5802: ld (D11E),a ; used in many miscellaneous things
5805: ld c,14
5807: call 3739
3739: call 20AF
20AF: ld a,01
20B1: ld (ff00+D6),a ; I guess the vblank occurred
20B3: halt ; vblank occurs here because it's the next interrupt
;insert game going through vblank here
20B4: ld a,(ff00+D6) ; since vblank occurred, FFD6 = 0
20B6: and a
20B7: jr nz,FA ; jr to 20B3, a = 0 so it doesn't execute
20B9: ret ; address on stack is 373C
373C: dec c
373D: jr nz,FA ; jr to 3739, zero flag isn't set so we go there
3739: call 20AF ; DelayFrames in the disasm
; the game will continue calling 20AF until c = 0
; skipping to when c = 0
373C: dec c
373D: jr nz,FA ; jr to 3739, c is finally 0 so we skip this
373F: ret ; address on stack is 580A
580A: ld a,C1
580C: ld (D07C),a ; D07C = W_ANIMATIONID
580F: xor a
5810: ld (FF00+F3),a ; yay it's our turn now
5812: ld (CC5B),a ; apparently used in item lists, like the elevator
5815: ld (D05B),a ; something used in battle.
5818: ld a,(CF92) ; wWhichPokemon, a is now 17
581B: push af
581C: ld a,(CF91)
581F: push af
5820: ld a,08
5822: call 3E6D
3E6D: ld (CC4E),a
3E70: ld a,(ff00+B8)
3E72: ld (CF12),a
3E75: push af
3E76: ld a,13
3E78: ld (FF00+B8),a
3E7A: ld (2000),a
3E7D: call 7E49
(13)7E49: ld a,h
7E4A: ld (CC4F),a
7E4D: ld a,l
7E4E: ld (CC50),a ; at this point I was bored, so I moved on to another item
0x55 - B1F
Runs from SRAM, all FFs, Rst $38.
0x56 - 1F
Runs from VRAM, usually crashes.
0x57 - 2F
This item messes around with the multiplication and division variables in hram. I don't know what you could do with this, but as far as I see it's useless.
3D65: ld (ff00+97),a ; something in H_Divisor
3D67: ld a,(ff00+98) ; always 0 when using the item
3D69: sub b
3D6A: ld (ff00+98),a ; a is still 0 after the subtract operation
3D6C: inc c
3D6D: jr,B8 ; jr to 3D27
3D27: ld a,(ff00+99) ; a = 1
3D29: ld b,a ; b = 1
3D2C: ld a,(ff00+96) ; a = 2B
3D2E: cp b
3D2F: jr c,46 ; jr to 3D77, but carry isn't set so this is ignored
3D31: sub b ; a = 2A
3D32: ld (ff00+96),a
3D34: ld a,(ff00+9A)
3D34: ld b,a
3D36: ld a,(ff00+97)
3D39: ld (ff00+9D),a
3D3B: cp b
3D3C: jr nc,0B ; jr to 3D49, carry isn't set
3D49: sub b
3D4A: ld (ff00+97),a
3D4C: ld a,(ff00+9B)
3D4E: ld b,a
3D4F: ld a,(ff00+98)
3D51: ld (ff00+9E),a
3D53: cp b
3D54: jr nc,13 ; jr to 3D69
; this code will keep looping around until the carry flag is set
; the carry flag gets set after a long amount of looping and subtraction operations.
; it eventually gets set when it performs a "cp b" operation where a=0 and b=1, which sets the carry flag
; starting code from 3D77
3D77: ld a,(ff00+95)
3D79: or c ; c = D7 and a = 47, so a = D7
3D7C: ld a,F6
3D7E: add c ; a = CD and carry flag is set
3D7F: ld (hl),a ; does nothing since (hl) is a ROM address
3D80: ret ; finally