Disabling the START menu through ACE
Posted by: ISSOtm
Date: 2017-04-20 12:35:26
This is useful, for example, when making custom save files (poke @TheZZAZZGlitch :P). Or if you want to be an ugly troll to your friends ^^
This is based off DMA hijacking, a technique that allows "automatic" ACE on each frame.
First off, you will want to write this piece of code somewhere :
NoStart::
ld a, [$C3AA]
cp $79
jr nz, .ok
ld hl, $0014
add hl, sp
ld [hl], $E8
inc hl
ld [hl], $29
.ok
ld a, $C3
ld c, $46
ret
And for those who want hex :
FAAAC3 FE79 2009 211400 39 36E8 23 3629 3EC3 0E46 C9Then, you will want to write
CDYYXX E2at $FF80, where the address of the above function is $XXYY (be careful of the order, it's in reverse !)
For example, if NoStart is at $CAFE you will write
CDFECA E2But be careful, those four bytes have to be written in one frame ! Otherwise you will almost certainly crash :D
Now, if everything is in place, the START menu will pop up when you press START, but will close immediately, without even printing any text inside
Until you reset the console, actually. This doesn't persist through resets :3 (although it is possible to make it permanent)
But this can make challenge runs where you aren't allowed to save (unless you change boxes), use items out of battle, re-order your Pokémon (outside of the PC). Or just have fun screwing around :P
How does it work ?
$C3AA is a part of the game's WRAM tilemap, and this is where tiles are written to before being copied to VRAM (because of access restrictions)
Specifically, the game writes a $79 there (top-left menu tile) when opening the START menu. As far as I know, no other text box in the game does this.
If such a tile is detected, the script knows the game is attempting to open the START menu. Specifically, due to how text boxes work, the game is processing the DisplayTextIDInit function, which consistently waits for a few frames.
What we do is manipulate this function's return address so instead of displaying the menu, it will directly go to the function that closes it.
ld hl, $0014
add hl, sp
makes hl point to the aforementioned return address, which we overwrite with $29E8 (CloseTextDisplay) which undoes everything. Pop :P
All that remains of the menu is the blank text box, which is displayed by DisplayTextIDInit. It would be possible to avoid it, but that would be heavier. Besides, if you want to troll a friend, he will probably freak out a bit more :D
Note that this doesn't affect any other text box ;)
I'd like to make a demonstration video but I don't have any working screen recorder.
Bummer.