Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.
You can join Glitch City Research Institute to ask questions or discuss current developments.
You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.
3E 15 EA 59 D0 C9
3E xx 2E xx 26 xx 04 77 3C C9
0e 16 26 64 2e bb 41 40 cd d6 35 c9
When executing arbitrary code it's about converting the GBZ80 (where you can find a list of opcodes here and on the wiki's Big HEX List) into a representable form.
To do this for 8F and ws m redirected to the items pack you need to do is know the hex code and form for an ASM instruction and then use the item or quantities with the same hex IDs (you can use the Big HEX List or Windows Calculator to convert if necessary).
But importantly a little knowledge of GBZ80 is needed. Personally I feel it's good to start with things like understanding the registers like a, b, c, d, e, hl (from the hardware, you can view them as storage bytes like memory addresses but used everywhere) and basic instructions (read, write, etc).
This page is a good place to learn about the instructions in the context of what they do.
Here are a few examples of basic arbitrary code execution with an explanation for every line (read the comments in the square brackets [ ]):
Code to encounter Mew.
ld a, 15 [when you see ld [register] first, it means we're storing a value into a register. In this case we're storing hex:15 (the value of Mew) into the register 'a'.
ld (d059),a [when the register is on the right side of the instruction it means it will be moved elsewhere. In this case we're storing a (which was changed to hex:15) into D059 (the memory address for an instant encounter)]
ret [ret is needed to end the flow of the code or else the game will carry on executing the data beyond it as if it was code, which would likely freeze the game]
In hexadecimal this is the following:3E 15 EA 59 D0 C9
So to represent it in items we just need item hex:3E (Lemonade) x 21 (hex:15), followed by item hex:EA (TM34) x 89 (hex:59), followed by TM08 (D0) x 201 (hex:C9).
Pseudo-GameShark (change anything in RAM to anything) (copied from this post)
ld a, xx [as before, we add a value into register a, in this case the value we want to write for our pseudo-GameShark]
ld l, xx [the second byte in a Datacrystal order memory address is also put into register l]
ld h, xx [the first byte in a Datacrystal order memory address is put into register h]
inc b [add 1 to register b. Technically useless but sometimes this is helpful so that you can avoid using a bad item and instead use a quantity]
ld (hl), a [when the register pair on the left side is in brackets, it means you're putting the value into the address represented by those registers; so if h and l were D0 and 59 we would be storing a into D059]
inc a [see inc b]
ret [end of code as usual]
In items it ends up as this:
Lemonade, quantity (byte to change to, or 2nd byte of GScode)
X Accuracy, quantity (low byte of RAM address to change, or 3rd byte of GScode)
Carbos, quantity (high byte of RAM address to change, or 4th byte of GScode)
Poké Ball, quantity 119
Fresh Water, quantity 201
3E xx 2E xx 26 xx 04 77 3C C9
If you just want to edit the contents of the memory these two examples are all you need to work on, and it's where I started but if you want to do more things here is a more complex example:
Enter the Hall of Fame with 8F: (copied from this post)
Before we begin, this code uses call. This basically causes the game to execute code from elsewhere and return back to where it was later, and anything from 0000-7FFF is in the ROM (unlike 8000-FFFF which is in [generally] writable memory like RAM) according to the Game Boy BUS. This is different to jp ('jump') which redirects the flow of code without returning to where we originally were.
0000-3FFF will be an offset (what you would find in a hex editor like the program "HxD"), while 4000-7FFF in the Pokémon games are banked [also known as "three-byte"] pointers. For more information about banked pointers see the section on this article).
This code runs the code at 16:64BB in GBZ80 (which according to Game Boy Pointer Calculator is 5A4BB in a hex editor by using the 35D6 function which is used to run a script anywhere in the ROM.
ld c,16 [c is now 16 for bank 16]
ld h,64 [h is now 64 for 64XX]
ld l, bb [l is now BB. HL now=64BB]
ld b,c [c is moved into b, which serves as the bank for the below function]
ld b,b [technically not needed]
call 35d6 [run the bank switch function, which runs the script as b:hl]
ret [end of code]0e 16 26 64 2e bb 41 40 cd d6 35 c9
Awakening x 22
Carbos x100
X Accuracy x187
X Attack x 64
TM05 x214
Revive x201
To find the locations of other routines in the game you can download a SYM file which is a list of routines and their locations, but you may need to refer to the Pokémon Red (etc.) disassembly project to find out how they work (so what registers before the code will do what).
Hope that helps, and if you have any further questions let me know and I'll try to help! :)
If you want to get into big ACE things, I recommend you use the BGB emulator. Once you get used to its not very intuitive UI, you'll love its powerful debugger, memory watcher, etc.
And if you already got it, then you made a very good choice :D
WRA1:D321 3E E1 ld a, 225
WRA1:D323 EA 4A ld ($D34A), a
WRA1:D326 C9 ret
WRA1:D321 3E E1 ld a, 225
WRA1:D323 EA 4A ld ($D158), a
WRA1:D326 C9 ret
If you want to get into big ACE things, I recommend you use the BGB emulator. Once you get used to its not very intuitive UI, you'll love its powerful debugger, memory watcher, etc.
And if you already got it, then you made a very good choice :D
I got it recently, experimenting with cheats rn, and then I'll start getting into the debugger, etc.
Do you have a save compatible with the BGB emulator with 8F, and/or a bootstrap party (if possible), with all locations discovered or something or another. I heard torchickens has one, but…
Quick update with my progress on ACE: I made a quick thing with ACE that puts PK at the start of your rival's name, as a proof-of-concept
I also did a version with your name
Rival Name:
ASM:
WRA1:D321 3E E1 ld a, 225
WRA1:D323 EA 4A ld ($D34A), a
WRA1:D326 C9 ret
Item List:
Lemonade x225
TM34 x74
TM11 x201
Player name:
ASM:
WRA1:D321 3E E1 ld a, 225
WRA1:D323 EA 4A ld ($D158), a
WRA1:D326 C9 ret
Item List:
Lemonade x225
TM34 x88
TM09 x201
They should both work (the player one works, so the rival one should work, too, atleast I assume)
Change the lemonade quantity to a different number for a different letter (these can be found on the Big HEX List (http://glitchcity.info/wiki/The_Big_HEX_List), but I assume you already knew that)
This is my ACE script, so of course it's simple, but is it good for a first script?
You're welcome! Glad it was helpful ^^
If you want to get into big ACE things, I recommend you use the BGB emulator. Once you get used to its not very intuitive UI, you'll love its powerful debugger, memory watcher, etc.
And if you already got it, then you made a very good choice :D
I got it recently, experimenting with cheats rn, and then I'll start getting into the debugger, etc.
Do you have a save compatible with the BGB emulator with 8F, and/or a bootstrap party (if possible), with all locations discovered or something or another. I heard torchickens has one, but…
Yes, on my Google Sites I have a save files page where you can find save files with 8F or ws m set up.
https://sites.google.com/site/torchickens2/pokemon-save-files
If you go to D322 (or D321) on BGB Debugger you can see the raw code, and then right click and modify it to write the code you'd like.
Quick update with my progress on ACE: I made a quick thing with ACE that puts PK at the start of your rival's name, as a proof-of-concept
I also did a version with your name
Rival Name:
ASM:
WRA1:D321 3E E1 ld a, 225
WRA1:D323 EA 4A ld ($D34A), a
WRA1:D326 C9 ret
Item List:
Lemonade x225
TM34 x74
TM11 x201
Player name:
ASM:
WRA1:D321 3E E1 ld a, 225
WRA1:D323 EA 4A ld ($D158), a
WRA1:D326 C9 ret
Item List:
Lemonade x225
TM34 x88
TM09 x201
They should both work (the player one works, so the rival one should work, too, atleast I assume)
Change the lemonade quantity to a different number for a different letter (these can be found on the Big HEX List (http://glitchcity.info/wiki/The_Big_HEX_List), but I assume you already knew that)
This is my ACE script, so of course it's simple, but is it good for a first script?
Yes :). There's just a small error in the raw code (to make sure things are correct if you're copy and pasting it into a memory viewer/debugger). EA 4A for the first code should be EA 4A D3, and EA 4A for the second code should be EA 58 D1.