Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

New Viridian Forest arbitrary code execution method - Page 2

Re: New Viridian Forest arbitrary code execution method

Posted by: Krys3000
Date: 2018-08-16 07:37:16
I'm attempting to see if this specific Glitch Meta-map script ACE works in french games, so I just wrote a dumb piece of code at $F904 (assuming the european shift is occuring there, but keeping $F8FF-$F903 to NOPs, just in case) and performed the process. Script 06 is well activated, walking lag occurs, but it just freezes the game upon the battle with the Bug Catcher is finished. Am I doing something wrong?

Re: New Viridian Forest arbitrary code execution method

Posted by: Torchickens
Date: 2018-08-16 10:35:15

I'm attempting to see if this specific Glitch Meta-map script ACE works in french games, so I just wrote a dumb piece of code at $F904 (assuming the european shift is occuring there, but keeping $F8FF-$F903 to NOPs, just in case) and performed the process. Script 06 is well activated, walking lag occurs, but it just freezes the game upon the battle with the Bug Catcher is finished. Am I doing something wrong?


That's a shame. I think there could be various reasons. The script activated may be different between the different languages, or that player name may not be correct for French versions, or VRAM inaccessibility isn't working as it should (which could be by chance as in English games this doesn't always work either), or your current play time could be bad. Also I can't remember if this works on VBA, so make sure you're trying it on BGB or a real console.

To test whether the map script is activating arbitrary code, you can try setting a breakpoint on BGB on the debugger on debug>access breakpoints if you enter A000-FDFF in the address box, tick 'on execute' and add it. This way the debugger will automatically appear at where it is executing arbitrary code after you perform the steps, and you can deduce whether F8FF glitch executes the same code in the French versions as in the English versions.

Hope this clears things up.

Re: New Viridian Forest arbitrary code execution method

Posted by: Krys3000
Date: 2018-08-17 08:36:41
Thanks for the reply Evie,

I've been using BGB for glitch tests, so I tried your suggestion of placing a breakpoint, but the game freezes without breaking in that range. Apparently, this technique doesn't work in european games, even though Glitch Meta-map Script ACE (performed with Viridian City 0x10 or 0x11 for example) usually works well in these localizations.

Re: New Viridian Forest arbitrary code execution method

Posted by: Torchickens
Date: 2018-08-17 17:59:18

Thanks for the reply Evie,

I've been using BGB for glitch tests, so I tried your suggestion of placing a breakpoint, but the game freezes without breaking in that range. Apparently, this technique doesn't work in european games, even though Glitch Meta-map Script ACE (performed with Viridian City 0x10 or 0x11 for example) usually works well in these localizations.


You're welcome. :)

I see, that's interesting.

Yeah, often although a few glitches are the essentially the same (e.g. the equivalent of 8F between different languages with the address offsets of +5 taken into account) I've noticed there are a few differences, such as the Pokédex numbers/families (and learnsets I think) of glitch Pokémon. So it isn't entirely unlikely there could be differences in some of the scripts as well.