Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Arbitrary Code Execution Discussion

TheZZAZZGlitch's memory editor - 1.1 version - Page 1

TheZZAZZGlitch's memory editor - 1.1 version

Posted by: ISSOtm
Date: 2018-01-16 23:37:19
TheZZAZZGlitch made a pretty cool memory editor, which nicely fits in 200 bytes. You can check it out in this video.
Given that the setup's duration basically depends on its length, I made a "1.1" version, which retains the same functionality, but fits it only 173 bytes !

Here is the byte list : https://pastebin.com/raw/H1FDy7Xw
Note that you will need to start with 173 X Accuracies instead of 200.


If you want to check out the source, which is even more messy (but also more commented) than the original : https://pastebin.com/raw/DU1PSNVg

Re: TheZZAZZGlitch's memory editor - 1.1 version

Posted by: Azarokkusu
Date: 2018-03-20 02:17:18
If you are using my sequential byte writer ( https://forums.glitchcity.info/index.php?topic=6638.msg208911#msg208911 ) to write this you will need all the values as decimal, so I provided that here:

https://pastebin.com/raw/3f39BSpS

ps to execute

X accuracy x 1
carbos x 219
tm 33 x any

Re: TheZZAZZGlitch's memory editor - 1.1 version

Posted by: Torchickens
Date: 2019-06-28 14:05:34
Someone on these forums made a revision that brings up the previous memory address. Unfortunately it seems to have got lost. These could then, in theory be combined for a v1.2. For a v1.3, we could implement viewing the contents of every ROM bank/SRAM bank etc.

Re: TheZZAZZGlitch's memory editor - 1.1 version

Posted by: Torchickens
Date: 2019-06-28 16:29:06
Head analysis (via Wii U) concept non GUI until tomorrow

1.
have 4F
have 8F

8F runs D322
4F jp to TheZZAZZGlitch memory editor (GUI)

D31F: h ; item 1 quantity
D321: l ; item 2 q

D322: ld b, bank ; ld hl, later inv. address in RAM ; call bank switch
later address: ld h, D31F ; ld l, D321 ; ld (some  item etc), hl ; ret


How this would work: The item quantities 1/2/3 give bank:hl you want to read from, so form is like: 3:12. Afterwards, the address contents is written as an item etc. Use Big Hex List to find out what that ROM address reads or use GUI.

2. Just use the farcopybytes function, copy all the address you want into RAM (which can be many at once), then refind it with 4F GUI. So say you want to extrapolate from a pointer table we can find the pointers.

Re: TheZZAZZGlitch's memory editor - 1.1 version

Posted by: Pixelated_
Date: 2019-07-12 23:28:13
Would it be possible for you to give a little more explanation? Id love to set this up on cartridge.