Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of an article from Glitch City Laboratories wiki.

A live version of this article is available at the Glitch City Wiki here.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of the wiki in .tar.gz or .xml.gz formats.

TheZZAZZGlitch's memory editor



TheZZAZZGlitch's memory editor is an arbitrary code execution loaded memory editor for Pokémon Red and Blue, designed for use at memory address $DB01. It is similar to the older offgao's memory editor.

It was created by TheZZAZZGlitch, hence the name.

Differences from offgao's memory editor

  • The memory editor appears on the left side of the screen, rather than the right side of the screen.
  • Editing a memory address is done by holding A, and then pushing buttons while the cursor is highlighted. Offgao's requires holding Start instead.
  • Edits are buffered until the A-Button is released, allowing safe editing of sensitive regions such as when setting up OAM DMA hijacking.
  • Includes a 'subroutine execution' feature. Holding A down and pressing Select and Start will execute the given address as code.

    Bytes (EN Red/Blue)

    54 5d d5 21 f8 ff 19 54 5d f0 f8 a7 20 fb 21 a0 c3 36 7c 23 7a cd a9 db 7b cd a9 db 36 e3 23 1a cd a9 db 36 7c 01 0c 00 09 13 7d fe 08 20 e2 21 45 c4 36 ed d1 76 f0 f8 47 cb 58 28 04 7a c6 10 57 cb 50 28 01 14 cb 48 c0 cb 40 20 24 cb 70 28 01 1b cb 78 28 01 13 cb 68 28 06 21 f0 ff 19 54 5d cb 60 28 06 21 10 00 19 54 5d 18 95 79 12 18 fa 36 ec 1a 4f 76 f0 f8 a7 28 f2 47 cb 70 28 04 79 c6 10 4f cb 78 28 04 79 d6 10 4f cb 68 28 01 0d cb 60 28 01 0c 2e 46 79 cd a9 db f0 f8 fe 0d 28 19 e6 fe 20 f6 18 cd 47 cb 37 e6 0f cd b2 db 78 e6 0f c6 f6 30 02 c6 60 22 c9 21 c9 db 73 23 72 cd 94 3e fa 4e cc c3

    v1.1 (by ISSOtm)

    This version is shorter in length.Forums post introducing v1.1

    E5 11 F8 FF 19 54 5D F0 F8 A7 20 FB 21 A0 C3 36 7C 23 7A CD 9D DB 7B CD 9D DB 36 E3 23 1A CD 9D DB 36 7C 01 0C 00 09 13 7D FE 08 20 E2 3E ED EA 45 C4 E1 76 F0 F8 87 30 01 23 87 30 01 2B 87 30 04 11 F0 FF 19 87 30 04 11 10 00 19 87 30 04 11 00 10 19 87 30 01 24 87 D8 87 30 A4 4E E5 21 45 C4 36 EC 76 F0 F8 A7 28 2F 47 79 CB 78 28 02 D6 10 CB 70 28 02 C6 10 CB 68 28 01 3D CB 60 28 01 3C 2E 46 4F CD 9D DB F0 F8 E6 FE 28 D6 FE 0C 20 F6 CD 94 3E FA 4E CC C9 E1 71 18 BE 47 CB 37 CD A4 DB 78 E6 0F C6 F6 30 02 C6 60 22 C9

    v1.2 (unknown)

    A third version of the memory viewer was released by another forums user, but cannot be located. It may have allowed the user to return the user to the previously accessed memory address after leaving and accessing the viewer again.

    Code (EN Red/Blue, for learning)

    _start: ld d,h ld e,l writeagain: push de ld hl,$fff8 add hl,de ld d,h ld e,l .testkeys ldh a,[$fff8] and a jr nz,.testkeys ld hl,$c3a0 write: ld [hl],$7c inc hl ld a,d call writehex ld a,e call writehex ld [hl],$e3 inc hl ld a,[de] call writehex ld [hl],$7c ld bc,12 add hl,bc inc de ld a,l cp 8 jr nz,write waiting: ld hl,$c445 ld [hl],$ed pop de .testbuttons db $76 ; halt ldh a,[$fff8] ld b,a bit 3,b jr z,.nostartbtn ld a,d add $10 ld d,a .nostartbtn bit 2,b jr z,.noselectbtn inc d .noselectbtn bit 1,b ret nz bit 0,b jr nz,bytechangeloop bit 6,b jr z,.noupbtn dec de .noupbtn bit 7,b jr z,.nodownbtn inc de .nodownbtn bit 5,b jr z,.noleftbtn ld hl,$fff0 add hl,de ld d,h ld e,l .noleftbtn bit 4,b jr z,.norightbtn ld hl,$0010 add hl,de ld d,h ld e,l .norightbtn writeagainbounce: jr writeagain storeandwriteagain: ld a,c ld [de],a jr writeagainbounce bytechangeloop: ld [hl],$ec ld a,[de] ld c,a bytechangeloopentry: db $76 ; halt ldh a,[$fff8] and a jr z,storeandwriteagain ld b,a bit 6,b jr z,.noupbtn ld a,c add $10 ld c,a .noupbtn bit 7,b jr z,.nodownbtn ld a,c sub $10 ld c,a .nodownbtn bit 5,b jr z,.noleftbtn dec c .noleftbtn bit 4,b jr z,.norightbtn inc c .norightbtn ld l,$46 ld a,c call writehex .waitbuttonsc ldh a,[$fff8] cp $0d jr z,specialexec and $fe jr nz,.waitbuttonsc jr bytechangeloopentry writehex: ld b,a swap a and $0f call writehexdigit ld a,b ; fall through to writehexdigit writehexdigit: and $0f add $f6 jr nc,.noadd add $60 .noadd ld [hli],a .retinstr ret specialexec: ld hl,.executive ld [hl],e inc hl ld [hl],d call $3e94 ; GetPredefRegisters ld a,[$cc4e] db $c3 ; jp .executive ; subroutine address goes here

    YouTube video

    [b]YouTube video by PLASMA GER[/b]


    References

    Categories