krazyd4n - 09/14/2016
so enemymonunmodifiedspecial is 1604 bytes after the start of overworld map(edited)
good news, you can set the t-fly poke byte without crashing the game
luck i b&phlosion - 09/14/2016
wtf are you trying to do
krazyd4n - 09/14/2016
looking at ways of setting the t-fly poke
luck i b&phlosion - 09/14/2016
lol
invalid map width kek
krazyd4n - 09/14/2016
pls send help

stringflow - 09/14/2016
nice electrode
krazyd4n - 09/14/2016
I assume something i did to get myself to that point is against the rules
Ab&²mart - 09/14/2016
I don't even know what mon that backsprite is
zubat? it's so light
stringflow - 09/14/2016
yea
gifvex - 09/14/2016
where is route 1 curscript?
krazyd4n - 09/14/2016
it doesn't appear to have one
all my pokemon are zubats
gifvex - 09/14/2016
do you know what  causes the crash?
krazyd4n - 09/14/2016
the TM29 crash?
gifvex - 09/14/2016
on map load
krazyd4n - 09/14/2016
probably overwrote MapID or script pointer
gifvex - 09/14/2016
i didnt go that far lol
krazyd4n - 09/14/2016
i used a TM29 x255 when i crashed
gifvex - 09/14/2016
i give up for now
krazyd4n - 09/14/2016
you can definitely set t-flies with this
gifvex - 09/14/2016
my script tells me which value gets put in unmodifiedspecial given a map, height, and width, but i keep crashing on load for all the ones i've tried
krazyd4n - 09/14/2016
lots of them do crash
I've had 2/5 crash, 2/5 give no poke, 1/5 give a missingno.(edited)
this probably has some use
but there's a lot of different combinations of map/height/width
not to mention only a small window between corrupting wEnemyMonUnmodifiedSpecial
and something that we probably shouldn't corrupt
gifvex - 09/14/2016
concept
if south connection data is always put at the bottom of overworldmap
we edit the south connection block source to target data in rom(edited)
set map area big enough to load south connection over unmodifiedspecial
krazyd4n - 09/14/2016
does it actually place blocks from the connected maps at the edge of the map
I've never seen anything but bushes to the north of route 11
gifvex - 09/14/2016
route 11 doesn't have north connection
krazyd4n - 09/14/2016
you can give it one
gifvex - 09/14/2016
wait
it doesnt put them at the bottom, it puts them at an address defined in the connection
WTF we have a data copier in underflow(edited)
we can set source address and target address, then S+Q to copy
krazyd4n - 09/14/2016
lol
this game is so broken
gifvex - 09/14/2016
and we can control the size of the copy
I CLONED BULBASAUR
krazyd4n - 09/14/2016
wut
why would we want 2
gifvex - 09/14/2016
idfk but it worked
sort of
krazyd4n - 09/14/2016
we don't even want the one we get
gifvex - 09/14/2016
02 6B D1 97 D1 0F 0F 23 0A BD C8
is my north connection
krazyd4n - 09/14/2016
is this even allowed, since it could be used to modify pokedex flags
gifvex - 09/14/2016
copied from D16B to D197, 15 bytes * 3 every 15 bytes
luck i b&phlosion - 09/14/2016
lol
is the destination constant @gifvex
gifvex - 09/14/2016
you control it
luck i b&phlosion - 09/14/2016
then it's b&
gifvex - 09/14/2016
why?
luck i b&phlosion - 09/14/2016
arbitrary RAM modification
glitches that allow you to write at any address of memory are b&
gifvex - 09/14/2016
ah
luck i b&phlosion - 09/14/2016
so how does this work
piapwns - 09/14/2016
neat.
tehhammershow - 09/14/2016
What is the difference between arbitrary code execution and arbitrary RAM modification
luck i b&phlosion - 09/14/2016
running code vs hard gameshark
as opposed to a soft gameshark

well it's semi-hard
because the byte written doesn't have to be controllable
tehhammershow - 09/14/2016
I shouldnt have come here
gifvex - 09/14/2016
map connections are
1 byte destination map
2 bytes pointer to connection blocks
2 bytes pointer to overworldmap address to copy to
1 byte length of strip
1 byte connected map width
some other stuff
so you set the "pointer to connection blocks" to "pointer to data you want to copy"
and "pointer to overworldmap address to copy to" to "pointer to where you want the data to go"
krazyd4n - 09/14/2016
that explains roaming TMs
luck i b&phlosion - 09/14/2016
it's not a direct copy though
gifvex - 09/14/2016
and change the strip length, connected width, and your own width to make the data copy cleanly
luck i b&phlosion - 09/14/2016
ah
so what do you want to set the strip length and connected width to
gifvex - 09/14/2016
and map width (map you're on) would be the above - 6?(edited)
luck i b&phlosion - 09/14/2016
set cur map width to 0 for a clean copy huh(edited)
gifvex - 09/14/2016
cur map value is irrelevant
luck i b&phlosion - 09/14/2016
fixed
connected map width and cur map width should be 0
gifvex - 09/14/2016
and strip length would be data length
luck i b&phlosion - 09/14/2016
that could lead to an overflow though
gifvex - 09/14/2016
where?
luck i b&phlosion - 09/14/2016
wOverworldMap
because 0 = 256
oh wait don't set to 0
krazyd4n - 09/14/2016
just have height be a low value then
luck i b&phlosion - 09/14/2016
or wait
gifvex - 09/14/2016
strip length X, connected width 0, curmap width 250
luck i b&phlosion - 09/14/2016
set ConnectionStripWidth to the same value as ConnectedMapWidth(edited)
the same with wCurMapWidth
gifvex - 09/14/2016
do what i said http://i.imgur.com/VgUQ5cE.png

piapwns - 09/14/2016
neat.
luck i b&phlosion - 09/14/2016
see your widths are the same
wait wCurMapWidth - 6
gifvex - 09/14/2016
the parameters i posted are correct for clean copy
luck i b&phlosion - 09/14/2016
ok
gifvex - 09/14/2016
you have to remember it does it 3 times and offsets each by their widths
luck i b&phlosion - 09/14/2016
ok so you can achieve w/o s+q by setting bit 7 of wCurMapTileset and using 10F(edited)
bit 7 of wCurMapTileset is some sort of flag to not completely load the map data
gifvex - 09/14/2016
[AABB] = pointer to source data
[CCDD] = pointer to target
[EE]   = number of bytes to copy

memory
$D369 = $F0 (EDITOR NOTE: THIS SHOULD ACTUALLY BE $FA)
$D371 = non-$FF
$D372 = [BB]
$D373 = [AA]
$D374 = [DD]
$D375 = [CC]
$D376 = [EE]
$D377 = $00
then S+Q or do whatever lucky said to perform copy
luck i b&phlosion - 09/14/2016
this is still b& for 151
anyway 10F jumps here: https://github.com/pret/pokered/blob/master/home/overworld.asm#L601
GitHub
pret/pokered
pokered - disassembly of Pokémon Red/Blue

krazyd4n - 09/14/2016
so anytime i save and quit after modifying some of those bytes
that's ARM and b&?(edited)
unless [EE] is set to 0 i guess
luck i b&phlosion - 09/14/2016
if you modify AA or BB
krazyd4n - 09/14/2016
then (probably) every 151 run done in the last few months is invalid
luck i b&phlosion - 09/14/2016
lel
this is why 151 is misc
what a meme though, we had a hard gameshark in item underflow and we didn't even realize it
piapwns - 09/14/2016
so could we use this copy for RBA to set all gym's to just insta give badge? Kappa
luck i b&phlosion - 09/14/2016
RBA still uses the "lucky glitched category global rules" or w/e
krazyd4n - 09/14/2016
IVG is b&
luck i b&phlosion - 09/14/2016
no ACE, ARM, AJPM, ASM
piapwns - 09/14/2016
FeelsBadMan
gifvex - 09/14/2016
it was being discussed here but moved to glitched for some reason
luck i b&phlosion - 09/14/2016
@Dabomstew @gifvex on a side note, what do you think of exploring the potential of invalid map data pointers + s+q
gifvex - 09/14/2016
is map data reloaded during s+q?
krazyd4n - 09/14/2016
Changing map data pointer then s+q messes up the map
luck i b&phlosion - 09/14/2016
yeah
you can control the source this way
so if you change the source to wram...

gifvex - 09/14/2016
pokered says wMapDataPtr is the tile map pointer
luck i b&phlosion - 09/14/2016
yes
well it's block data
gifvex - 09/14/2016
oh
i knew it as block pointer
luck i b&phlosion - 09/14/2016
but yes you could potentially chain LGs this way
gifvex - 09/14/2016
yes
luck i b&phlosion - 09/14/2016
did I break 151 again
krazyd4n - 09/14/2016
Not really
luck i b&phlosion - 09/14/2016
see what we need is a rule that says "no directly modifying pointers to point to wram"
krazyd4n - 09/14/2016
We have similar stuff to what you're suggesting already
luck i b&phlosion - 09/14/2016
lel
like what
krazyd4n - 09/14/2016
Watch the forest segment of a recent run
luck i b&phlosion - 09/14/2016
lol this is basically like changing the TLP to wram except you don't touch the TLP
so I guess it would be b&
Dabomstew - 09/14/2016
lol
gifvex - 09/14/2016
but changing tlp is allowed, just not to wram
luck i b&phlosion - 09/14/2016
that wasn't explicitly a thing
just ban changing directly changing pointers to wram
gifvex - 09/14/2016
thats probably simplest
krazyd4n - 09/14/2016
Except the parts they're supposed to point to
gifvex - 09/14/2016
1) for connection copier, can we change source to be somewhere else in rom, and dest to be somewhere else in overworldmap?
2) for mapdata, can we change to be somewhere else in rom?(edited)
how would that be different to changing tlp to somewhere in rom?
krazyd4n - 09/14/2016
Also, what is/isn't allowed with wOverworldMap overflow?
luck i b&phlosion - 09/14/2016
idk
gifvex - 09/14/2016
i don't want to think about 151's ruleset anymore so here's a manip idea
if vertical steps and horizontal steps delay random by differing numbers of cycles, if you need to take 5 steps up and 5 steps left, will the RNG state at the end of the 10 steps always be the same, regardless of which order you take the steps in?