Leahnaya/Poke_Transporter_GB
1
0
Fork 0
mirror of https://github.com/GearsProgress/Poke_Transporter_GB.git synced 2026-03-21 17:34:42 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix crash + unrelated buffer overflow + some optimizations

Browse Source 
There was a crash happening with ptgb::vector when you'd press A on the CONFIRM button of the box screen. It only occurred on actual gba hardware and
was a real heisenbug: as soon as you'd add code to display logs on screen, the problem would disappear. So it was very difficult to figure this one
out. We're not even entirely sure why, but it looks like the malloc/realloc/free use in ptgb::vector would cause issues.

Maybe it was alignment, but after messing with the code we also saw a warning appear in the terminal telling us that realloc wouldn't properly
deal with non-POD types. It complained about this very thing while referring to the add_track() function, which stores ptgb::vectors inside another
ptgb::vector. We also didn't have a custom copy constructor yet to actually copy the buffer instead of its pointer.
All of these could potentially have led to the crash. But debugging during the link cable flow was difficult, so we were never able to confirm it in
a debugger, log or dump.

Because I suspected the high IWRAM consumption (especially now with ZX0 decompression) for a while, I also did an optimization in mystery_gift_builder
to pass global_memory_buffer as its section_30_data buffer instead. This reduces IWRAM consumption by 4 KB.

There was another problem I discovered during my crash hunt: the out_array (now payload_buffer) was allocated as a 672 byte array, but the payloads
were actually 707 bytes. Therefore writing this to the buffer caused a buffer overflow, thereby corrupting the global variables appearing after it in
IWRAM. It turned out eventually that none of these variables were really critical, but it could explain some minor bugs GearsProgress has seen.

I also did a few performance optimizations:

- At various stages in the code, for loops were used to copy data from one buffer into another byte-by-byte. This was far from optimal because the gba
cpu can load/copy 4 bytes at a time if you ask it to. So I replaced those with memcpy(), which is a hand-optimized assembly function to copy data
using this principle.

- generate_payload was being called twice: once at start_link and once at continue_link, giving the exact same result, even though it was already
being stored in a global buffer allocated in IWRAM. This was also a fairly heavy function. So I optimized the code to only initialize it once in
the script chain and then just retrieve the buffer.

- generate_payload was constructing the eventual payload twice even within the same call. That's because it first merged z80_rng_seed, z80_payload
and z80_patchlist into a full_data ptgb::vector, after which it then copied the data again to out_array (now called payload_buffer). I eliminated the
full_data vector now.
This commit is contained in:
Philippe Symons 2025-06-18 10:23:03 +02:00
parent 00261cd8d8
commit eef173b0d2
20 changed files with 205 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/box_menu.h
View File

@ -2,7 +2,6 @@
#define BOX_MENU_H
#include <tonc.h>
#include <vector>
#include "string.h"
#include "button_handler.h"
#include "pokemon.h"

1
include/gb_link.h
View File

@ -73,7 +73,6 @@ typedef enum
#define GB_LINK_H
#include <tonc.h>
//#include <string>
//void log(std::string text);
void wait(u32 verticalLines);

105
include/libstd_replacements.h
View File

@ -4,6 +4,7 @@
#include <inttypes.h>
#include <cstring>
#include <new>
#include <utility>
// To reduce the binary size, we need to get rid of libstdc++
// But we were happily using some functions that made life easier.
@ -43,65 +44,88 @@ namespace ptgb
class vector
{
public:
static constexpr size_t default_capacity = 4;
static constexpr uint16_t default_capacity = 2;
vector()
: buffer_()
, capacity_(default_capacity)
, count_(0)
{
buffer_ = static_cast<ValueType*>(::operator new(capacity_ * sizeof(ValueType)));
buffer_ = static_cast<ValueType*>(::operator new(sizeof(ValueType) * capacity_));
if(!buffer_)
{
return; // allocation failed
}
}
vector(const ValueType* valueList, size_t listSize)
vector(const ValueType* valueList, uint16_t listSize)
: buffer_()
, capacity_(listSize)
, count_(0)
{
buffer_ = static_cast<ValueType*>(::operator new(capacity_ * sizeof(ValueType)));
buffer_ = static_cast<ValueType*>(::operator new(sizeof(ValueType) * capacity_));
if(!buffer_)
{
return; // allocation failed
}
insert(valueList, listSize);
}
vector(const vector<ValueType>& otherList)
: buffer_()
, capacity_(otherList.capacity_)
, count_(0)
{
buffer_ = static_cast<ValueType*>(::operator new(sizeof(ValueType) * capacity_));
if(!buffer_)
{
return; // allocation failed
}
insert(otherList);
}
~vector()
{
clear();
::operator delete(buffer_);
}
void reserve(size_t newSize)
void reserve(uint16_t newSize)
{
ValueType *oldValue;
ValueType *oldBuffer;
if(newSize <= capacity_)
{
return;
}
oldBuffer = buffer_;
buffer_ = static_cast<ValueType*>(::operator new(newSize * sizeof(ValueType)));
capacity_ = newSize;
for (size_t i = 0; i < count_; ++i)
ValueType* new_buffer = static_cast<ValueType*>(::operator new(sizeof(ValueType) * newSize));
if(!new_buffer)
{
oldValue = oldBuffer + i;
new(buffer_ + i) ValueType(*oldValue);
oldValue->~ValueType();
return; // allocation failed, keep the old buffer
}
::operator delete(oldBuffer);
// copy data from the old buffer to the new one
for (uint16_t i = 0; i < count_; ++i)
{
new (new_buffer + i) ValueType(std::move(buffer_[i]));
buffer_[i].~ValueType();
}
::operator delete(buffer_);
buffer_ = new_buffer;
capacity_ = newSize;
}
void resize(size_t newSize)
void resize(uint16_t newSize)
{
resize(newSize, ValueType());
}
void resize(size_t newSize, const ValueType& value)
void resize(uint16_t newSize, const ValueType& value)
{
if(newSize < count_)
{
const size_t num_erase = (count_ - newSize);
for(size_t i=0; i < num_erase; ++i)
const uint16_t num_erase = (count_ - newSize);
for(uint16_t i=0; i < num_erase; ++i)
{
pop_back();
}
@ -109,8 +133,8 @@ namespace ptgb
else if(newSize > count_)
{
reserve(newSize);
const size_t num_fill = (newSize - count_);
for(size_t i=0; i < num_fill; ++i)
const uint16_t num_fill = (newSize - count_);
for(uint16_t i=0; i < num_fill; ++i)
{
push_back(value);
}
@ -129,22 +153,23 @@ namespace ptgb
void pop_back()
{
ValueType *value = buffer_ + ((count_ - 1));
if (count_ == 0) return;
ValueType *value = buffer_ + (count_ - 1);
value->~ValueType();
--count_;
}
void insert(vector<ValueType>& otherList)
void insert(const vector<ValueType>& otherList)
{
reserve(count_ + otherList.size());
for(size_t i=0; i < otherList.size(); ++i)
for(uint16_t i=0; i < otherList.size(); ++i)
{
push_back(otherList.at(i));
}
}
void insert(const ValueType* list, size_t listSize)
void insert(const ValueType* list, uint16_t listSize)
{
reserve(count_ + listSize);
for(size_t i=0; i < listSize; ++i)
@ -158,32 +183,42 @@ namespace ptgb
resize(0);
}
size_t size() const { return count_; }
size_t capacity() const { return capacity_; }
uint16_t size() const { return count_; }
uint16_t capacity() const { return capacity_; }
ValueType& at(size_t index)
ValueType* data() const
{
return buffer_;
}
ValueType* data()
{
return buffer_;
}
ValueType& at(uint16_t index)
{
return operator[](index);
}
const ValueType& at(size_t index) const
const ValueType& at(uint16_t index) const
{
return operator[](index);
}
ValueType& operator[](size_t index)
ValueType& operator[](uint16_t index)
{
return *(buffer_ + index);
}
const ValueType& operator[](size_t index) const
const ValueType& operator[](uint16_t index) const
{
return *(buffer_ + index);
}
private:
ValueType *buffer_;
size_t capacity_;
size_t count_;
uint16_t capacity_;
uint16_t count_;
};
}

25
include/mystery_gift_builder.h
View File

@ -2,9 +2,6 @@
#define MYSTERY_GIFT_BUILDER_H
#include <tonc.h>
#include <string>
#include <map>
#include <vector>
#include "pokemon_party.h"
#include "debug_mode.h"
#include "save_data_manager.h"
@ -258,17 +255,27 @@ class mystery_gift_script
{
int curr_mg_index;
int curr_section30_index;
u8 mg_script[MG_SCRIPT_SIZE] = {};
u8 save_section_30[0x1000] = {};
u8 *save_section_30;
u8 mg_script[MG_SCRIPT_SIZE];
u8 value_buffer[9];
u8 four_align_value = 0;
u8 four_align_value;
public:
mystery_gift_script();
/**
* @brief Construct a new mystery gift script object
*
* @param save_section_30_buffer This needs to be a 4KB buffer to store the section 30 data.
* It was done this way to pass the global_memory_buffer to this class, thereby saving IWRAM.
*
* Be careful of what you do with this buffer after running build_script().
* Especially if you're using global_memory_buffer!
* You're in control!
*/
mystery_gift_script(u8 *save_section_30_buffer);
void build_script(Pokemon_Party &incoming_box_data);
//void build_script_old(Pokemon_Party &incoming_box_data);
u8 get_script_value_at(int index);
u8 get_section30_value_at(int index);
const u8 *get_script() const;
const u8 * get_section30() const;
u32 calc_checksum32();
u16 calc_crc16();

6
include/payload_builder.h
View File

@ -6,7 +6,6 @@
#define TEST 3
#include "gb_rom_values/base_gb_rom_struct.h"
#include <vector>
#define DATA_PER_PACKET 8
#define PACKET_DATA_START 2
@ -20,6 +19,9 @@
#define PACKET_SIZE (1 + 1 + (2 * DATA_PER_PACKET) + 1 + 2) // Originally 13
byte* generate_payload(GB_ROM curr_rom, int type, bool debug);
void init_payload(GB_ROM curr_rom, int type, bool debug);
/// @brief Note: call @see init_payload before using this function.
byte* get_payload();
#endif

1
include/script_var.h
View File

@ -1,6 +1,5 @@
#include <tonc.h>
#include "libstd_replacements.h"
#include <string>
#include "rom_data.h"
class script_var

6
include/text_engine.h
View File

@ -1,12 +1,8 @@
#ifndef TEXT_ENGINE_H
#define TEXT_ENGINE_H
#include <tonc.h>
#include <string>
#include "script_obj.h"
#include "script_array.h"
#include "pokemon_data.h"
#include <cstdarg>
#define H_MAX 240
#define V_MAX 160

1
include/z80_asm.h
View File

@ -60,6 +60,7 @@ public:
z80_asm_handler(int data_size, int mem_offset);
void add_byte(u8 value);
void add_bytes(int num_bytes, ...);
void add_bytes(const u8 *data, u16 data_size);
void generate_patchlist(z80_asm_handler *bytes_to_patch);
void LD(int destination, int source);
void HALT();

2
source/flash_mem.cpp
View File

@ -55,7 +55,7 @@ void initalize_memory_locations()
copy_save_to_ram(memory_section_array[mem_section], &global_memory_buffer[0], 0x1000);
tte_set_pos(8, 0);
tte_write("loc: ");
tte_write(ptgb::to_string(memory_section_array[mem_section] + mem_start));
tte_write(ptgb::to_string(static_cast<unsigned>(memory_section_array[mem_section] + mem_start)));
tte_write("\n");
for (int i = mem_start; i < (128 + mem_start); i++)
{

4
source/gameboy_colour.cpp
View File

@ -41,8 +41,8 @@
const int MODE = 1; // mode=0 will transfer pokemon data from pokemon.h
// mode=1 will copy pokemon party data being received
LinkSPI *linkSPI = new LinkSPI();
LinkSPI linkSPIInstance;
LinkSPI *linkSPI = &linkSPIInstance;
uint8_t in_data;
uint8_t out_data;

1
source/global_frame_controller.cpp
View File

@ -8,6 +8,7 @@
#include "sprite_data.h"
#include "string.h"
#include "text_data_table.h"
#include "translated_text.h"
int global_frame_count = 0;
bool rand_enabled = true;

4
source/main.cpp
View File

@ -1,5 +1,5 @@
#include <tonc.h>
#include <cstring>
#include <cstdlib>
// #include <maxmod.h> //Music
#include "libstd_replacements.h"
#include "flash_mem.h"
@ -246,7 +246,7 @@ int test_decompress()
create_textbox(4, 1, 160, 80, true);
ptgb_write_debug(charset, "Test results:\n\nDecompress: ", true);
ptgb_write_debug(charset, ptgb::to_string(ticks * 1000 / 16777), true);
ptgb_write_debug(charset, ptgb::to_string(static_cast<unsigned>(ticks * 1000 / 16777)), true);
ptgb_write_debug(charset, " usec\n", true);

1
source/multiboot_upload.cpp
View File

@ -4,6 +4,7 @@
#include "background_engine.h"
#include "libraries/gba-link-connection/LinkCableMultiboot.hpp"
#include "text_engine.h"
#include "translated_text.h"
#include "text_data_table.h"
static void multiboot_show_textbox()

37
source/mystery_gift_builder.cpp
View File

@ -79,11 +79,14 @@ union decompressed_data_storage_union
~decompressed_data_storage_union(){}
};
mystery_gift_script::mystery_gift_script()
mystery_gift_script::mystery_gift_script(u8 *save_section_30_buffer)
: curr_mg_index(NPC_LOCATION_OFFSET)
, curr_section30_index(0)
, save_section_30(save_section_30_buffer)
, mg_script()
, value_buffer()
, four_align_value(0)
{
curr_mg_index = NPC_LOCATION_OFFSET;
curr_section30_index = 0;
ptr_call_check_flag = (curr_rom.loc_gSpecialVar_0x8000 + 0x08);
ptr_call_return_2 = (curr_rom.loc_gSpecialVar_0x8000 + 0x0A);
ptr_box_return = (curr_rom.loc_gSpecialVar_0x8000 + 0x0C);
@ -323,7 +326,7 @@ void mystery_gift_script::build_script(Pokemon_Party &incoming_box_data)
// const byte track_unused[] = {0xBC, 0x00, 0xBD, 0x7E, 0xC4, 0x00, 0xBE, 0x53, 0xBF, 0x40, 0xD4, 0x24, 0x70, 0x8C, 0xD4, 0x98, 0x32, 0x86, 0xD4, 0x86, 0x30, 0x86, 0xD4, 0x86, 0xD4, 0x86, 0xD4, 0x86, 0x2D, 0x86, 0xD4, 0x86, 0xD4, 0x86, 0xD4, 0x85, 0xB1};
// songLooker.add_track(track_unused, sizeof(track_unused));
int dex_nums[MAX_PKMN_IN_BOX] = {};
u8 dex_nums[MAX_PKMN_IN_BOX] = {};
// placement new is required to run the constructor of PokemonTables for the decompressed_store's instance
// it won't get called automatically because it's part of the union (and neither will the destructor)
@ -333,11 +336,8 @@ void mystery_gift_script::build_script(Pokemon_Party &incoming_box_data)
Pokemon curr_pkmn = incoming_box_data.get_converted_pkmn(decompressed_store.tables.data, i);
if (curr_pkmn.get_validity())
{
for (int curr_byte = 0; curr_byte < POKEMON_SIZE; curr_byte++)
{
save_section_30[curr_section30_index] = curr_pkmn.get_gen_3_data(curr_byte);
curr_section30_index++;
}
memcpy(save_section_30 + curr_section30_index, curr_pkmn.get_full_gen_3_array(), POKEMON_SIZE);
curr_section30_index += POKEMON_SIZE;
dex_nums[i] = curr_pkmn.get_dex_number();
}
else
@ -354,11 +354,9 @@ void mystery_gift_script::build_script(Pokemon_Party &incoming_box_data)
// but let's do it anyway for the sake of being explicit after having used placement new
decompressed_store.tables.data.~PokemonTables();
for (int i = 0; i < MAX_PKMN_IN_BOX; i++) // Add in the dex numbers
{
save_section_30[curr_section30_index] = dex_nums[i];
curr_section30_index++;
}
// Add in the dex numbers
memcpy(save_section_30 + curr_section30_index, dex_nums, MAX_PKMN_IN_BOX);
curr_section30_index += MAX_PKMN_IN_BOX;
// insert text
@ -1095,14 +1093,15 @@ void mystery_gift_script::build_script_old(Pokemon_Party &incoming_box_data)
}
};
*/
u8 mystery_gift_script::get_script_value_at(int i)
const u8* mystery_gift_script::get_script() const
{
return mg_script[i];
return mg_script;
}
u8 mystery_gift_script::get_section30_value_at(int i)
const u8* mystery_gift_script::get_section30() const
{
return save_section_30[i];
return save_section_30;
}
u16 mystery_gift_script::rev_endian(u16 num)

69
source/mystery_gift_injector.cpp
View File

@ -45,7 +45,12 @@ static void __attribute__((noinline)) handle_old_event(Pokemon_Party &incoming_b
bool inject_mystery(Pokemon_Party &incoming_box_data)
{
mystery_gift_script script;
// WARNING: Look right here: we're passing global_memory_buffer to mystery_gift_script to be used as its save_section_30 buffer.
// Since we're going to be reusing global_memory_buffer later, we need to be careful about the timing/sequence of operations.
// The goal is to use write that save_section_30 to the save as soon as we can.
mystery_gift_script script(global_memory_buffer);
u32 checksum = 0;
if (ENABLE_OLD_EVENT)
{
// script.build_script_old(incoming_box_data);
@ -54,7 +59,7 @@ bool inject_mystery(Pokemon_Party &incoming_box_data)
{
script.build_script(incoming_box_data);
}
u32 checksum = 0;
if (curr_rom.is_ruby_sapphire())
{
checksum = script.calc_checksum32();
@ -64,6 +69,29 @@ bool inject_mystery(Pokemon_Party &incoming_box_data)
checksum = script.calc_crc16();
}
// Add in Pokemon and Dex data
// We need to do this NOW, because mystery_gift_script::build_script() actually fills the global_memory_buffer.
// In the steps after this, we will be recycling the global_memory_buffer to read and write data to other sections of the save.
// So we really MUST write the generated data now, before we lose it.
if (ENABLE_OLD_EVENT)
{
int dex_nums[MAX_PKMN_IN_BOX] = {};
int curr_index = 0;
copy_save_to_ram(0x1E000, &global_memory_buffer[0], 0x1000);
handle_old_event(incoming_box_data, curr_index, dex_nums);
}
else
{
memcpy(global_memory_buffer, script.get_section30(), 0x1000);
}
update_memory_buffer_checksum(false);
erase_sector(0x1E000);
copy_ram_to_save(&global_memory_buffer[0], 0x1E000, 0x1000);
// section_30 data has been stored, so now we can safely re-use the global_memory_buffer for other sections.
// Let's move on to the next step.
// Add in Wonder Card
copy_save_to_ram(memory_section_array[4], &global_memory_buffer[0], 0x1000);
switch (curr_rom.gamecode)
@ -74,17 +102,11 @@ bool inject_mystery(Pokemon_Party &incoming_box_data)
break;
case FIRERED_ID:
case LEAFGREEN_ID:
for (int i = 0; i < 0x14E; i++)
{
global_memory_buffer[curr_rom.offset_wondercard + i] = frlg_wonder_card[i];
}
memcpy(global_memory_buffer + curr_rom.offset_wondercard, frlg_wonder_card, 0x14E);
break;
case EMERALD_ID:
default:
for (int i = 0; i < 0x14E; i++)
{
global_memory_buffer[curr_rom.offset_wondercard + i] = em_wonder_card[i];
}
memcpy(global_memory_buffer + curr_rom.offset_wondercard, em_wonder_card, 0x14E);
break;
}
@ -95,37 +117,12 @@ bool inject_mystery(Pokemon_Party &incoming_box_data)
global_memory_buffer[curr_rom.offset_script + 3] = checksum >> 24;
// Add in Mystery Script data
for (int i = 0; i < MG_SCRIPT_SIZE; i++)
{
global_memory_buffer[curr_rom.offset_script + 4 + i] = script.get_script_value_at(i);
}
memcpy(global_memory_buffer + curr_rom.offset_script + 4, script.get_script(), MG_SCRIPT_SIZE);
update_memory_buffer_checksum(false);
erase_sector(memory_section_array[4]);
copy_ram_to_save(&global_memory_buffer[0], memory_section_array[4], 0x1000);
// Add in Pokemon and Dex data
copy_save_to_ram(0x1E000, &global_memory_buffer[0], 0x1000);
int curr_index = 0;
int dex_nums[MAX_PKMN_IN_BOX] = {};
if (ENABLE_OLD_EVENT)
{
handle_old_event(incoming_box_data, curr_index, dex_nums);
}
else
{
for (int i = 0; i < 0x1000; i++) // Copy over the save data section
{
global_memory_buffer[curr_index] = script.get_section30_value_at(i);
curr_index++;
}
}
update_memory_buffer_checksum(false);
erase_sector(0x1E000);
copy_ram_to_save(&global_memory_buffer[0], 0x1E000, 0x1000);
if (WRITE_CABLE_DATA_TO_SAVE)
{
for (int i = 0; i < 1122; i++)

77
source/payload_builder.cpp
View File

@ -6,9 +6,9 @@
#define DATA_LOC (SHOW_DATA_PACKETS ? curr_rom.transferStringLocation : curr_rom.wEnemyMonSpecies)
byte out_array[PAYLOAD_SIZE] = {};
static byte payload_buffer[PAYLOAD_SIZE];
byte *generate_payload(GB_ROM curr_rom, int type, bool debug)
void init_payload(GB_ROM curr_rom, int type, bool debug)
{
/* 10 RNG bytes
8 Preamble bytes
@ -18,7 +18,6 @@ byte *generate_payload(GB_ROM curr_rom, int type, bool debug)
637 / 660 total bytes
*/
if ((curr_rom.generation == 1 && curr_rom.version != YELLOW_ID))
{
ptgb::vector<z80_jump *> jump_vector;
@ -26,7 +25,7 @@ byte *generate_payload(GB_ROM curr_rom, int type, bool debug)
z80_asm_handler z80_rng_seed(0x0A, curr_rom.wSerialOtherGameboyRandomNumberListBlock + 8);
z80_asm_handler z80_payload(0x1AA, curr_rom.wSerialEnemyDataBlock);
z80_asm_handler z80_patchlist(0xEC, curr_rom.wSerialEnemyMonsPatchList);
z80_asm_handler z80_patchlist(0xC9, curr_rom.wSerialEnemyMonsPatchList);
z80_jump asm_start(&jump_vector);
z80_jump save_box(&jump_vector);
@ -276,18 +275,15 @@ byte *generate_payload(GB_ROM curr_rom, int type, bool debug)
}
// Combine the vectors into the full payload
ptgb::vector<byte> full_data;
full_data.reserve(z80_rng_seed.data_vector.size() + z80_payload.data_vector.size() + z80_patchlist.data_vector.size());
full_data.insert(z80_rng_seed.data_vector);
full_data.insert(z80_payload.data_vector);
full_data.insert(z80_patchlist.data_vector);
u8 *cur_out = payload_buffer;
memcpy(cur_out, z80_rng_seed.data_vector.data(), z80_rng_seed.data_vector.size());
cur_out += z80_rng_seed.data_vector.size();
memcpy(cur_out, z80_payload.data_vector.data(), z80_payload.data_vector.size());
cur_out += z80_payload.data_vector.size();
memcpy(cur_out, z80_patchlist.data_vector.data(), z80_patchlist.data_vector.size());
cur_out += z80_patchlist.data_vector.size();
for(size_t i=0; i < full_data.size(); ++i)
{
out_array[i] = full_data[i];
}
return out_array;
return;
}
else if ((curr_rom.generation == 1 && curr_rom.version == YELLOW_ID))
@ -297,7 +293,7 @@ byte *generate_payload(GB_ROM curr_rom, int type, bool debug)
z80_asm_handler z80_rng_seed(0x0A, curr_rom.wSerialOtherGameboyRandomNumberListBlock + 8);
z80_asm_handler z80_payload(0x1AA, curr_rom.wSerialEnemyDataBlock - 8); // Subtracting 8 is because the data is shifted after patching, removing part of the enemy name. May change depending on language
z80_asm_handler z80_patchlist(0xEC, curr_rom.wSerialEnemyMonsPatchList);
z80_asm_handler z80_patchlist(0xC9, curr_rom.wSerialEnemyMonsPatchList);
z80_jump asm_start(&jump_vector);
z80_jump save_box(&jump_vector);
@ -590,18 +586,15 @@ byte *generate_payload(GB_ROM curr_rom, int type, bool debug)
}
// Combine the vectors into the full payload
ptgb::vector<byte> full_data;
full_data.reserve(z80_rng_seed.data_vector.size() + z80_payload.data_vector.size() + z80_patchlist.data_vector.size());
full_data.insert(z80_rng_seed.data_vector);
full_data.insert(z80_payload.data_vector);
full_data.insert(z80_patchlist.data_vector);
u8 *cur_out = payload_buffer;
memcpy(cur_out, z80_rng_seed.data_vector.data(), z80_rng_seed.data_vector.size());
cur_out += z80_rng_seed.data_vector.size();
memcpy(cur_out, z80_payload.data_vector.data(), z80_payload.data_vector.size());
cur_out += z80_payload.data_vector.size();
memcpy(cur_out, z80_patchlist.data_vector.data(), z80_patchlist.data_vector.size());
cur_out += z80_patchlist.data_vector.size();
for(size_t i=0; i < full_data.size(); ++i)
{
out_array[i] = full_data[i];
}
return out_array;
return;
/*
else if (type == EVENT)
@ -671,7 +664,7 @@ byte *generate_payload(GB_ROM curr_rom, int type, bool debug)
z80_asm_handler z80_rng_seed(0x0A, curr_rom.wSerialOtherGameboyRandomNumberListBlock);
z80_asm_handler z80_payload(0x1CD, curr_rom.wSerialEnemyDataBlock); // wOTPartyData
z80_asm_handler z80_patchlist(0xEC, curr_rom.wSerialEnemyMonsPatchList); // wOTPatchLists
z80_asm_handler z80_patchlist(0xC9, curr_rom.wSerialEnemyMonsPatchList); // wOTPatchLists
/*
Initally the entire wLinkData is copied into the data section at D26B.
@ -937,27 +930,28 @@ byte *generate_payload(GB_ROM curr_rom, int type, bool debug)
}
// Combine the vectors into the full payload
ptgb::vector<byte> full_data;
full_data.reserve(z80_rng_seed.data_vector.size() + z80_payload.data_vector.size() + z80_patchlist.data_vector.size());
full_data.insert(z80_rng_seed.data_vector);
full_data.insert(z80_payload.data_vector);
full_data.insert(z80_patchlist.data_vector);
u8 *cur_out = payload_buffer;
memcpy(cur_out, z80_rng_seed.data_vector.data(), z80_rng_seed.data_vector.size());
cur_out += z80_rng_seed.data_vector.size();
memcpy(cur_out, z80_payload.data_vector.data(), z80_payload.data_vector.size());
cur_out += z80_payload.data_vector.size();
memcpy(cur_out, z80_patchlist.data_vector.data(), z80_patchlist.data_vector.size());
cur_out += z80_patchlist.data_vector.size();
for(size_t i = 0; i < full_data.size(); ++i)
{
out_array[i] = full_data[i];
}
return out_array;
return;
// This payload works by placing Pokemon ID 0xFC's name in the stack, and causing a return to CD8E,
// which is part of the RNG seed. From there we can jump anywhere- and we choose to jump to D887,
// which is the rival's name. This code fixes the stack and jumps to the patchlist, which is where
// our final code is.
}
return nullptr;
memset(payload_buffer, 0x00, PAYLOAD_SIZE);
};
byte* get_payload()
{
return payload_buffer;
}
// Uncomment to send the payload to test_payload.txt
#if 0
@ -966,7 +960,8 @@ int main()
{
freopen("test_payload.txt", "w", stdout);
printf("\n");
byte *payload = generate_payload(ENG_RED, TRANSFER, true);
init_payload(ENG_RED, TRANSFER, true);
byte *payload = get_payload();
if (true)
{
for (int i = 0; i < 0x2A0; i++)

5
source/pokemon.cpp
View File

@ -654,10 +654,7 @@ void Pokemon::copy_from_to(const byte *source, byte *destination, int size, bool
}
else
{
for (int i = 0; i < size; i++)
{
destination[i] = source[i];
}
memcpy(destination, source, size);
}
}

13
source/pokemon_party.cpp
View File

@ -185,12 +185,12 @@ void Pokemon_Party::start_link()
u16 debug_charset[256];
load_localized_charset(debug_charset, 3, ENG_ID);
init_payload(curr_gb_rom, TRANSFER, false);
setup(debug_charset);
for (int i = 0; i < curr_gb_rom.box_data_size; i++)
{
box_data_array[i] = 0;
}
last_error = loop(&box_data_array[0], generate_payload(curr_gb_rom, TRANSFER, false), &curr_gb_rom, simple_pkmn_array, debug_charset, false);
memset(box_data_array, 0, curr_gb_rom.box_data_size);
last_error = loop(&box_data_array[0], get_payload(), &curr_gb_rom, simple_pkmn_array, debug_charset, false);
}
}
@ -201,7 +201,8 @@ void Pokemon_Party::continue_link(bool cancel_connection)
u16 debug_charset[256];
load_localized_charset(debug_charset, 3, ENG_ID);
last_error = loop(&box_data_array[0], generate_payload(curr_gb_rom, TRANSFER, false), &curr_gb_rom, simple_pkmn_array, debug_charset, cancel_connection);
last_error = loop(&box_data_array[0], get_payload(), &curr_gb_rom, simple_pkmn_array, debug_charset, cancel_connection);
}
}

5
source/text_engine.cpp
View File

@ -1,5 +1,4 @@
#include <tonc.h>
#include <string>
#include <cstring>
#include "text_engine.h"
@ -141,7 +140,9 @@ int text_next_obj_id(script_obj current_line)
}
else
{
if (run_conditional(current_line.get_cond_id()))
const bool ret = run_conditional(current_line.get_cond_id());
VBlankIntrWait(); // this is needed to handle interrupts
if (ret)
{
return current_line.get_true_index();
}

16
source/z80_asm.cpp
View File

@ -43,6 +43,12 @@ void z80_asm_handler::add_bytes(int num_bytes, ...)
va_end(pargs);
}
void z80_asm_handler::add_bytes(const u8 *data, u16 data_size)
{
memcpy(data_vector.data() + index, data, data_size);
index += data_size;
}
void z80_asm_handler::add_byte(u8 value)
{
data_vector.at(index++) = value;
@ -691,20 +697,14 @@ z80_variable::z80_variable(ptgb::vector<z80_variable *> *var_vec, int data_size,
void z80_variable::load_data(int data_size, byte array_data[])
{
data.resize(data_size);
for (int i = 0; i < data_size; i++)
{
data.at(i) = array_data[i];
}
memcpy(data.data(), array_data, data_size);
size = data_size;
}
void z80_variable::insert_variable(z80_asm_handler *var)
{
var_mem_location = (var->index - 1) + var->memory_offset;
for (int i = 0; i < size; i++)
{
var->add_byte(data.at(i));
}
var->add_bytes(data.data(), size);
}
int z80_variable::place_ptr(z80_asm_handler *z80_instance)