I'd like to point at Speedy Gonzales. The game has a bug in a late stage where it ends up jumping to open buss. Due to sheer dumb luck things work out so that the game resumes execution as normal. This bug is unavoidable, since the relevant code is responsible for performing an action that is required to proceed in the level.
I will let you guys figure out how this is relevant. I just bring the gas tank, you figure out what to do with it.
Yes, using emulators in recompiler mode, if they have one, already makes ACE not work most of the time. Basically, emulators can gain speed from not reading the original byte code at all while running the game, but converting it to x86/x64 machine code only once, then keep executing that converted code only. So to detect ACE, just have it run in recompiler mode and watch it not work. ;p
Edit: That's a description of a very crude recompiler mode. A more advanced one would detect self-modifying code and adapt, but at the cost of speed, which was the reason to go recompiler mode in the first place. So that arguably defeats part of the point. I just wanted to point out that these kinds of ideas of detecting ACE are not entirely new at all.
If the emulator isn't detecting self-modifying code, it isn't accurate. (This is actually the reason JPC-RR previously failed to run NetHack; it uses something similar to a recompiler, and the code wasn't being detected.) The same detection that's needed to make such emulators accurate could also help in diagnosing ACE.
Hey!
I'm currently investigating the sketch glitch in ff6, and my goal now is to get to ACE. I've found many ways to jump to random places in ROM, but as opposed to Super Metroid for exemple, the game's code is executing in banks C0-EF which only contains ROM data. Also, jump instructions whose destination is variable are almost always staying in the same bank. I'm currently trying to execute long jump opcodes: JML (5C, DC) and JSL (22), but there are very rare, even in data. I managed once to jump to $FF:FFFF, which wasn't very useful.
Do you have any lead on other ways to be able to jump to RAM?
Hey!
I'm currently investigating the sketch glitch in ff6, and my goal now is to get to ACE. I've found many ways to jump to random places in ROM, but as opposed to Super Metroid for exemple, the game's code is executing in banks C0-EF which only contains ROM data. Also, jump instructions whose destination is variable are almost always staying in the same bank. I'm currently trying to execute long jump opcodes: JML (5C, DC) and JSL (22), but there are very rare, even in data. I managed once to jump to $FF:FFFF, which wasn't very useful.
Do you have any lead on other ways to be able to jump to RAM?
Hi keylie, this thread was split off to curb a big debate over what did and did not constitute as ACE in the super mario world TASes, so you might want to ask in the FF6 topic or in a new topic for such a technical question. ;)
Hi keylie, this thread was split off to curb a big debate over what did and did not constitute as ACE in the super mario world TASes, so you might want to ask in the FF6 topic or in a new topic for such a technical question. ;)
