Post subject: How to jump to RAM?
keylie
He/Him
Editor, Emulator Coder, Expert player (2822)
Joined: 3/17/2013
Posts: 391
Hey! I'm currently investigating the sketch glitch in ff6, and my goal now is to get to ACE. I've found many ways to jump to random places in ROM, but as opposed to Super Metroid for exemple, the game's code is executing in banks C0-EF which only contains ROM data. Also, jump instructions whose destination is variable are almost always staying in the same bank. I'm currently trying to execute long jump opcodes: JML (5C, DC) and JSL (22), but there are very rare, even in data. I managed once to jump to $FF:FFFF, which wasn't very useful. Do you have any lead on other ways to be able to jump to RAM in that case?
Player (38)
Joined: 1/22/2014
Posts: 38
Location: Sweden
I guess one thing you could try is to manually get something pushed to the stack and run RTL (6B) and hope it takes you somewhere useful. Other than that I can't think of anything right now besides what you've already tested.
Joined: 2/19/2007
Posts: 424
Location: UK
I guess you're already doing this, but you might have to make the jump in several steps, such as doing a normal JMP or JSR to a location that ends up being interpreted as a JML or JSL. And don't forget the indirect jumps JMP (addr), JMP (addr,x), JML [addr], JSR (addr,x). These use the data bank register when reading, which gives you access to reading the address you want to jump to from RAM. That would give you much more flexibility. Also don't forget the branches (especially BRL and BRA, but also the others), which have limited range, give you more options for setting up a jump to a more promising location.