This lsnes + Gambatte movie starts Pokemon Red with an existing (corrupted) GB SRAM state that contains the player character RED, the rival name xAxA(Pk), and FF in *just* the right place to allow further exploitation. This movie file uses input suggested by Masterjun based on FractalFusion's work to execute arbitrary code, which it does very well. One minor caveat: I've discovered with help from Ilari and padz that D+U and L+R (representing bit values 128, 64, 32, and 16 respectively) are canceled out by the SGB BIOS meaning FractalFusion's payload can't be written as it contains the value 0xD3. This movie file contains a bunch of input at the end that softlocks the game in an interesting way but doesn't yet do exactly what we want it to. Still, it shows arbitrary code execution on Pokemon Red, which is good.
Because support for this filetype hasn't been added yet I've used a dummy file in this WIP (and, um, I'd ignore it if I were you, but that's just me. :) I've uploaded the real movie file to: