Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- A very simple glitch:
- [Global Context]+0x2E8 / NTSC 1.0 Address 8011F578 stores a signed 4 byte value that stores the number of frames actually rendered on screen (pausing lags this counter a bit).
- At 800A11F4, the game begins checking the state of this frame counter by loading it into register A0.
- Later on at 800A1210, the game checks if the frame counter is greater than or equal to 0.
- When the frame counter is >= 0, A0 is set to the least significant bit of the frame counter, and is passed into a function so that it can be used to look up the address to draw the next frame at.
- When the frame counter overflows, A0 will be set to the least significant bit of the frame counter. If A0 is 1, it is set to -1, causing the frame buffer address lookup to fail to find a valid address (in testing, the variable read in was address 0000 0000).
- Thus, with a bad framebuffer set, the game crashes. Amusingly, the game wouldn't crash if it weren't for the check to test for overflow.
- Edit: What's likely happening in the source itself is that the programmer used the modulo operator in order to flip between frame buffers:
- int bufferIndex = frames % 2;
- However, the modulo operation in C (ISO 1999, older C standards are implementation dependent but most likely adhere to ISO 1999) keeps the sign of the dividend, meaning that once the frame counter overflows into the negative, odd numbers return a negative index.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement