Out of Bounds Inventory Slots (Lullaby Intro with SRM)

1. Addresses will be for MM NTSC-U. Numbers are hex unless indicated otherwise.
2.  
3. Link receiving an item starts with what's called a Get Item Value. This is a 2 byte value in Link's instance that's typically set by the actor giving Link the item. The game uses this as an index for a lookup table located at 80779884. Each entry in this table is 6 bytes, and contains among other information the item value (1 byte), the text to display and which 3d model to load.
4.  
5. After using this table to look up an item value, the game then has to decide where this value gets written. In the case of items which go to the inventory screen, it's going to write that item value to your inventory, but it needs to determine which slot they'll occupy. To facilitate this there is a lookup table at 801C2078, indexed by item value, which contains the offset from the start of the inventory where that item should be written. Items like heart pieces or upgrades have their own routine; see https://docs.google.com/spreadsheets/d/1KwuvEWxijcRxigwJZVL3JnB9760FJIIH8tjTKcjck1k/edit#gid=1556249660 for details.
6.  
7. One way to obtain unintended items is to use get item values that are outside the intended bounds of the get item table. This includes e.g. using GIM to receive an item while your get item value is still negative or using SRM to set the get item value of a chest to something arbitrary. When items like this are obtained, the game uses the lookup table mentioned above, but now we're out of bounds of this table as well. So the inventory slot to which data is written is determined by the data adjacent to that table, and we can in principle write as far as FF from the start of the inventory (the inventory proper has a size of 30, so an offset beyond that pushes us past the pause screen inventory slots).
8.  
9. Unfortunately the bytes following the slot lookup table typically don't have much variety. Values in the 48-68 range would let us write to things like songs, upgrades, dungeon items, and stray fairies. The only notable bytes in that range are item C5 which writes to slot 4A (wallet upgrade) and item ED which writes to slot 4C (heart pieces and lullaby intro). Unfortunately setting the wallet upgrade byte to C5 sets your wallet to the default one, so that item isn't particularly useful. Setting the heart piece/lullaby intro byte to ED, however, does give you the intro. It also sets your heart piece count to fourteen, which means you'll need to obtain two more to return to a normal functioning number. The other potentially interesting offset in this table is 37 which occurs for item B5. This writes to bombchu count.
10.  
11. In order to take advantage of this glitch to get the Lullaby Intro, we would need some way to get item ED. Having a whole 2 bytes worth of get item values gives us a lot of options. I'll list here ones that could be gotten without GIM. The possible get item values are (this does not take into account any dynamic data in this range):
12. 0933
13. 0935
14. 0CDF
15. 0CE1
16. 0CE3