Address Error Exception: Difference between revisions

From Ukikipedia
Jump to navigation Jump to search
No edit summary
Line 24: Line 24:
| Moving a shadow above surface 12 while it's over OOB || || ||
| Moving a shadow above surface 12 while it's over OOB || || ||
|-
|-
| Killing a Monty Mole remotely || || ||
| Killing a Monty Mole remotely || No || No ||
|-
|-
| Killing an uninitialized Monty Mole || No || No ||
| Killing an uninitialized Monty Mole || No || No ||

Revision as of 03:51, 26 March 2019

On the Nintendo 64's CPU, the VR4300 can throw an Address Error Exception. This occurs when lookup to an invalid or non-existent address occurs, most commonly as a null-reference exception.

Exploits

Because the exception only occurs on the N64 and not the Wii VC it could potentially be exploited. The Wii VC will skip the write or read when the exception would occur. This means that a read from an invalid address into a register will actually leave the register untouched with its last value and resume normal execution.

We can then analyze crashes that cause Address Error Exceptions.

Cause ACE Exploitable Any Exploitable Notes
Exceed the object limit
Have too many objects at once on the screen
Walking at PU speed for only a portion of the 4 quarter steps on a frame
Moving at PU speed with no joystick input for all 4 quarter steps on a frame
Moving at PU speed directly into a wall
Deleting a non-existent file on the File Select Screen sMainMenuButtons[MENU_BUTTON_ERASE_FILE_A + sSelectedFile] (assignment) is NULL. For selecting 'NO' this results in the button zoom being unaffected. 'YES' is more complex.
Moving a shadow above surface 12 while it's over OOB
Killing a Monty Mole remotely No No
Killing an uninitialized Monty Mole No No
Going out of bounds in a room with a painting No Maybe? `D_8035FF90` is set to t4
Being pushed off of a hang-able ceiling while in the idle hanging action No Doubtful t9 for start hang. Would potentially cause Mario to stay hanging for a single frame without a ceiling, No effect for idle loop hang t8, last use of t8 set is jr t8 which is never the hang-able value 0x05)
Sound glitch N/A N/A Since sound glitch only exists on the original Japanese N64 version, which wasn't released in Wii VC, this cannot be used or exploited in Wii VC legitimately
Moving the camera immediately when entering VCutM