Address Error Exception

Revision as of 22:15, 27 December 2019 by Nim (talk | contribs) (wii vc does not ignore all aees)

The Nintendo 64's CPU, the VR4300, can throw an Address Error Exception. This occurs when lookup to an invalid or non-existent address occurs, most commonly as a Null Pointer Exception, which is an Address Error Exception caused by attempting to access an address of 0 (NULL).

Exploits

Address Error Exceptions often have exploit potential on Wii VC since the Wii VC emulator ignores null pointer exceptions. This means that a read from a null address into a register will actually leave the register untouched with its last value and resume normal execution.

We can then analyze crashes that cause Address Error Exceptions.

Cause ACE Exploitable Any Exploitable Notes
Deleting a non-existent file on the File Select Screen No Doubtful sMainMenuButtons[MENU_BUTTON_ERASE]->oMenuButtonActionPhase is NULL when written to. For selecting 'NO' this results in the button zoom being unaffected. 'YES' is more complex. It's just a write and the copy menu doesn't allow for this glitch, so this is unlikely to be exploitable. Plus, there's barely anything to work with when we're not even in-game.
Moving a shadow above surface 12 while it's over OOB
Killing a Monty Mole remotely No No o->oMontyMoleCurrentHole->oMontyMoleHoleCooldown = 30 causes crash as mario needs to be < 1500 units for monty to select a hole (otherwise it's null)
Killing an uninitialized Monty Mole No No (same as above)
Going out of bounds in a room with a painting No No `gPaintingMarioFloorType` is what is affected, and it's updated every frame the OoB check happens; at most, you could maybe delay entering a painting by 1 frame
Being pushed off of a hang-able ceiling while in the idle hanging action No Doubtful t9 for start hang. Would potentially cause Mario to stay hanging for a single frame without a ceiling, No effect for idle loop hang t8, last use of t8 set is jr t8 which is never the hang-able value 0x05)
Sound glitch N/A N/A The cause of sound glitch is unknown. Contrary to popular belief, it can sometimes occur on versions other than the original Japanese N64 release.