toinet
Inscrit le: 15 Juin 2007 Messages: 326 Localisation: Paris, France
|
Post� le: Ven 10 Ao� 2007, 20:24 Sujet du message: Joust (Atari, 1983) |
|
|
Ride gallant birds into knightly combat!
Joust is a trademark and (c) Williams 1982, manufactured under license from Williams Electronics Inc.
PROTECTION TYPE
A non standard diskette:
- One big sector of $1000 4*4 nibbles per track
That protection has also been used for Moon Patrol, please refer to that topic for info (in French only): http://www.hackzapple.com/phpBB2/viewtopic.php?t=13
BOOT TRACE
- 9600<C600.C6FFM
- 96FB: 4C 59 FF
- 9600G
Let's examine the code at $0800:
- the arm is moved to track 1 (routine in $804, in A the phase you want to go to)
- data is loaded from $B000 to $B7FF
- $08FB is a JMP $B000
Let's break that:
- 96FB: A9 98 8D FD 08 4C 01 08
- 9800: 4C 59 FF
- 9600G
Let's examine the code at $B000:
- clear the screen,
- set $CC = 0
- load data at $B100 (1)
- execute code loaded at $7000
- set $CC = 1
- load data at $B100 (2)
- execute code loaded at $0800
(1) The first tables that load data per $800 bytes are located at:
- phase to move the arm to (equals to track *2): $B0CD
- address to load data into memory: $B0DB
- checksum of read data: $B0E9
=> data is read from track 3 to E from $2000 to $7FFF because $CC = 0
(2) The second tables that load data per $800 bytes are located at:
- phase to move the arm to (equals to track *2): $B0F7
- address to load data into memory: $B0FA
- checksum of read data: $B0FD
=> data is read from track 2 from $0800 to $0FFF because $CC = 1
Code at $0800 loads data to the $2000.$BFFF space from phase 1E to phase 44. Then final code execution is passed to $3E00. For those of you who would like to make a ProDOS version of the game, the program is from $2000 to $BFFF.
As you may see, the remaining free space is $1000..$1FFF or the $0200.$07FF space, that may be useful for your own routines...
READ ROUTINE
The read routine located at $B100 zeroes its index at $C8 and depending on the value of $CC sets parameters from table 1 or table 2. The routine uses the $C0Ex softswitch and not the $C08x,X softswitches!
Entry parameters at $B13D
A: phase you want to you (one phase = track number * 2)
phase 2 means track 1, phase E means track 7
$C9..$CA: address of data to load
Other parameters:
$50: checksum value
$C2: target phase
$C7: current phase
The routine loads data for 8 pages of $100 bytes (or $800 bytes, or $1000 nibbles), then compares the checksum between data read and $50, then increments the index at $C8.
DISK COPY
Let's use what Atari offers us: its own routine in $B100 but we need to modify it slightly:
- read one track
- copy to the IIgs memory
- loop until the end of the disk
Here is the code:
Code: | LDA #$18 ; $1800 is our Mount Paramount
STA $B202
LDA #$60 ; the RTS opcode
STA $B205
LDA $C0E9 ; turn drive on and wait a little bit
LDA #$FF
JSR $FCA8
LDA $00 ; we'll begin on track 0
STA $FF
STA $C9
]LP LDA #$10 ; we'll load data at $1000
STA $CA
LDA $FF ; please read
JSR $B13D
LDA $FF
JSR $FDDA ; print out current phase
LDA #$8D
JSR $FDED ; carriage return (hum)
LDY #$10 ; or 8 for those you shrink space
]LQ LDX #$00 ; let's store read data into our IIgs memory
]LR LDA $1000,X
]LS STAL $100000,X
INX
BNE ]LR
INC ]LR+2
INC ]LS+2
BNE *+3
INC ]LS+3
DEY
BNE ]LQ
LDA #$10 ; re-init buffer
STA ]LR+2
INC $FF ; next track please
INC $FF
LDA $FF
CMP #$46 ; why not check the use of track $23 ;-)
BEQ EXIT
JMP ]LP
EXIT RTS |
RE'WRITE' THE 'READ' ROUTINES
As with Moon Patrol, you are free to use your own read routine, the one from the $C600 space or whatever you like.
At first, I use the $C65C read routine ($26..$27 is pointer to the buffer, $3D the sector, $41 the track), that is the one on the DSK image.
Then, I had fun including the $C65C code within the $B100..$B2FF space. It also worked, that's quite fun. For those of you interested, I may send info on that one.
As that is a tricky stuff to do, please refer to the DSK image and read:
- T0/S0 is the boot loader of track 1 => The code is loaded at $0800
- T1/S0..S2 contains the modified read routines (T1/S8..SA for the original ones) => The code is loaded at $B000
- T2/S0..S2 contains the modified second read routines (T2/S8..SA for the original ones) => The code is loaded at $0800
Your backup copy is now available...
Toinet |
|