Voir le sujet pr�c�dent :: Voir le sujet suivant |
Auteur |
Message |
toinet
Inscrit le: 15 Juin 2007 Messages: 326 Localisation: Paris, France
|
Post� le: Sam 11 Ao� 2007, 22:45 Sujet du message: The seven cities of gold (Electronic Arts, 1984) |
|
|
1492 - 1540. The age of discovery, exploration and conquest. The stage of history belonged to Spain. Now it belongs to you.
Fantastic game by Ozark Softscape, I have played so many hours trying to discover new worlds. The package will be placed close to the Ultima series.
That message will explain how to make a backup copy of it, the following messages will detail the m-code interpreter used by Electronic Arts.
PROTECTION TYPE
On a standard diskette, track 6 is not copyable. A nibble editor will display lots of $B4 nibbles in it.
DISK COPY
- Launch Advanced Demuffin 1.4
- Insert the original disk in drive 1
- Insert a blank (volume 254) diskette in drive 2
- Copy tracks 0 to 5
- Copy tracks 7 to $22
REMOVE THE PROTECTION
Launch your favorite disk editor
Remove the first check routine
- T1/S6/8: 03 79 => B2 71
Remove the second check routine
- TE/S7/75: 20 => 2C
Your backup copy is now ready,
Toinet |
|
Revenir en haut de page |
|
|
toinet
Inscrit le: 15 Juin 2007 Messages: 326 Localisation: Paris, France
|
Post� le: Sam 11 Ao� 2007, 23:01 Sujet du message: |
|
|
BOOT TRACE
- 9600<C600.C6FFM
- 96FB: 4C 59 FF
- 9600G
Stop the drive, read $0800 and see that 5 sectors are loaded into memory from $0800.$0CFF, let's examine the code:
Code: | LDA #$B0 ; load track 2 at $B000..$BFFF
STA $3E
LDA #$02
JSR $0C00
LDA #$A0
STA $3E
LDA #$A8 ; $A8xx
PHA
LDA #$01 ; load track 1 at $A000.$AFFF
JSR $0C00
LDA #$05 ; $A805
PHA
... |
The $A8 and $05 that are stacked are the address to go once tracks 1 and 2 are loaded. That means that the jump address is $A806...
If you want to break the program once data are loaded, replace $A8 with $FF and $05 with $58 You will go in the monitor...
MEMORY ORGANISATION
$0800..$0CFF : boot 1 code
$A000..$AFFF : boot 2 code
$A000..$A2FF : the protection routine
$A300..$A5FF : copy of the protection routine
$A600..$A7FF : remains of the m-code documentation
$A800..$ACFF : main program code
$AD00..$AFFF : garbage
$B000..$B7FF : the EOA logo
$B800..$BBFF : remains of the m-code documentation
$BC00..$BFFF : disk routines
$A806 displays the EOA logo then JMPs to $A849:
Code: | LA849 LDX #$30
JSR LAA35
DEX ; CA
BPL LA849 ; 10F8
* THE M-CODE TO UNDERSTAND
LA851 HEX 045319 ; LDA $C050
HEX 045119 ; LDA $C052
HEX 045419 ; LDA $C054
HEX 03B4 ; LDA #$F8
HEX 064FD9 ; STA $004C
HEX 0304 ; LDA #$48
HEX 06F1DA ; STA $03F2
HEX 03E5 ; LDA #$A9
HEX 06F0DA ; STA $03F3
HEX 0340 ; LDA #$0C
HEX 06F7DA ; STA $03F4
LA86E HEX 03B3 ; LDA #$FF
HEX 01AB25 ; JSR $FCA8
HEX 0C4FD9 ; INC $004C
HEX 027F71 ; BEQ $A87C
HEX 006D71 ; JMP $A86E
LA87C HEX 040671 ; LDA $A805
HEX 028E71 ; BEQ $A88D
HEX 034C ; LDA #$00
HEX 056470 ; JSR $A967
HEX 04EB19 ; LDA $C0E8
HEX 0103D9 ; JSR $0000
LA88D HEX 0349 ; LDA #$05
HEX 056470 ; JSR $A967
HEX 019B71 ; JSR $A898
HEX 00B171 ; JMP $A8B2 |
What is that call to $AA35? Discover that in the next message... |
|
Revenir en haut de page |
|
|
toinet
Inscrit le: 15 Juin 2007 Messages: 326 Localisation: Paris, France
|
Post� le: Sam 11 Ao� 2007, 23:12 Sujet du message: |
|
|
M-CODE INTERPRETER
The m-code is a language that contains about 16 different functions dealing with loading, storing data or calling functions. It is fun in the sense that addresses or values are EORed, making it hard to understand.
When you have an opcode that takes one parameter, that one is EORed with value #$4C. When it takes two, the key is #$D903 (high-low)
The following tables show the opcode value, its parameter number and its name:
Code: | 00 2 JMP (MCODE)
01 2 JSR (6502)
02 2 BEQ
03 1 LDA IMMEDIATE
04 2 LDA ABSOLUTE
05 2 JSR (MCODE)
06 2 STA ABSOLUTE
07 1 SBC IMMEDIATE
08 2 JMP (6502)
09 0 RTS
0A 2 LDA INDEXED
0B 0 ASL
0C 2 INC ABSOLUTE
0D 2 ADC ABSOLUTE
0E 0 EOR ?
0F 2 BNE
10 2 SBC ABSOLUTE
11 2 COPY |
Let's discover a part of the m-code decoder from The seven cities of gold:
Code: | * PARAMETERS:
* $46..$47: PTR TO MCODE DATA
* $42..$43: DECODED DATA
* $48 : RESULT
LAA35 LDA $48 ; M-CODE ENTRY POINT
PHA
TYA
PHA
JSR LAA99 ; $AA3A
PLA ; UNSTACK PREVIOUS CALLER ENTRY
STA $46 ; $A84D+2
PLA
STA $47 ; $46..$46: A84D
LDY #$04 ; <= $A851
LAA45 LDA ($46),Y
INY
BNE LAA4C
INC $47
LAA4C TAX
LDA LAA60,X
CLC
ADC #<LAA72
STA LAA5D+1
LDA #>LAA72
ADC #$00
STA LAA5D+2
LAA5D JMP LAA72
* THE FUNCTION ADDRESSES
LAA60 DB LAA72-LAA72 ; 00 JMP (MCODE)
DB LAAAE-LAA72 ; 01 JSR (6502)
DB LAAC5-LAA72 ; 02 BEQ
DB LAACF-LAA72 ; 03 LDA IMMEDIATE
DB LAADD-LAA72 ; 04 LDA ABSOLUTE
DB LAAFA-LAA72 ; 05 JSR (MCODE)
DB LAB1D-LAA72 ; 06 STA ABSOLUTE
DB LAB2E-LAA72 ; 07 SBC IMMEDIATE
DB LAABF-LAA72 ; 08 JMP (6502)
DB LAB12-LAA72 ; 09 RTS
DB LAAE9-LAA72 ; 0A LDA INDEXED
DB LAB29-LAA72 ; 0B ASL
DB LAB43-LAA72 ; 0C INC ABSOLUTE
DB LAB46-LAA72 ; 0D ADC ABSOLUTE
DB LAB49-LAA72 ; 0E EOR
DB LAB4C-LAA72 ; 0F BNE
DB LAB4F-LAA72 ; 10 SBC ABSOLUTE
DB LAB52-LAA72 ; 11 COPY
*
* FUNCTION 00 : JMP (MCODE)
* READ A WORD
* SET AS NEW ADDRESS
LAA72 JSR LAA82 ; FN0
LAA75 LDA $42
STA $46
LDA $43
STA $47
LDY #$00
JMP LAA45
* DECYPHER A WORD
* READ DATA FROM $46..$47
* FIRST BYTE : EOR #$03
* SECOND BYTE: EOR #$D9
* SAVE RESULT IN $42..$43
LAA82 LDA ($46),Y
EOR #$03
INY
BNE LAA8B
INC $47
LAA8B STA $42
LDA ($46),Y
INY
BNE LAA94
INC $47
LAA94 EOR #$D9
STA $43
RTS
* ON STACK:
* $42.$43: THE CALLER ADDRESS = $AA3A+2
* $46 : Y THEN VALUE OF $48
LAA99 PLA
STA $42
PLA
STA $43
PLA
STA $46
PLA
STA $46
INC $42
BNE LAAAB
INC $43
LAAAB JMP ($0042) ; JMP TO $AA3D
*
* FUNCTION 01 : JSR (6502)
* READ A WORD
* SAVE THE Y INDEX
* JSRS TO $42
* SAVE RESULT IN $48
* RESTORE Y
LAAAE JSR LAA82 ; FN1
TYA
PHA
LDA $48
JSR LAAC2
STA $48
PLA
TAY
JMP LAA45
*
* FUNCTION 08 : JMP (6502)
* READ A WORD
* JMP TO $42
LAABF JSR LAA82 ; FN8
LAAC2 JMP ($0042)
* FUNCTION 02 : BEQ
* READ A WORD
* IF $48 = 0, BRANCH TO $42..$43
LAAC5 JSR LAA82 ; FN2
LDA $48
BEQ LAA75
JMP LAA45
*
* FUNCTION 03 : LDA IMMEDIATE
* READ A BYTE
* EOR #$4C
* SAVE TO $48
LAACF LDA ($46),Y ; FN3
INY
BNE LAAD6
INC $47
LAAD6 EOR #$4C
STA $48
JMP LAA45
...
|
Please note it is only a small part of the $A000..$AFFF space but it is already interesting to read it. There are three things I especially like:
- its ability to JSR or JMP to 6502 and m-code addresses
- its BEQ/BNE ability to jump anywhere in memory
- its 0E opcode. Can somebody explain it to me? |
|
Revenir en haut de page |
|
|
toinet
Inscrit le: 15 Juin 2007 Messages: 326 Localisation: Paris, France
|
Post� le: Sam 11 Ao� 2007, 23:22 Sujet du message: |
|
|
M-CODE PROTECTION
Yep, yep, now that you speak m-code fluently, we need to find where the protection at $A000 is called as we have been unable to find a JSR or JMP to it. Please discover the protection:
Code: | LA000 JMP LA069
LA003 LDY #$20
LA005 DEY
BEQ LA060
LA008 LDA $C0EC
BPL LA008
LA00D EOR #$D5
BNE LA005
LA011 LDA $C0EC
BPL LA011
CMP #$AA
BNE LA00D
LA01A LDA $C0EC
BPL LA01A
CMP #$AD
BNE LA00D
PHA
PLA
LDY #$56
LA027 LDA $C0EC
BPL LA027
BIT KBD
CMP #$B4
BNE LA064
DEY
BNE LA027
LDY #$00
LA038 LDA $C0EC
BPL LA038
BIT KBD
CMP #$B4 ; NIBBLE WE FIND ON TRACK 6
BNE LA064
DEY
BNE LA038
LA047 LDY $C0EC
BPL LA047
PHA
PLA
LA04E LDA $C0EC
BPL LA04E
CMP #$DE
BNE LA060
LA057 LDA $C0EC
BPL LA057
CMP #$AA
BEQ LA062
LA060 SEC
LA061 RTS
LA062 CLC
RTS
LA064 STA LA2F6
LA067 SEC
RTS
*
* M-CODE DATA
*
LA069 JSR LA1DA ; SAVE ZP
JSR LA1AD ; GO EXECUTE CODE
JMP LA069 ; LOOP (SKIP 3 BYTES)
LA072 HEX 046379 ; LDA $A060
LA075 HEX 0774 ; SBC #$38
HEX 028578 ; BNE $A186
HEX 046279 ; LDA $A061
LA07D HEX 072C ; SBC #$60
HEX 028578 ; BNE $A186
HEX 046479 ; LDA $A067
LA085 HEX 0774 ; SBC #$38
HEX 028578 ; BNE $A186
HEX 05A479 ; JSR $A0A7
HEX 029079 ; BNE $A093
HEX 01A779 ; JSR $A0A4
LA093 HEX 05A479 ; JSR $A0A7
HEX 029F79 ; BNE $A09C
HEX 01A779 ; JSR $A0A4
LA09C HEX 074E ; SBC #$02
HEX 028578 ; BNE $A186
HEX 017179 ; JSR $A072
LA0A4 HEX 08A378 ; JMP $A1A0
LA0A7 HEX 04EA19 ; LDA $C0E9
HEX 03B3 ; LDA #$FF
HEX 00AB25 ; JMP $FCA8
HEX 03B3 ; LDA #$FF
HEX 00AB25 ; JMP $FCA8
LA0B4 HEX 04ED19 ; LDA $C0EE
HEX 034C ; LDA #$00
HEX 06E17B ; STA $A2E2
HEX 05CC79 ; JSR $A0CF
HEX 05CC79 ; JSR $A0CF
HEX 05CC79 ; JSR $A0CF
HEX 05CC79 ; JSR $A0CF
HEX 04EB19 ; LDA $C0E8
HEX 04E17B ; LDA $A2E2
HEX 09 ; RTS
LA0CF HEX 034F ; LDA #$03
HEX 064578 ; STA $A146
HEX 004478 ; JMP $A147
HEX 04E419 ; LDA $C0E7
HEX 004478 ; JMP $A147
HEX 004478 ; JMP $A147
E0 HEX 04E219 ; LDA $C0E1
HEX 056778 ; JSR $A164
HEX 034F ; LDA #$03
HEX 064578 ; STA $A146
HEX 004478 ; JMP $A147
HEX 04E419 ; LDA $C0E7
F1 HEX 04E619 ; LDA $C0E5
HEX 056778 ; JSR $A164
HEX 09 ; RTS
* LDA $A060
* SBC #$38
* BNE $A186
* LDA $A061
* SBC #$60
* BNE $A186
* LDA $A067
* SBC #$38
* BNE $A186
* JSRM $A0A7
* BNE $A093
* JSR6 $A0A4
* JSRM $A0A7
* BNE $A09C
* JSR6 $A0A4
* SBC #$02
* BNE $A186
* JSR6 $A072
* JMP6 $A1A0
* LDA $C0E9
* LDA #$FF
* JMPM $FCA8
* LDA #$FF
* JMPM $FCA8
* LDA $C0EE
* LDA #$00
* STA $A2E2
* JSRM $A0CF
* JSRM $A0CF
* JSRM $A0CF
* JSRM $A0CF
* LDA $C0E8
* LDA $A2E2
* RTS
* LDA #$03
* STA $A146
* JMPM $A147
* LDA $C0E7
* JMPM $A147
* JMPM $A147
* LDA $C0E1
* JSRM $A164
* LDA #$03
* STA $A146
* JMPM $A147
* LDA $C0E7
* LDA $C0E5
* JSRM $A164
* RTS
LA0F8 LDY #$FF
LDX LA146
LA0FD LDA $C0EC
BPL LA0FD
CMP #$D5
BEQ LA10D
DEY
BNE LA0FD
DEX
BNE LA0FD
RTS
LA10D LDA $C0EC
BPL LA10D
CMP #$AA
BEQ LA11B
DEY
BNE LA0FD
SEC
RTS
LA11B LDA $C0EC
BPL LA11B
CMP #$96
BEQ LA129
DEY
BNE LA0FD
SEC
RTS
LA129 LDY #$02
LA12B LDA $C0EC
BPL LA12B
ROL
STA $50
LA133 LDA $C0EC
BPL LA133
AND $50
STA $50
DEY
STX LA146
BPL LA12B
CLC
LDX #$01
RTS
LA146 DB $03
LA147 JSR LA0F8
BCS LA14F
JSR LA003
LA14F LDA #$00
ADC LA2E2
STA LA2E2
LDA $C0E0
LDA $C0E2
LDA $C0E4
LDA $C0E6
RTS
*
LA164 HEX 033C ; LDA #$70
HEX 007878 ; JMP $A17B
HEX 04E319 ; LDA $C0E0
HEX 04E119 ; LDA $C0E2
HEX 04E719 ; LDA $C0E4
HEX 04E519 ; LDA $C0E6
HEX 0364 ; LDA #$28
HEX 007878 ; JMP $A17B
HEX 09 ; RTS
* LDA #$70
* JMPM $A17B
* LDA $C0E0
* LDA $C0E2
* LDA $C0E4
* LDA $C0E6
* LDA #$28
* JMPM $A17B
* RTS
LA17B LDX #$20
LA17D DEX
BNE LA17D
SEC
SBC #$01
BNE LA17B
RTS
*
LA186 HEX 0603DD ; STA $0400
LA189 HEX 0A8B78 ; LDA $A188,X
HEX 028578 ; BEQ $A186
HEX 048A78 ; LDA $A189 ($0A)
HEX 00A978 ; JMP $A1AA (EOR $D9 = $D3)
HEX 07B3 ; SUB #$FF ($D4)
HEX 00A978 ; JMP $A1AA (EOR $D9 = $0D)
HEX 068A78 ; STA $A189 (FUNCTION DOES NOT EXIST)
HEX 018578 ; JSR $A186 (!!!!)
* STA $0400
* LDAI $A188
* BNE $A186
* LDA $A189
* JMPM $A1AA
* SBC #$FF
* JMPM $A1AA
* STA $A189
* JSR6 $A186
LA1A0 JSR LA1DA
CLC
RTS
LA1A5 JSR LA1DA
SEC
RTS
LA1AA EOR #$D9
RTS
*
* GO WORK
*
LA1AD TXA
PHA
TYA
PHA
JSR LA238
PLA
STA $52
PLA
STA $53
LDY #$04
LA1BC LDA ($52),Y
INY
BNE LA1C3
INC $53
LA1C3 TAX
LDA LA1CD,X
STA LA2DF+1
JMP LA2DF
LA1CD DB <LA227 ;
DB <LA200 ;
DB <LA255 ;
DB <LA25F ;
DB <LA26D ;
DB <LA28A ;
DB <LA2AD ;
DB <LA2B9 ;
DB <LA24F ;
DB <LA2A2 ;
DB <LA2CE ;
DB <LA226 ;
DB <LA279 ;
LA1DA LDX #$0F
LA1DC LDA $50,X
PHA
LDA LA2E5,X
STA $50,X
PLA
STA LA2E5,X
DEX
BPL LA1DC
RTS
ASC "DON'T BREAK THIS GAM"
LA200 JSR LA210 ; F01
LA203 LDA $54
STA $52
LDA $55
STA $53
LDY #$00
JMP LA1BC
*
* M-CODE
* PARAM 1 IS EORed #$03
* PARAM 2 IS EORed #$D9
*
LA210 LDA ($52),Y
EOR #$03
INY
BNE LA219
INC $53
LA219 STA $54
LDA ($52),Y
INY
BNE LA222
INC $53
LA222 EOR #$D9
STA $55
*
LA226 RTS ; F0B
*
LA227 JSR LA210 ; F00
TYA
PHA
LDA $56
JSR LA252
STA $56
PLA
TAY
JMP LA1BC
LA238 PLA
STA $54
PLA
STA $55
PLA
STA $52
PLA
STA $53
INC $52
INC $54
BNE LA24C
INC $55
LA24C JMP ($0054)
*
LA24F JSR LA210 ; F08
LA252 JMP ($0054)
*
LA255 JSR LA210 ; F02
LDA $56
BNE LA203
JMP LA1BC
*
LA25F LDA ($52),Y ; F03
INY
BNE LA266
INC $53
LA266 EOR #$4C
STA $56
JMP LA1BC
*
LA26D JSR LA210 ; F04
LA270 LDX #$00
LDA ($54,X)
STA $56
JMP LA1BC
*
LA279 JSR LA210 ; F0C
LDA $56
CLC
ADC $54
STA $54
BCC LA287
INC $55
LA287 JMP LA270
*
LA28A JSR LA210 ; F05
TYA
CLC
ADC $52
STA $52
BCC LA297
INC $53
LA297 LDA $52
PHA
LDA $53
PHA
LDY #$00
JMP LA203
*
LA2A2 PLA ; F09
STA $53
PLA
STA $52
LDY #$00
JMP LA1BC
*
LA2AD JSR LA210 ; F06
LDA $56
LDX #$00
STA ($54,X)
JMP LA1BC
*
LA2B9 LDA ($52),Y ; F07
INY
BNE LA2C0
INC $53
LA2C0 EOR #$4C
STA $54
LDA $56
SEC
SBC $54
STA $56
JMP LA1BC
*
LA2CE JSR LA210 ; F0A
LDX #$00
LDA ($54,X)
CLC
ADC #$01
STA ($54,X)
STA $56
JMP LA1BC
LA2DF JMP LA200
*
LA2E2 DB $00
DB $00
DB $00
LA2E5 HEX 00180019001A001B
HEX 0001000200030004
DB $00
LA2F6 DB $00
ASC '^$FF59'0D02
ASC ';' |
And now the m-code protection routine:
Code: | LA8B2 HEX 040371 ; LDA $A800
HEX 02B871 ; BEQ $A8BB
HEX 045519 ; LDA $C056
LA8BB HEX 0340 ; LDA #$0C
HEX 056470 ; JSR $A967
HEX 034C ; LDA #$00
HEX 064FD9 ; STA $004C
HEX 06F170 ; STA $A9F2
LA8C8 HEX 044FD9 ; LDX $004C
HEX 0A0379 ; LDA $A000,X
HEX 10F170 ; SBC $A9F2
HEX 06F170 ; STA $A9F2
HEX 044FD9 ; LDX $004C
HEX 0A0378 ; LDA $A100,X
HEX 10F170 ; SBC $A9F2
HEX 06F170 ; STA $A9F2
HEX 0C4FD9 ; INC $004C
HEX 0FCB71 ; BNE $A8C8
LA8E6 HEX 044FD9 ; LDX $004C
HEX 0A037B ; LDA $A200,X
HEX 10F170 ; SBC $A9F2
HEX 06F170 ; STA $A9F2
HEX 0C4FD9 ; INC $004C
HEX 07AC ; SBC #$E0
HEX 0FE571 ; BNE $A8E6
HEX 04F170 ; LDA $A9F2
HEX 07DB ; SBC #$97
LA8FF HEX 0FA870 ; BNE $A9AB
LA902 HEX 0349 ; LDA #$05 READ TRACK
HEX 010365 ; JSR $BC00
LA907 HEX 010379 ; JSR $A000 !!!!!!
HEX 034C ; LDA #$00
HEX 04EB19 ; LDA $C0E8
HEX 034C ; LDA #$00
HEX 064FD9 ; STA $004C
HEX 030C ; LDA #$40
HEX 064ED9 ; STA $004D
HEX 0348 ; LDA #$04
HEX 066375 ; STA $AC60
HEX 0349 ; LDA #$05
HEX 066275 ; STA $AC61
LA923 HEX 017370 ; JSR $A970
HEX 0E ; EOR > 40 EOR 68 = 28
HEX 0F2070 ; BNE $A923
HEX 034C ; LDA #$00
HEX 064FD9 ; STA $004C
HEX 064DD9 ; STA $004E
HEX 03EF ; LDA #$A3
HEX 064ED9 ; STA $004D
HEX 0349 ; LDA #$05
HEX 064CD9 ; STA $004F
LA93C HEX 11 ; COPY
HEX 044CD9 ; LDA $004F
HEX 0744 ; SBC #$08
HEX 0F3F70 ; BNE $A93C
HEX 080399 ; JMP $4000 |
So that, 01 03 79 means JSR $A000 A call to a 6502 protection. We need to bypass the call and thus find a 6502 RTS address...
There is one at $A8B1, we must encode it:
- $B1 EOR $03 => $B2
- $A8 EOR $D9 => $71
Gotcha!!!!! You now have the explanation of the change of track 1, sector 6
If you reboot, you will be disappointed as there is another disk check routine. As I thought it was the same as the first one, I have searched for the same $C0EC patterns. You will find them in memory locations $6100 and above or on track E on disk.
Discover the new $6000..$6FFF memory space and find a $6100 call at $6875, let's try to BIT it, thus the second change on track E, sector 7.
Two days of hard work... |
|
Revenir en haut de page |
|
|
toinet
Inscrit le: 15 Juin 2007 Messages: 326 Localisation: Paris, France
|
Post� le: Sam 11 Ao� 2007, 23:25 Sujet du message: |
|
|
BASIC M-CODE DECODER
Please find hereafter the source code of my basic m-code decoder Just put the address of a m-code buffer in $FE..$FF, then 1000G
Code: |
*
* EOA: THE SEVEN CITIES OF GOLD
*
* M-CODE DECODER
* (C) LOGO 2007
*
* $FA..$FB : C STRING POINTER
* $FC..$FD : M-CODE DECODED VALUES
* $FE..$FF : POINTER TO THE M-CODE BUFFER
BACKUP_36 = $F6
OUTPUT = $F8
STRING = $FA
DECODED = $FC
MCODE = $FE
NB_FUNCTIONS = $11
EOR_BYTE = $4C
EOR_WORD = $D903
BUF_TEXT = $3000
ORG $1000
MX %11
LST OFF
*
*
*
LDA $36
STA BACKUP_36
LDA $37
STA BACKUP_36+1
LDA #<BUF_TEXT
STA OUTPUT
LDA #>BUF_TEXT
STA OUTPUT+1
LDA #<PRINT36
STA $36
LDA #>PRINT36
STA $37
JSR DECODER
LDA BACKUP_36
STA $36
LDA BACKUP_36+1
STA $37
RTS
DS \
*
* MAIN LOOP
*
DECODER JSR GET_BYTE
CMP #NB_FUNCTIONS
BCC DECODER1
BEQ DECODER1
RTS
DECODER1 JSR NEXT_BYTE
ASL
TAY
LDA MCODE_TBL,Y
STA DECODER2+1
LDA MCODE_TBL+1,Y
STA DECODER2+2
DECODER2 JMP $FFFF
MCODE_TBL DA FN00,FN01,FN02,FN03,FN04,FN05,FN06,FN07
DA FN08,FN09,FN0A,FN0B,FN0C,FN0D,FN0E,FN0F
DA FN10,FN11
*
* LOOP
*
LOOP_WORD JSR DECODE_WORD
JSR PRINT_D_WORD
JSR NEXT_WORD
JMP DECODER
LOOP_BYTE JSR DECODE_BYTE
JSR PRINT_D_BYTE
JSR NEXT_BYTE
JMP DECODER
*
* MOVE ONE WORD
*
NEXT_WORD JSR NEXT_BYTE
*
* MOVE ONE BYTE
*
NEXT_BYTE INC MCODE
BNE NEXT_BYTE1
INC MCODE+1
NEXT_BYTE1 RTS
*
* GET BYTE
*
GET_BYTE LDY #0
LDA (MCODE),Y
RTS
*
* BYTE DECODER
*
DECODE_BYTE LDY #0
LDA (MCODE),Y
EOR #EOR_BYTE
STA DECODED
RTS
*
* WORD DECODER
*
DECODE_WORD LDY #0
LDA (MCODE),Y
EOR #<EOR_WORD
STA DECODED
INY
LDA (MCODE),Y
EOR #>EOR_WORD
STA DECODED+1
RTS
*
* PRINT DECODED VALUES
*
PRINT_D_WORD LDA DECODED+1
JSR $FDDA
PRINT_D_BYTE LDA DECODED
JSR $FDDA
RTS
*
* PRINT OUT A CSTRING
*
PRINT PLA
STA STRING
PLA
STA STRING+1
LDA #$8D
JSR $FDED
]LP INC STRING
BNE PRINT1
INC STRING+1
PRINT1 LDY #0
LDA (STRING),Y
BEQ PRINT2
JSR $FDED
JMP ]LP
PRINT2 LDA STRING+1
PHA
LDA STRING
PHA
RTS
*
* PRINT TO STANDARD OUTPUT
*
PRINT36 LDY #0
STA (OUTPUT),Y
INC OUTPUT
BNE PRINT361
INC OUTPUT+1
PRINT361 RTS
*
* THE FUNCTIONS
*
FN00 JSR PRINT
ASC "* JMPM $"00
JMP LOOP_WORD
FN01 JSR PRINT
ASC "* JSR6 $"00
JMP LOOP_WORD
FN02 JSR PRINT
ASC "* BEQ $"00
JMP LOOP_WORD
FN03 JSR PRINT
ASC "* LDA #$"00
JMP LOOP_BYTE
FN04 JSR PRINT
ASC "* LDA $"00
JMP LOOP_WORD
FN05 JSR PRINT
ASC "* JSRM $"00
JMP LOOP_WORD
FN06 JSR PRINT
ASC "* STA $"00
JMP LOOP_WORD
FN07 JSR PRINT
ASC "* SBC #$"00
JMP LOOP_BYTE
FN08 JSR PRINT
ASC "* JMP6 $"00
JMP LOOP_WORD
FN09 JSR PRINT
ASC "* RTS "00
JMP DECODER
FN0A JSR PRINT
ASC "* LDAI $"00
JMP LOOP_WORD
FN0B JSR PRINT
ASC "* ASL "00
JMP DECODER
FN0C JSR PRINT
ASC "* INC $"00
JMP LOOP_WORD
FN0D JSR PRINT
ASC "* ADC $"00
JMP LOOP_WORD
FN0E JSR PRINT
ASC "* EOR #$"00
JMP DECODER
FN0F JSR PRINT
ASC "* BNE $"00
JMP LOOP_WORD
FN10 JSR PRINT
ASC "* SBC $"00
JMP LOOP_WORD
FN11 JSR PRINT
ASC "* COPY "00
JMP DECODER
*
* END
*
|
Toinet who needs to check the BNE/BEQ m-code opcodes... |
|
Revenir en haut de page |
|
|
|