| retrohackers.org https://retrohackers.org/ |
|
| Cart hacking (TFR) https://retrohackers.org/viewtopic.php?f=8&t=109 |
Page 1 of 1 |
| Author: | Bones64 [ Mon Jun 12, 2006 5:19 pm ] |
| Post subject: | Cart hacking (TFR) |
Hi .. I plugged the TFR ROM into my dissassembler and took a look at it. I have a few nubbish questions .. 1) My dissassembler (Rosetta) dissassembles to the magic-byte address specified by the first two bytes of the file (Its meant for .prg files) Code: *= $8033 $8033 !byte $1C $8034 !byte $80 $8035 !byte $C3 $8036 !byte $C2 $8037 CMP $3038 $803A STA $DE00 ;Reserved for Future I/O Expansion $803D JMP .Jump0 but I can tell it where to dissassemble to .. (eg $0000) Code: *= $0000 $0000 !byte $1C $0001 !byte $80 $0002 !byte $C3 $0003 !byte $C2 $0004 CMP $3038 $0007 STA $DE00 ;Reserved for Future I/O Expansion How does this work ? If this cart starts at $8033 , where are the cold and warm start vectors ? 2) A quick search of the petscii showed me where the keywords are Code: A733 - :
‰ M O N I T O R : Š F L U A743 - S H : ‹ C O D E N E T : Œ D A753 - O S " ÿ D L O A Ä D V E R I F Ù A763 - D S A V Å D O Ó K I L Ì O L Ä M A773 - O N I T O Ò F L U S È I N F Ï C A783 - O D E N E Ô N E Ô I remember reading that this is actually some sort of a lookup, with a two-byte vector pointing to the code for the actual command at the end of each entry .. have I got that right ? Tanks in advance. |
|
| Author: | tnt/beyond force [ Mon Jun 12, 2006 5:32 pm ] |
| Post subject: | |
.bin files for RR don't have load address, so you'd better split that file into 8 KB chunks and disassemble them at $8000/$a000/$e000 (+ $de00) depending on where they are mapped into. TFR is actively developed tho, if you want to do something useful then retrofit missing features from AR 5/6 to Cyberpunks 3.8p ROM 
|
|
| Author: | Bones64 [ Mon Jun 12, 2006 6:09 pm ] |
| Post subject: | |
tnt/beyond force wrote: .bin files for RR don't have load address, so you'd better split that file into 8 KB chunks and disassemble them at $8000/$a000/$e000 (+ $de00) depending on where they are mapped into.
TFR is actively developed tho, if you want to do something useful then retrofit missing features from AR 5/6 to Cyberpunks 3.8p ROM I'm really interested in looking at the codenet stuff .. Is the RR not being actively developed anymore ? |
|
| Author: | hannenz [ Mon Jun 12, 2006 11:31 pm ] |
| Post subject: | |
cold/ warm start vectors are the first four bytes of the .bin. since rosetta clipped of the first two bytes (since it assumed them being the load address) the first vector is missing in your disassembly. the second vector is $801c. (!byte $1c !byte $80) the next five bytes is petscii "CBM80", that let's the c64 recognise the cartridge.... concerning the keywords: yes there is for each keyword (you do have noticed, that they have the last char shifted (ORA #$80'd) as end mark, did you?!) exists a jump adress to the actual code of the command. Notice, that these adresses are stored minus one, which is because they are entered via the "push the adress-bytes-on-stack-and-do-a-RTS"-trick, and RTS adds one to the pulled address. where to find these adress table will be difficult to say, could be anywhere in the ROM, if you're lucky they are just "behind" the keyword table... you'll have to search'em by hand in some way or another. if the RR ROM is still being developed is the question of the century - officially: yes, it is. but in practise: have a look at the date of the last update of the cyberpunx homepage... 
|
|
| Author: | groepaz [ Thu Jun 15, 2006 4:42 pm ] |
| Post subject: | |
[quote]if the RR ROM is still being developed is the question of the century - officially: yes, it is. but in practise: have a look at the date of the last update of the cyberpunx homepage...[/quote] there is a difference between development and releases though :=P |
|
| Page 1 of 1 | All times are UTC [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|