It is currently Thu Dec 14, 2017 10:58 pm

All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: Cart hacking (TFR)
PostPosted: Mon Jun 12, 2006 6:19 pm 
Offline

Joined: Sat Jan 14, 2006 5:08 pm
Posts: 26
Hi ..

I plugged the TFR ROM into my dissassembler and took a look at it.
I have a few nubbish questions ..

1) My dissassembler (Rosetta) dissassembles to the magic-byte address specified by the first two bytes of the file (Its meant for .prg files)


Code:
      
      *= $8033   
$8033      !byte $1C   
$8034      !byte $80   
$8035      !byte $C3   
$8036      !byte $C2   
$8037      CMP $3038   
$803A      STA $DE00       ;Reserved for Future I/O Expansion
$803D      JMP .Jump0   



but I can tell it where to dissassemble to .. (eg $0000)


Code:
      *= $0000   
$0000      !byte $1C   
$0001      !byte $80   
$0002      !byte $C3   
$0003      !byte $C2   
$0004      CMP $3038   
$0007      STA $DE00       ;Reserved for Future I/O Expansion




How does this work ? If this cart starts at $8033 , where are the cold and warm start vectors ?

2) A quick search of the petscii showed me where the keywords are

Code:
A733 - : 
  ‰  M  O  N  I  T  O  R  : 
  Š  F  L  U
A743 - S  H  : 
  ‹  C  O  D  E  N  E  T  : 
  Œ  D
A753 - O  S  "  ÿ  D  L  O  A  Ä  D  V  E  R  I  F  Ù
A763 - D  S  A  V  Å  D  O  Ó  K  I  L  Ì  O  L  Ä  M
A773 - O  N  I  T  O  Ò  F  L  U  S  È  I  N  F  Ï  C
A783 - O  D  E  N  E  Ô  N  E  Ô 


I remember reading that this is actually some sort of a lookup, with a two-byte vector pointing to the code for the actual command at the end of each entry .. have I got that right ?

Tanks in advance.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Jun 12, 2006 6:32 pm 
Offline

Joined: Thu Jan 12, 2006 10:10 am
Posts: 177
.bin files for RR don't have load address, so you'd better split that file into 8 KB chunks and disassemble them at $8000/$a000/$e000 (+ $de00) depending on where they are mapped into.

TFR is actively developed tho, if you want to do something useful then retrofit missing features from AR 5/6 to Cyberpunks 3.8p ROM :)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Jun 12, 2006 7:09 pm 
Offline

Joined: Sat Jan 14, 2006 5:08 pm
Posts: 26
tnt/beyond force wrote:
.bin files for RR don't have load address, so you'd better split that file into 8 KB chunks and disassemble them at $8000/$a000/$e000 (+ $de00) depending on where they are mapped into.

TFR is actively developed tho, if you want to do something useful then retrofit missing features from AR 5/6 to Cyberpunks 3.8p ROM :)


I'm really interested in looking at the codenet stuff ..

Is the RR not being actively developed anymore ?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Jun 13, 2006 12:31 am 
Offline

Joined: Thu Jan 12, 2006 9:04 am
Posts: 116
Location: Germany / 88471
cold/ warm start vectors are the first four bytes of the .bin. since rosetta clipped of the first two bytes (since it assumed them being the load address) the first vector is missing in your disassembly. the second vector is $801c. (!byte $1c !byte $80) the next five bytes is petscii "CBM80", that let's the c64 recognise the cartridge....
concerning the keywords: yes there is for each keyword (you do have noticed, that they have the last char shifted (ORA #$80'd) as end mark, did you?!) exists a jump adress to the actual code of the command. Notice, that these adresses are stored minus one, which is because they are entered via the "push the adress-bytes-on-stack-and-do-a-RTS"-trick, and RTS adds one to the pulled address. where to find these adress table will be difficult to say, could be anywhere in the ROM, if you're lucky they are just "behind" the keyword table... you'll have to search'em by hand in some way or another.

if the RR ROM is still being developed is the question of the century - officially: yes, it is. but in practise: have a look at the date of the last update of the cyberpunx homepage... :(


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Jun 15, 2006 5:42 pm 
Offline

Joined: Thu Jan 12, 2006 11:47 am
Posts: 111
[quote]if the RR ROM is still being developed is the question of the century - officially: yes, it is. but in practise: have a look at the date of the last update of the cyberpunx homepage...[/quote]

there is a difference between development and releases though :=P

_________________
http://hitmen.c02.at/html/tools_rr.html


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group