Jump to content
IGNORED

GPL code


Recommended Posts

Hi folks.

 

Gazoo shared his XB27 BOOT loader code with me not too long ago. This snip of GPL code is stuffed into the cartridge at 0x6000. At powerup it moves BOOT / BOOU from the cartridge's 'gram' space into cpu ram.

 

As you may recall, Gazoo wrote his GPL code directly as data statements. I'm hoping that someone can turn this into commented, GPL source code for me.

 

Thanks

 

 

GROM3 DATA >AA01,>0000,>600E,>600E
DATA >0000,>0000,>0000,>0000
DATA >6018,>0442,>4F4F,>5400
DATA >BE74,>0303,>D675,>2040
DATA >28BD,>9073,>9072,>0000
DATA >3118,>008F,>9D00,>6800
DATA >3118,>008F,>3D00,>8000
DATA >BF00,>2006,>0FF0,>0000

 

 

  • Like 1
Link to comment
Share on other sites

 

* Gazoo's BOOT loader
*GROM3  DATA >AA01,>0000,>600E,>600E
*        DATA >0000,>0000,>0000,>0000
*        DATA >6018,>0442,>4F4F,>5400
*        DATA >BE74,>0303,>D675,>2040
*        DATA >28BD,>9073,>9072,>0000
*        DATA >3118,>008F,>9D00,>6800
*        DATA >3118,>008F,>3D00,>8000
*        DATA >BF00,>2006,>0FF0,>0000
*       
* Hand converted by Tursi, may need some massaging
* to re-assemble. Data order is as in memory:
* <opcode> <dest> <source>
*
* This code does not appear to verify that BOOT is legitimately
* loaded into GRAM before executing it, though!
*
* Header first:
  AORG 6000
  DATA >AA01 * valid rom, version 1
  DATA >0000 * unused
  DATA >600E * Pointer to powerup list
  DATA >600E * Pointer to program list
  DATA >0000 * Pointer to DSR list
  DATA >0000 * Pointer to subprogram list
* 600C:
  DATA >0000 * padding
 
* 600E:
  DATA >0000 * next item pointer
  DATA >6018 * address
  BYTE >04   * name length (make sure assembler doesn't pad this to EVEN)
  TEXT 'BOOT'
  BYTE >00   * padding
 
* 6018:
  ST @>8374,>03  * (BE,74,03) Set KSCAN mode at >8374 to mode 3 (PASCAL)
  SCAN           * (03) read the keyboard
  CEQ @>8375,>20 * (D6,75,20) check if the returned key is space bar
  BR G@>6028     * (40,28) jump to >6028 if not equal (or xx28 if not loaded at >6000)
 
* Space was held, bypass startup
  DST *>0073,*>0072 * (BD,90,73,90,72) I read >0203 and >0002 in ROM...
                    * not sure why, no side effect. Bug? Obfuscation? Just playing? 
  RTN               * (00) finished
 
* 6027:
  BYTE >00          * padding
 
* 6028: jump here if space was NOT held
  MOVE >1800 TO @>2000 FROM G@>6800   * (31,18,00,8f,9d,00,68,00)
                                      * copy the program data into low memory
  MOVE >1800 TO @>C000 FROM G@>8000   * (31,18,00,8f,3d,00,80,00)
                                      * copy the program data into high memory
  DST @>8300,>2006                    * (bf,00,20,06) store address to jump into scratchpad
  XML >F0                             * (0f,f0) jumps to assembly address stored at >8300
                                      * ie: launch boot
  RTN                                 * (00) return, but never executed
  BYTE >00                            * padding

 

Hopefully AA won't mangle my padding too badly. I'm not sure what's up with the DST in the bypass code path, maybe he meant something else, or maybe I mis-decoded that instruction. I don't have that version of XB27 installed to verify it. The rest is all pretty straightforward -- it's just the MOVE opcodes you need in the end, and maybe the SCAN to check for a bypass key. (And the XML to branch to assembly from GROM, I guess. :) )

 

 

  • Like 3
Link to comment
Share on other sites

* 6028: jump here if space was NOT held

MOVE >1800 TO @>2000 FROM G@>6800 * (31,18,00,8f,9d,00,68,00)

* copy the program data into low memory

MOVE >1800 TO @>C000 FROM G@>8000 * (31,18,00,8f,3d,00,80,00)

Hopefully AA won't mangle my padding too badly. I'm not sure what's up with the DST in the bypass code path, maybe he meant something else, or maybe I mis-decoded that instruction. I don't have that version of XB27 installed to verify it. The rest is all pretty straightforward -- it's just the MOVE opcodes you need in the end, and maybe the SCAN to check for a bypass key. (And the XML to branch to assembly from GROM, I guess. :) )

 

 

 

 

Outstanding! No mangling noticed ;) Seems pretty straightforward, although I must admit the MOVE instruction baffles me. Where are >2000 and >C000 hiding in that byte stream? ;)

Link to comment
Share on other sites

* Gazoo's Boot loader

       DEF  START                                 Show where program starts.
       REF  VWTR,VSBW,VMBW,DSRLNK,VMBR,GPLLNK
START  B    @START1                               Go to actual start of program.
PAB    DATA >0500,>0FF0,>0000,>2000               Data for Peripheral access
       BYTE >00                                   block.
FILENM BYTE >09                                   Length byte, pathname.filename
       TEXT 'DSK1.BOO'
INCREM TEXT 'T '
FILE02 TEXT 'U '
GRMWA  EQU  >9C02                                 Grom write address register
GRMWD  EQU  >9C00
VDPWA  EQU  >8C02                                 VDP WRITE address register
VDPRD  EQU  >8800                                 VDP READ DATA REGISTER
BUFFER EQU  >0FC0
PABADR EQU  >0F80
WR     BSS  >20                                   Save space for workspace.
START1 LWPI WR                                    Load workspace.
       LI   R0,>0180                              Set VDP register 1.
       BLWP @VWTR
********************************
BOOT   LI   R0,PABADR
       LI   R1,PAB
       LI   R2,25
       BLWP @VMBW
       LI   R6,PABADR+9
       MOV  R6,@>8356
       BLWP @DSRLNK
       DATA 8
       NOP
       LI   R0,>0FF0
       LI   R1,>8300
       LI   R2,>0002
       BLWP @VMBR
       MOV  @>8300,R1
       CI   R1,>FFFF
       JNE  ERROR
       LI   R3,>9C04                              BANK 2
       LI   R1,>6800
       BL   @LOADR
********************************
BOOU   LI   R9,FILE02
       LI   R10,INCREM
       MOV  *R9,*R10
       LI   R0,PABADR
       LI   R1,PAB
       LI   R2,25
       BLWP @VMBW
       LI   R6,PABADR+9
       MOV  R6,@>8356
       BLWP @DSRLNK
       DATA 8
       NOP
       LI   R0,>0FF0
       LI   R1,>8300
       LI   R2,>0002
       BLWP @VMBR
       MOV  @>8300,R1
       CI   R1,>0000
       JNE  ERROR
       LI   R3,>9C04                              BANK 2
       LI   R1,>8000
       BL   @LOADR
       B    @HEADER
*******************************
ERROR  LI   R1,>980C
       MOV  R1,@>83FA
       BLWP @GPLLNK
       DATA >7810
*******************************
HEADER LI   R0,>0FF0
       LI   R1,GROM3
       LI   R2,>0040
       BLWP @VMBW
       NOP
       LI   R3,>9C04                              BANK 2
       LI   R1,>6000
       CLR  R0
       MOVB R1,@GRMWA
       SWPB R1
       MOVB R1,@GRMWA
       SWPB R1
       LI   R1,>0FF0
       SWPB R1
       MOVB R1,@VDPWA
       SWPB R1
       MOVB R1,@VDPWA
       LI   R0,>0040
LOOP3  MOVB @>8800,*R3
       DEC  R0
       JGT  LOOP3
********************************
QUIT   LIMI 2
       CLR  @>837C
       LWPI >83E0
       BLWP @>0000                Go bye-bye.
*******************************
LOADR  CLR  R0
       MOVB R1,@GRMWA
       SWPB R1
       MOVB R1,@GRMWA
       SWPB R1
       LI   R1,>0FF0
       SWPB R1
       MOVB R1,@VDPWA
       SWPB R1
       MOVB R1,@VDPWA
       LI   R0,>1800
LOOP4  MOVB @>8800,*R3
       DEC  R0
       JGT  LOOP4
       RT
*****************************************
*****************************************
*        END
* Gazoo's BOOT loader
*GROM3  DATA >AA01,>0000,>600E,>600E
*        DATA >0000,>0000,>0000,>0000
*        DATA >6018,>0442,>4F4F,>5400
*        DATA >BE74,>0303,>D675,>2040
*        DATA >28BD,>9073,>9072,>0000
*        DATA >3118,>008F,>9D00,>6800
*        DATA >3118,>008F,>3D00,>8000
*        DATA >BF00,>2006,>0FF0,>0000
*       
* Hand converted by Tursi, may need some massaging
* to re-assemble. Data order is as in memory:
* <opcode> <dest> <source>
*
* This code does not appear to verify that BOOT is legitimately
* loaded into GRAM before executing it, though!
*
* Header first:
  AORG 6000
  DATA >AA01 * valid rom, version 1
  DATA >0000 * unused
  DATA >600E * Pointer to powerup list
  DATA >600E * Pointer to program list
  DATA >0000 * Pointer to DSR list
  DATA >0000 * Pointer to subprogram list
* 600C:
  DATA >0000 * padding
 
* 600E:
  DATA >0000 * next item pointer
  DATA >6018 * address
  BYTE >04   * name length (make sure assembler doesn't pad this to EVEN)
  TEXT 'BOOT'
  BYTE >00   * padding
 
* 6018:
  ST @>8374,>03  * (BE,74,03) Set KSCAN mode at >8374 to mode 3 (PASCAL)
  SCAN           * (03) read the keyboard
  CEQ @>8375,>20 * (D6,75,20) check if the returned key is space bar
  BR G@>6028     * (40,28) jump to >6028 if not equal (or xx28 if not loaded at >6000)
 
* Space was held, bypass startup
  DST *>0073,*>0072 * (BD,90,73,90,72) I read >0203 and >0002 in ROM...
                    * not sure why, no side effect. Bug? Obfuscation? Just playing? 
  RTN               * (00) finished
 
* 6027:
  BYTE >00          * padding
 
* 6028: jump here if space was NOT held
  MOVE >1800 TO @>2000 FROM G@>6800   * (31,18,00,8f,9d,00,68,00)
                                      * copy the program data into low memory
  MOVE >1800 TO @>C000 FROM G@>8000   * (31,18,00,8f,3d,00,80,00)
                                      * copy the program data into high memory
  DST @>8300,>2006                    * (bf,00,20,06) store address to jump into scratchpad
  XML >F0                             * (0f,f0) jumps to assembly address stored at >8300
                                      * ie: launch boot
  RTN                                 * (00) return, but never executed
  BYTE >00                            * padding

 

Sharing the full loader routine in my original post would have made too much sense. |:)

 

See above. The powerup routine (DATA statements) should only be moved into 'gram' if BOOT and BOOU are first loaded successfully from disk. I believe this addresses the legitimacy concern, so far in that two files were loaded. There is no inspection of BOOT/BOOU beyond the header information. ;)

  • Like 1
Link to comment
Share on other sites

 

Outstanding! No mangling noticed ;) Seems pretty straightforward, although I must admit the MOVE instruction baffles me. Where are >2000 and >C000 hiding in that byte stream? ;)

 

It's weird, eh? All absolute addresses in MOVE instructions have >8300 added to them. ;) So it's the 9D00 and the 3D00.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...