Jump to content
Have You Played Atari Today?
2600|5200|7800|Lynx|Jaguar|Forums|Store
IGNORED

Planet Bob - Code escapes from Cartridge!

RSS Bot

By RSS Bot
in Member Blogs

 Share

Recommended Posts

RSS Bot Quadrunner

RSS Bot

Posted
Posted

Hi there!

 

Uihjah!

 

Remember that small snippet from yesterday? Besides calling half a dozen reset routines from the kernel and the BASIC interpreter, it basically just copies the first two bank 1 pages into the C64 RAM. Then it jumps there and does something rather unusual (at least for the VCS programmer ;) ):

 

It switches through all four banks, copying all content of the cartridge into the C64 RAM, creating a solid 28K block of ROM. If you ever tried booting the Park Patrol cartridge in VICE, you may have noticed that it starts with a black screen, unexpectedly saying "Loading". So that's precisely what it really does then! :-o

 

Here's where the contents get copied:

  • $9000-$9FFF from Bank 1 goes to $5000-$5FFF
  • $8000-$9FFF from Bank 2 goes to $6000-$7FFF
  • $8000-$9FFF from Bank 3 goes to $8000-$9FFF
  • $8000-$9FFF from Bank 4 goes to $A000-$BFFF

Notice something? Bank 3 goes to $8000! That's where I said the cartridge is residing! Huh?!?

 

Well, actually no big deal. The C64 is a pretty smart machine. It has a full 64K of RAM. When you write to an area where a ROM block is active, all writes will still go through to the RAM *under* the ROM. (Reading there still means reading from the ROM.)

 

What puzzles me though, is: Why is the content of bank 3 *copied* there?

- It could've just switched to bank 3 to get the content of bank 3 there in no time!

 

Well, Ok, maybe for some selfmodifying code. (Or just making it easier for Crackers to copy the game onto disk, making 'em no worries over the bankswitching... :ponder: :lol: )

 

Remember another thing I said about bank 3 yesterday? Yup, it's the other one with starting code! Hm... well, I bet the game *is* started there, but why does it need a cartridge boot signature? Only thing I can think of right now, is that it is required for a warm start. To start it now after the copying sequence, all it requires is to jump there after activating RAM at $8000 again.

 

I think that is exactly what it does at the end of the copying routine:

CODE

lda #$2F

sta $00

lda #$36

sta $01

jmp J_8009; $8009

 

 

I'm not C64 expert enough to fully understand this. Location $00 is the data direction register of the 6510. AFAIK is #$2F the default value, so I could imagine that this turns the cartridge off. Location $01 handles which parts of the multi-layered memory map are active. What I definitely can say is that it does switch from the BASIC interpreter ROM to the RAM residing there, which makes sense as the loader code just copied the 4th Park Patrol bank there ;)

 

Interesting note at this point: It seems as if the remainder of the first 4K of the first bank contains just unused garbage. Also interesting: The *used* 4K are almost completely filled with alternating $00 and $FF pages... Hm... :?

 

My next task will be constructing a working PRG file, by combining all info bits I found out so far. Halfway as a proof of concept of all my theories so far and halfway to have a compiling and working game source in hands to toy with :)

 

Greetings,

Manuel

 

http://www.atariage.com/forums/index.php?a...;showentry=2010

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
AtariAge
Forums
Store
General
Follow AtariAge

Copyright ©1998-2023 AtariAge

×
×
  • Create New...