Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
mg_notes:iie_card:weird_stuff [2017/08/06 02:43] M.G. other weird instructions |
mg_notes:iie_card:weird_stuff [2019/08/14 15:22] (current) M.G. [LC //e Card - Weird Stuff] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== LC //e Card - Weird Stuff ====== | + | ====== LC //e Card - Weird Stuff: Opcode $02 ====== |
| ===== Weird Beep ===== | ===== Weird Beep ===== | ||
| Line 19: | Line 19: | ||
| </code> | </code> | ||
| - | $02 is a two-byte NOP on the 65C02. Interestingly enough, when the processor on the Card executes the sequence $02 $01, it produces the configured beep sound. | + | $02 is a two-byte NOP on the 65C02 (if it was an '802 or '816 it'd be a COP). Interestingly enough, when the processor on the Card executes the sequence $02 $01, it produces the configured beep sound. |
| Try this in the monitor: | Try this in the monitor: | ||
| Line 38: | Line 38: | ||
| Here is what I found: | Here is what I found: | ||
| - | ^ Routine ^ Address ^ Code ^ Function ^ | + | ^ In Routine ^ Address ^ Code ^ Function ^ |
| - | | RESET | $FAB4 | $02 $02 | ? | | + | | PWRUP | $FAB4 | $02 $02 | Loads A reg with $Cn+1 where n = startup slot or $C8 if scan. | |
| - | | RESET | $FAC0 | $02 $03 | ? | | + | | PWRUP | $FAC0 | $02 $03 | Displays "UNABLE TO BOOT FROM STARTUP SLOT" if A reg = $Cn-1 where n = startup slot or $c0 if scan. Disappears if screen scrolls. | |
| + | | APPLEII | $FB63 | $02 $04 | Display copyright message on screen, disappears if screen scrolls. | | ||
| + | | BELL1 | $FBDD | $02 $01 | Play system bell sound. | | ||
| + | | GETLN1 | $FD78 | $02 $06 | Key translation called right after rdchar. If A reg has <key>DELETE</key>, converts it to <key><-</key>. | | ||
| + | | | | $02 $05 | Not found in firmware, yet, but presumably this exists. | | ||
| + | ==== The Key Translation and the A register ==== | ||
| + | |||
| + | Get to the monitor in your %%//%%e Card and try this: | ||
| + | |||
| + | <code> | ||
| + | *! | ||
| + | !300:jsr fd35 | ||
| + | ! nop | ||
| + | ! nop | ||
| + | ! jmp fdda | ||
| + | ! | ||
| + | *300G | ||
| + | </code> | ||
| + | |||
| + | FD35 is the RDCHAR routine, FDDA is the print byte routine. This routine reads a keypress and outputs its hex code. Run it a few times to convince yourself there is no funny business. Run it a final time and press <key>DELETE</key>. | ||
| + | |||
| + | <code> | ||
| + | *300G | ||
| + | FF (appears after pressing delete) | ||
| + | * | ||
| + | </code> | ||
| + | |||
| + | FF is exactly what we expect to see with the Apple II delete key. | ||
| + | |||
| + | Now want to see something interesting? Change the NOPs to $02 $06 and run it again. Try a few keys, then try it with <key>DELETE</key>. | ||
| + | |||
| + | <code> | ||
| + | *303:02 06 | ||
| + | *300G | ||
| + | 88 (appears after pressing delete) | ||
| + | * | ||
| + | </code> | ||
| + | |||
| + | 88 is the code for the left arrow key. That's some serious magic, and in two bytes the Card converts <key>DELETE</key> to <key><-</key>. | ||
| + | |||
| + | ==== The Two-Byte Copyright ==== | ||
| + | |||
| + | Try this sequence of instructions: | ||
| + | |||
| + | <code> | ||
| + | ]HOME | ||
| + | ]CALL -151 | ||
| + | *300:02 04 60 | ||
| + | *300G | ||
| + | </code> | ||
| + | |||
| + | Hit the left arrow a bunch of times until the display scrolls. **POOF!** | ||
| + | |||
| + | ==== Slot Scan Scam ==== | ||
| + | |||
| + | The %%//%%e Card lets the user pick the startup slot in the control panel or "Scan" which is the behavior of a standard %%//%%e. | ||
| + | |||
| + | This is implemented by the sequences $02 $02 which replaces the LDA #$C8 at the start of the slot scan loop, and $02 $03 which replaces the CMP #$C0 instruction that decides loop termination. | ||
| + | |||
| + | The $02 $02 sequence loads the accumulator with $C8 if scan is selected, or $Cn+1 if a specific slot is selected. | ||
| + | |||
| + | <code> | ||
| + | *300:02 02 4C DA FD | ||
| + | *300G | ||
| + | C8 (if scan or slot 7 selected, "Cx" if another slot is selected) | ||
| + | * | ||
| + | </code> | ||
| + | |||
| + | The $02 $03 sequence behaves as if CMP #$C0 or CMP #$Cn-1 has been executed and if it has, displays "UNABLE TO BOOT FROM STARTUP SLOT" in the center of the screen in a similar manner to the copyright message. The message is not in Apple II memory. It returns with the flags set as executing the CMP instruction would have. | ||
| + | |||
| + | My ''iie.card'' [[https://github.com/mgcaret/davex-mg-utils/blob/master/iie.card.s|utility]] for Davex can exploit this to determine which slot is configured for startup via the [[https://github.com/mgcaret/davex-mg-utils/blob/master/iie.card.s#L118|dispslot routine]]. | ||