Site Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
mg_notes:iie_card:weird_stuff [2017/08/06 02:59]
M.G. [Other Weird Instructions]
mg_notes:iie_card:weird_stuff [2019/08/14 15:22] (current)
M.G. [LC //e Card - Weird Stuff]
Line 1: Line 1:
-====== LC //e Card - Weird Stuff ======+====== LC //e Card - Weird Stuff: Opcode $02 ======
  
 ===== Weird Beep ===== ===== Weird Beep =====
Line 19: Line 19:
 </​code>​ </​code>​
  
-$02 is a two-byte NOP on the 65C02. ​ Interestingly enough, when the processor on the Card executes the sequence $02 $01, it produces the configured beep sound.+$02 is a two-byte NOP on the 65C02 (if it was an '802 or '816 it'd be a COP).  Interestingly enough, when the processor on the Card executes the sequence $02 $01, it produces the configured beep sound.
  
 Try this in the monitor: Try this in the monitor:
Line 38: Line 38:
 Here is what I found: Here is what I found:
  
-^ Routine ^ Address ^ Code    ^ Function ^ +In Routine ^ Address ^ Code    ^ Function ^ 
-RESET   | $FAB4   | $02 $02 | +PWRUP   | $FAB4   | $02 $02 | Loads A reg with $Cn+1 where n = startup slot or $C8 if scan. 
-RESET   | $FAC0   | $02 $03 | |+PWRUP   | $FAC0   | $02 $03 | Displays "​UNABLE TO BOOT FROM STARTUP SLOT" if A reg = $Cn-1 where n = startup slot or $c0 if scan.  Disappears if screen scrolls. ​|
 | APPLEII | $FB63   | $02 $04 | Display copyright message on screen, disappears if screen scrolls. | | APPLEII | $FB63   | $02 $04 | Display copyright message on screen, disappears if screen scrolls. |
 | BELL1   | $FBDD   | $02 $01 | Play system bell sound. | | BELL1   | $FBDD   | $02 $01 | Play system bell sound. |
-| GETLN1 ​ | $FD78   | $02 $06 | Key translation called right after rdchar. ​ ​Converts ​A reg from <​key>​DELETE</​key>​ to <​key><​-</​key>​. |+| GETLN1 ​ | $FD78   | $02 $06 | Key translation called right after rdchar. ​If A reg has <​key>​DELETE</​key>​, converts it to <​key><​-</​key>​. | 
 +|         ​| ​        | $02 $05 | Not found in firmware, yet, but presumably this exists. | 
 + 
 +==== The Key Translation and the A register ==== 
 + 
 +Get to the monitor in your %%//%%e Card and try this: 
 + 
 +<​code>​ 
 +*! 
 +!300:jsr fd35 
 +! nop 
 +! nop 
 +! jmp fdda 
 +
 +*300G 
 +</​code>​ 
 + 
 +FD35 is the RDCHAR routine, FDDA is the print byte routine. ​ This routine reads a keypress and outputs its hex code.  Run it a few times to convince yourself there is no funny business. ​ Run it a final time and press <​key>​DELETE</​key>​. 
 + 
 +<​code>​ 
 +*300G 
 +FF    (appears after pressing delete) 
 +
 +</​code>​ 
 + 
 +FF is exactly what we expect to see with the Apple II delete key. 
 + 
 +Now want to see something interesting? ​ Change the NOPs to $02 $06 and run it again. ​ Try a few keys, then try it with <​key>​DELETE</​key>​. 
 + 
 +<​code>​ 
 +*303:02 06 
 +*300G 
 +88    (appears after pressing delete) 
 +
 +</​code>​ 
 + 
 +88 is the code for the left arrow key.  That's some serious magic, and in two bytes the Card converts <​key>​DELETE</​key>​ to <​key><​-</​key>​. 
 + 
 +==== The Two-Byte Copyright ==== 
 + 
 +Try this sequence of instructions:​ 
 + 
 +<​code>​ 
 +]HOME 
 +]CALL -151 
 +*300:02 04 60 
 +*300G 
 +</​code>​ 
 + 
 +Hit the left arrow a bunch of times until the display scrolls. **POOF!** 
 + 
 +==== Slot Scan Scam ==== 
 + 
 +The %%//%%e Card lets the user pick the startup slot in the control panel or "​Scan"​ which is the behavior of a standard %%//%%e. 
 + 
 +This is implemented by the sequences $02 $02 which replaces the LDA #$C8 at the start of the slot scan loop, and $02 $03 which replaces the CMP #$C0 instruction that decides loop termination. 
 + 
 +The $02 $02 sequence loads the accumulator with $C8 if scan is selected, or $Cn+1 if a specific slot is selected. 
 + 
 +<​code>​ 
 +*300:02 02 4C DA FD 
 +*300G 
 +C8   (if scan or slot 7 selected, "​Cx"​ if another slot is selected) 
 +
 +</​code>​ 
 + 
 +The $02 $03 sequence behaves as if CMP #$C0 or CMP #$Cn-1 has been executed and if it has, displays "​UNABLE TO BOOT FROM STARTUP SLOT" in the center of the screen in a similar manner to the copyright message. ​ The message is not in Apple II memory. ​ It returns with the flags set as executing the CMP instruction would have. 
 + 
 +My ''​iie.card''​ [[https://​github.com/​mgcaret/​davex-mg-utils/​blob/​master/​iie.card.s|utility]] for Davex can exploit this to determine which slot is configured for startup via the [[https://​github.com/​mgcaret/​davex-mg-utils/​blob/​master/​iie.card.s#​L118|dispslot routine]].