As part of the investigations into BeebEm Econet Immediate issues we've been discussing elsewhere, I've been using Py8Dis to create a disassembly of the NFS3.34 ROM. The full disassembly isn't quite finished yet, as there are a few orphaned bits of code, where I've not yet been able to find how it's being called. But I thought I've post up what I've done so far, and allow others to have a look at the missing bits, and offer any thought or comments on what I've done so far:
https://github.com/kgl2001/NFS3.34-Disassembly
The disassembly can be fed back into BeebASM, and it reproduces the original ROM md5: d6761cb566cd87b0c1117b5b600cff16
It's been fun, and Py8Dis is an excellent tool for the job.
Py8Dis Disassembly of NFS3.34
Re: Py8Dis Disassembly of NFS3.34
Control file has been updated / simplified after some very helpful comments from @SteveF.
There are still various stubs of code in the disassembly, and I'm not yet sure what's calling them. Specifically, the code at the following locations:
Whilst the code can be recompiled back to the original ROM, if you add or take away anything, it will likely break because of these unreferenced stubs. So, any help in identifying the calling code would be appreciated.
Thanks!
There are still various stubs of code in the disassembly, and I'm not yet sure what's calling them. Specifically, the code at the following locations:
Code: Select all
entry(0x8694) #Orphaned code? No caller?
entry(0x89EA) #Orphaned code? No caller?
entry(0x8BF2) #Orphaned code? No caller?
entry(0x8D06) #Orphaned code? No caller?
entry(0x9007) #Orphaned code? No caller?
entry(0x9307) #Relocated to &16. Orphaned code? No caller?
entry(0x934C) #Relocated to &400 Orphaned code? No caller?
entry(0x934F) #Relocated to &403. Orphaned code? No caller?
entry(0x9433) #Relocated to 0x4e9. Orphaned code? No caller?
entry(0x943B) #Relocated to 0x4ef. Orphaned code? No caller?
entry(0x9468) #Relocated to 0x51d. Orphaned code? No caller?
entry(0x9FCB) #Orphaned code? No caller?
entry(0x9FD9) #Orphaned code? No caller?
entry(0x9FEB) #Orphaned code? No caller?Thanks!
Re: Py8Dis Disassembly of NFS3.34
There is a jump table at &824D that includes some of them:
https://github.com/kgl2001/NFS3.34-Disa ... 4.asm#L652
Re: Py8Dis Disassembly of NFS3.34
Thanks Dave. That one was staring me in the face!
Control file and and asm files now capture that table. This has taken a couple of entries out of my list. This is what I'm now looking for:
Edit: It actually looks like the table has two parts. The second part (at 0x825b) contains the jump addresses, and the first part (at 0x824d) contains an offset reference to the jump addresses. I had initially only updated the second part, but I think the first part also needed to be updated to make it all still work if things get relocated. So, it now looks like this:
It still all recompiles back to the original ROM code!
Control file and and asm files now capture that table. This has taken a couple of entries out of my list. This is what I'm now looking for:
Code: Select all
entry(0x8BF2) #Orphaned code? No caller?
entry(0x8D06) #Orphaned code? No caller?
entry(0x9007) #Orphaned code? No caller?
entry(0x9307) #Relocated to &16. Orphaned code? No caller?
entry(0x934C) #Relocated to &400 Orphaned code? No caller?
entry(0x934F) #Relocated to &403. Orphaned code? No caller?
entry(0x9433) #Relocated to &4e9. Orphaned code? No caller?
entry(0x943B) #Relocated to &4ef. Orphaned code? No caller?
entry(0x9468) #Relocated to &51d. Orphaned code? No caller?
entry(0x9FCB) #Orphaned code? No caller?
entry(0x9FD9) #Orphaned code? No caller?
entry(0x9FEB) #Orphaned code? No caller?Code: Select all
.c8217
ldy #&0d ; 8217: a0 0d ..
; &8219 referenced 1 time by &8220
.loop_c8219
lda l824d,y ; 8219: b9 4d 82 .M.
sta filev,y ; 821c: 99 12 02 ...
dey ; 821f: 88 .
bpl loop_c8219 ; 8220: 10 f7 ..
jsr sub_c82d1 ; 8222: 20 d1 82 ..
ldy #&1b ; 8225: a0 1b ..
ldx #7 ; 8227: a2 07 ..
jsr c82e5 ; 8229: 20 e5 82 ..
stx l00ce ; 822c: 86 ce ..
; &822e referenced 1 time by &818a
.sub_c822e
lda #osbyte_issue_service_request ; 822e: a9 8f ..
ldx #&0f ; 8230: a2 0f ..
jsr osbyte ; 8232: 20 f4 ff .. ; Issue paged ROM service call, Reason X=15 - Vectors claimed
ldx #&0a ; 8235: a2 0a ..
jsr osbyte ; 8237: 20 f4 ff ..
ldx l00cd ; 823a: a6 cd ..
bne c8275 ; 823c: d0 37 .7
ldx #&45 ; 'E' ; 823e: a2 45 .E
; &8240 referenced 2 times by &82e5, &82eb
.c8240
ldy #&82 ; 8240: a0 82 ..
jmp c8b92 ; 8242: 4c 92 8b L..
equs "I .BOOT" ; 8245: 49 20 2e... I .
equb &0d ; 824c: 0d .
; &824d referenced 1 time by &8219
.l824d
equb l825b - c8240, &ff ; 824d: 1b ff ..
equb l825e - c8240, &ff ; 824f: 1e ff ..
equb l8261 - c8240, &ff ; 8251: 21 ff !.
equb l8264 - c8240, &ff ; 8253: 24 ff $.
equb l8267 - c8240, &ff ; 8255: 27 ff '.
equb l826a - c8240, &ff ; 8257: 2a ff *.
equb l826d - c8240, &ff ; 8259: 2d ff -.
.l825b
equw sub_c8694 ; 825b: 94 86 ..
equb 0 ; 825d: 00 .
.l825e
equw sub_c88e1 ; 825e: e1 88 ..
equb 0 ; 8260: 00 .
.l8261
equw sub_c8485 ; 8261: 85 84 ..
equb 0 ; 8263: 00 .
.l8264
equw sub_c83a2 ; 8264: a2 83 ..
equb 0 ; 8266: 00 .
.l8267
equw sub_c89ea ; 8267: ea 89 ..
equb 0 ; 8269: 00 .
.l826a
equw sub_c8949 ; 826a: 49 89 I.
equb 0 ; 826c: 00 .
.l826d
equw sub_c808c ; 826d: 8c 80 ..
<---SNIP--->
; &82e5 referenced 2 times by &8229, &82f7
.c82e5
lda c8240,y ; 82e5: b9 40 82 .@.
sta (osrdsc_ptr),y ; 82e8: 91 f6 ..
iny ; 82ea: c8 .
lda c8240,y ; 82eb: b9 40 82 .@.
sta (osrdsc_ptr),y ; 82ee: 91 f6 ..
iny ; 82f0: c8 .
lda romsel_copy ; 82f1: a5 f4 ..
sta (osrdsc_ptr),y ; 82f3: 91 f6 ..
iny ; 82f5: c8 .
dex ; 82f6: ca .
bne c82e5 ; 82f7: d0 ec ..
ldy l009f ; 82f9: a4 9f ..
iny ; 82fb: c8 .
rts ; 82fc: 60 `
Re: Py8Dis Disassembly of NFS3.34
There are a few more entries in a table here:
https://github.com/kgl2001/NFS3.34-Disa ... .asm#L2344
Dave
Re: Py8Dis Disassembly of NFS3.34
&9007 is referenced here:
https://github.com/kgl2001/NFS3.34-Disa ... 4.asm#L687
&9307 is copied to &0016 and is then referenced by the BRK vector:
https://github.com/kgl2001/NFS3.34-Disa ... 4.asm#L425
&934C (and the next 3 pages) is copied to &0400 and is the Tube Handler which has well defined entry points called by the MOS.
&9FCB is an NMI handler and is copies to &0CFF+1 = &0D00
Dave
https://github.com/kgl2001/NFS3.34-Disa ... 4.asm#L687
&9307 is copied to &0016 and is then referenced by the BRK vector:
https://github.com/kgl2001/NFS3.34-Disa ... 4.asm#L425
&934C (and the next 3 pages) is copied to &0400 and is the Tube Handler which has well defined entry points called by the MOS.
&9FCB is an NMI handler and is copies to &0CFF+1 = &0D00
Dave
Re: Py8Dis Disassembly of NFS3.34
Thanks Dave. That was really helpful. Particularly identifying the Tube handler code that relocates to &d00. I was looking for that yesterday, but ran out of time.
Other than the code segment at 0x9FEB, which does seem to be redundant, all other code segments now have a caller. Hopefully that's the code now in a position that it can be modified and recompiled without breaking any references.
Next up, I'll probably have a quick look at some of the other uncommented tables to see what they're being used for.
Other than the code segment at 0x9FEB, which does seem to be redundant, all other code segments now have a caller. Hopefully that's the code now in a position that it can be modified and recompiled without breaking any references.
Next up, I'll probably have a quick look at some of the other uncommented tables to see what they're being used for.