Understanding BOOSTER.ROM

[redbox]

There is a ROM called BOOSTER.ROM which works with the Inicron RAM-ROM and Symbiface 2 which allows you to initialise and use ROMs 16-31 on these devices.  You put it in space 15 and on boot it initialises and allows access to the higher than normal ROMs.


I disassembled it and the codes looks a bit jumbled in places (it appears to initialise twice) but I've isolated the main routine.  Problem is, I can't really test it or mess about with it much as emulators like WinAPE only support ROM spaces 0-15 and I don't have any real hardware with the extra ROM spaces on my CPC either (can't wait for the MegaFlash!).


I'd like to try and adapt it to work with the Plus cartridge ROM spaces (132 to 135 in a 128kb cartridge) but the code is a bit beyond me at the moment... So, can anyone help me understand how it works?

Code Select Expand



org &8000 ; was in upper rom space
; just put it here to see if it would assemble correctly


start: push af
call    routine_1
pop     af
ret   


routine_1:      ld      a,(variable_1) ; set to &02 at start
dec     a
ret     z


ld      b,a ; ? ld b,1
ld      c,&01 ; ? ld c,1
loop_1: push    bc ; ? store bc (&0101)
ld      a,c ; ? ld a,1
add     a,a ; ? a = 02
add     a,c ; ? a = 03
add     a,&07 ; ? a = 0A
ld      l,a ; ? l = 0A
ld      h,&c0 ; ? h = C0
ld      e,(hl) ; ? ld e,(&c00A)
inc     hl
ld      d,(hl) ; ? de holds &c2e2
ld      b,&00
ld      hl,&c1e0
add     hl,bc
bit     7,(hl)
jr      z,condition_1
call    routine_3 ; routine_3
jr      z,condition_1
push    de
ld      hl,routine_2 ; copy routine_2 to workable memory
ld      de,&bf20 ; to &bf20
ld      bc,&0012 ; 12 bytes long
ldir    ; copy it
pop     hl
call    &bf20 ; call routine_2 in workable memory
condition_1: pop     bc
inc     c
djnz    loop_1
ret     


;==========


routine_2: call    &b912 ; KL CURR SELECTION
; Action Gets the ROM select address of the current ROM
; Entry No entry conditions
; Exit A contains the ROM select address of the current ROM, and all other registers are preserved
ld      c,a
call    &b90f ; KL ROM SELECT
; Action Selects an upper ROM and also enables it
; Entry C contains the ROM select address of the required ROM
; Exit C contains the ROM select address of the previous ROM, and B contains the state of the previous ROM
push    bc
ld      de,&bf2e ; tag bf23 here, &bf2e when routine_2 copied to &bf20
push    de
xor     a
jp      (hl)
bf23: pop     bc
jp      &b918 ; KL ROM DESELECT
; Action Selects the previous upper ROM and sets its state
; Entry C contains me ROM select address of the ROM to be reselected, and B contains the state of the required ROM
; Exit C contains the ROM select address of me current ROM, B is corrupt, and all others are preserved
; Notes This routine reverses the acoon of KL ROM SELECT, and uses the values that it returns in B and C


;==========


routine_3: di     
ld      bc,&f40e
out     (c),c
ld      b,&f6
in      a,(c)
and     &30
ld      c,a
or      &c0
out     (c),a
out     (c),c
inc     b
ld      a,&92
out     (c),a
push    bc
set     6,c
ld      a,&05
add     a,c
ld      b,&f6
out     (c),a
ld      b,&f4
in      a,(c)
ld      l,a
pop     bc
ld      a,&82
out     (c),a
dec     b
out     (c),c
bit     7,l
ei     
ret     


;==========


variable_1: defb &02


[arnoldemu]

There is a ROM called BOOSTER.ROM which works with the Inicron RAM-ROM and Symbiface 2 which allows you to initialise and use ROMs 16-31 on these devices.  You put it in space 15 and on boot it initialises and allows access to the higher than normal ROMs.


I disassembled it and the codes looks a bit jumbled in places (it appears to initialise twice) but I've isolated the main routine.  Problem is, I can't really test it or mess about with it much as emulators like WinAPE only support ROM spaces 0-15 and I don't have any real hardware with the extra ROM spaces on my CPC either (can't wait for the MegaFlash!).


I'd like to try and adapt it to work with the Plus cartridge ROM spaces (132 to 135 in a 128kb cartridge) but the code is a bit beyond me at the moment... So, can anyone help me understand how it works?

Code Select Expand



      org   &8000      ; was in upper rom space
               ; just put it here to see if it would assemble correctly


start:      push   af
      call    routine_1
      pop     af
      ret   


routine_1:        ld      a,(variable_1)   ; set to &02 at start
      dec     a
      ret     z


      ld      b,a      ; ? ld b,1
      ld      c,&01      ; ? ld c,1
loop_1:      push    bc      ; ? store bc (&0101)
      ld      a,c      ; ? ld a,1
      add     a,a      ; ? a = 02
      add     a,c      ; ? a = 03
      add     a,&07      ; ? a = 0A
      ld      l,a      ; ? l = 0A
      ld      h,&c0      ; ? h = C0
      ld      e,(hl)      ; ? ld e,(&c00A)
      inc     hl     
      ld      d,(hl)      ; ? de holds &c2e2
      ld      b,&00
      ld      hl,&c1e0
      add     hl,bc
      bit     7,(hl)
      jr      z,condition_1
      call    routine_3   ; routine_3
      jr      z,condition_1
      push    de
      ld      hl,routine_2   ; copy routine_2 to workable memory
      ld      de,&bf20   ; to &bf20
      ld      bc,&0012   ; 12 bytes long
      ldir          ; copy it
      pop     hl
      call    &bf20      ; call routine_2 in workable memory
condition_1:   pop     bc
      inc     c
      djnz    loop_1
      ret     


;==========


routine_2:   call    &b912      ; KL CURR SELECTION
               ; Action   Gets the ROM select address of the current ROM
               ; Entry      No entry conditions
               ; Exit      A contains the ROM select address of the current ROM, and all other registers are preserved
      ld      c,a
      call    &b90f      ; KL ROM SELECT
               ; Action   Selects an upper ROM and also enables it
               ; Entry      C contains the ROM select address of the required ROM
               ; Exit      C contains the ROM select address of the previous ROM, and B contains the state of the previous ROM
      push    bc
      ld      de,&bf2e   ; tag bf23 here, &bf2e when routine_2 copied to &bf20
      push    de
      xor     a
      jp      (hl)
bf23:      pop     bc
      jp      &b918      ; KL ROM DESELECT
               ; Action   Selects the previous upper ROM and sets its state
               ; Entry      C contains me ROM select address of the ROM to be reselected, and B contains the state of the required ROM
               ; Exit      C contains the ROM select address of me current ROM, B is corrupt, and all others are preserved
               ; Notes      This routine reverses the acoon of KL ROM SELECT, and uses the values that it returns in B and C


;==========


routine_3:   di     
      ld      bc,&f40e
      out     (c),c
      ld      b,&f6
      in      a,(c)
      and     &30
      ld      c,a
      or      &c0
      out     (c),a
      out     (c),c
      inc     b
      ld      a,&92
      out     (c),a
      push    bc
      set     6,c
      ld      a,&05
      add     a,c
      ld      b,&f6
      out     (c),a
      ld      b,&f4
      in      a,(c)
      ld      l,a
      pop     bc
      ld      a,&82
      out     (c),a
      dec     b
      out     (c),c
      bit     7,l
      ei     
      ret     


;==========


variable_1:   defb   &02


routine 3 is reading from the keyboard.
line 5, bit 7 which is space.

routine 2 is the important bit I think.

but it doesn't make a lot of sense as it is here, perhaps the full dissassembly makes more sense.

does it initialise some kind of rsx?

[redbox]

routine 3 is reading from the keyboard.
line 5, bit 7 which is space.

Well that's weird, maybe if you hold down space or something during the boot it doesn't initialise?  Not got any real hardware to test it on myself unfortunately.

routine 2 is the important bit I think.

Me too, and I can kind of see what it's doing - however, after a ROM has been initialised, doesn't the firmware routine in the OS (for example KL FIND COMMAND) walk the ROMs again to find the RSX you've entered?  If so, this routine will be hard-coded to ROMs 15 to 0 (on a 6128) and I can't work out how this program patches this in any way...?

but it doesn't make a lot of sense as it is here, perhaps the full dissassembly makes more sense.
does it initialise some kind of rsx?

Well here is the full raw disassembly, but as far as I can see the routines before it just print the welcome text and do a checksum.  Obviously some of the disassembly is text so the instructions are not relevant as the disassembler doesn't realise it's text and turned the hex into instructions.


Not sure about the RSX init, thought it might have something to do with a table address loaded into DE but really not sure.

Code Select Expand



c000 010102    ld      bc,0201h
c003 05        dec     b
c004 e5        push    hl
c005 ff        rst     38h
c006 c331c1    jp      0c131h
c009 c3e2c2    jp      0c2e2h
c00c c3c3c3    jp      0c3c3h
c00f c3c3c3    jp      0c3c3h
c012 c3c3c3    jp      0c3c3h
c015 c3c3c3    jp      0c3c3h
c018 c3c3c3    jp      0c3c3h
c01b c3c3c3    jp      0c3c3h
c01e c3c3c3    jp      0c3c3h
c021 c3c3c3    jp      0c3c3h
c024 c3c3c3    jp      0c3c3h
c027 c3c3c3    jp      0c3c3h
c02a c3c3c3    jp      0c3c3h
c02d c3c3c3    jp      0c3c3h
c030 c3c3c3    jp      0c3c3h
c033 c3c3c3    jp      0c3c3h
c036 c3c3c3    jp      0c3c3h
c039 c3c3c3    jp      0c3c3h
c03c c3c3c3    jp      0c3c3h
c03f c3c3c3    jp      0c3c3h
c042 c3c3c3    jp      0c3c3h
c045 c3c3c3    jp      0c3c3h
c048 c3c3c3    jp      0c3c3h
c04b c3c3c3    jp      0c3c3h
c04e c3c3c3    jp      0c3c3h
c051 c3c3c3    jp      0c3c3h
c054 c3c3c3    jp      0c3c3h
c057 c3c3c3    jp      0c3c3h
c05a c3c3c3    jp      0c3c3h
c05d c3c3c3    jp      0c3c3h
c060 c3c3c3    jp      0c3c3h
c063 c3c3c3    jp      0c3c3h
c066 c3c3c3    jp      0c3c3h
c069 52        ld      d,d
c06a 2d        dec     l
c06b 47        ld      b,a
c06c 45        ld      b,l
c06d 4e        ld      c,(hl)
c06e 312e31    ld      sp,312eh
c071 3620      ld      (hl),20h
c073 33        inc     sp
c074 322d52    ld      (522dh),a
c077 4f        ld      c,a
c078 4d        ld      c,l
c079 73        ld      (hl),e
c07a 2042      jr      nz,0c0beh
c07c 6f        ld      l,a
c07d 6f        ld      l,a
c07e 73        ld      (hl),e
c07f 74        ld      (hl),h
c080 65        ld      h,l
c081 72        ld      (hl),d
c082 20a4      jr      nz,0c028h
c084 313939    ld      sp,3939h
c087 360d      ld      (hl),0dh
c089 0a        ld      a,(bc)
c08a 00        nop     
c08b 00        nop     
c08c 00        nop     
c08d 00        nop     
c08e 00        nop     
c08f 00        nop     
c090 00        nop     
c091 00        nop     
c092 00        nop     
c093 00        nop     
c094 00        nop     
c095 00        nop     
c096 00        nop     
c097 00        nop     
c098 00        nop     
c099 00        nop     
c09a 00        nop     
c09b 00        nop     
c09c 00        nop     
c09d 3a0600    ld      a,(0006h)
c0a0 dd2181ae  ld      ix,0ae81h
c0a4 1174dd    ld      de,0dd74h
c0a7 fe80      cp      80h
c0a9 c8        ret     z


c0aa dd2164ae  ld      ix,0ae64h
c0ae 1165dd    ld      de,0dd65h
c0b1 fe7b      cp      7bh
c0b3 c8        ret     z


c0b4 1160de    ld      de,0de60h
c0b7 c9        ret     


c0b8 2102c1    ld      hl,0c102h
c0bb cde4c0    call    0c0e4h
c0be 0e00      ld      c,00h
c0c0 c30fb9    jp      0b90fh
c0c3 2100c0    ld      hl,0c000h
c0c6 af        xor     a
c0c7 86        add     a,(hl)
c0c8 2c        inc     l
c0c9 86        add     a,(hl)
c0ca 2c        inc     l
c0cb 86        add     a,(hl)
c0cc 2c        inc     l
c0cd 86        add     a,(hl)
c0ce 2c        inc     l
c0cf 86        add     a,(hl)
c0d0 2c        inc     l
c0d1 86        add     a,(hl)
c0d2 2c        inc     l
c0d3 86        add     a,(hl)
c0d4 2c        inc     l
c0d5 86        add     a,(hl)
c0d6 2c        inc     l
c0d7 20ee      jr      nz,0c0c7h
c0d9 24        inc     h
c0da 20eb      jr      nz,0c0c7h
c0dc 2b        dec     hl
c0dd 96        sub     (hl)
c0de be        cp      (hl)
c0df 37        scf     
c0e0 c8        ret     z


c0e1 21edc0    ld      hl,0c0edh
c0e4 7e        ld      a,(hl)
c0e5 b7        or      a
c0e6 c8        ret     z


c0e7 23        inc     hl
c0e8 cd5abb    call    0bb5ah
c0eb 18f7      jr      0c0e4h
c0ed 2a4348    ld      hl,(4843h)
c0f0 45        ld      b,l
c0f1 43        ld      b,e
c0f2 4b        ld      c,e
c0f3 53        ld      d,e
c0f4 55        ld      d,l
c0f5 4d        ld      c,l
c0f6 2045      jr      nz,0c13dh
c0f8 52        ld      d,d
c0f9 52        ld      d,d
c0fa 4f        ld      c,a
c0fb 52        ld      d,d
c0fc 2a070d    ld      hl,(0d07h)
c0ff 0a        ld      a,(bc)
c100 0a        ld      a,(bc)
c101 00        nop     
c102 2a524f    ld      hl,(4f52h)
c105 4d        ld      c,l
c106 204e      jr      nz,0c156h
c108 4f        ld      c,a
c109 54        ld      d,h
c10a 2046      jr      nz,0c152h
c10c 4f        ld      c,a
c10d 55        ld      d,l
c10e 4e        ld      c,(hl)
c10f 44        ld      b,h
c110 2a070d    ld      hl,(0d07h)
c113 0a        ld      a,(bc)
c114 00        nop     
c115 dd5e00    ld      e,(ix+00h)
c118 dd5601    ld      d,(ix+01h)
c11b 13        inc     de
c11c edb0      ldir   
c11e dde5      push    ix
c120 e1        pop     hl
c121 23        inc     hl
c122 0604      ld      b,04h
c124 23        inc     hl
c125 73        ld      (hl),e
c126 23        inc     hl
c127 72        ld      (hl),d
c128 10fa      djnz    0c124h
c12a dd6e00    ld      l,(ix+00h)
c12d dd6601    ld      h,(ix+01h)
c130 c9        ret     


c131 c5        push    bc
c132 d5        push    de
c133 e5        push    hl
c134 dde5      push    ix
c136 fde5      push    iy
c138 2172c0    ld      hl,0c072h
c13b cde4c0    call    0c0e4h
c13e cdc3c0    call    0c0c3h
c141 dc4cc1    call    c,0c14ch
c144 fde1      pop     iy
c146 dde1      pop     ix
c148 e1        pop     hl
c149 d1        pop     de
c14a c1        pop     bc
c14b c9        ret     


c14c f5        push    af
c14d cd52c1    call    0c152h
c150 f1        pop     af
c151 c9        ret     


c152 3adac1    ld      a,(0c1dah)
c155 3d        dec     a
c156 c8        ret     z


c157 47        ld      b,a
c158 0e01      ld      c,01h
c15a c5        push    bc
c15b 79        ld      a,c
c15c 87        add     a,a
c15d 81        add     a,c
c15e c607      add     a,07h
c160 6f        ld      l,a
c161 26c0      ld      h,0c0h
c163 5e        ld      e,(hl)
c164 23        inc     hl
c165 56        ld      d,(hl)
c166 0600      ld      b,00h
c168 21e0c1    ld      hl,0c1e0h
c16b 09        add     hl,bc
c16c cb7e      bit     7,(hl)
c16e 2815      jr      z,0c185h
c170 cd9cc1    call    0c19ch
c173 2810      jr      z,0c185h
c175 d5        push    de
c176 218ac1    ld      hl,0c18ah
c179 1120bf    ld      de,0bf20h
c17c 011200    ld      bc,0012h
c17f edb0      ldir   
c181 e1        pop     hl
c182 cd20bf    call    0bf20h
c185 c1        pop     bc
c186 0c        inc     c
c187 10d1      djnz    0c15ah
c189 c9        ret     


c18a cd12b9    call    0b912h
c18d 4f        ld      c,a
c18e cd0fb9    call    0b90fh
c191 c5        push    bc
c192 112ebf    ld      de,0bf2eh
c195 d5        push    de
c196 af        xor     a
c197 e9        jp      (hl)
c198 c1        pop     bc
c199 c318b9    jp      0b918h
c19c f3        di     
c19d 010ef4    ld      bc,0f40eh
c1a0 ed49      out     (c),c
c1a2 06f6      ld      b,0f6h
c1a4 ed78      in      a,(c)
c1a6 e630      and     30h
c1a8 4f        ld      c,a
c1a9 f6c0      or      0c0h
c1ab ed79      out     (c),a
c1ad ed49      out     (c),c
c1af 04        inc     b
c1b0 3e92      ld      a,92h
c1b2 ed79      out     (c),a
c1b4 c5        push    bc
c1b5 cbf1      set     6,c
c1b7 3e05      ld      a,05h
c1b9 81        add     a,c
c1ba 06f6      ld      b,0f6h
c1bc ed79      out     (c),a
c1be 06f4      ld      b,0f4h
c1c0 ed78      in      a,(c)
c1c2 6f        ld      l,a
c1c3 c1        pop     bc
c1c4 3e82      ld      a,82h
c1c6 ed79      out     (c),a
c1c8 05        dec     b
c1c9 ed49      out     (c),c
c1cb cb7d      bit     7,l
c1cd fb        ei     
c1ce c9        ret     


c1cf 52        ld      d,d
c1d0 2d        dec     l
c1d1 47        ld      b,a
c1d2 45        ld      b,l
c1d3 4e        ld      c,(hl)
c1d4 312e32    ld      sp,322eh
c1d7 35        dec     (hl)
c1d8 19        add     hl,de
c1d9 00        nop     
c1da 02        ld      (bc),a
c1db 00        nop     
c1dc ea3bb4    jp      pe,0b43bh
c1df c30083    jp      8300h
c1e2 00        nop     
c1e3 00        nop     
c1e4 00        nop     
c1e5 00        nop     
c1e6 00        nop     
c1e7 00        nop     
c1e8 00        nop     
c1e9 00        nop     
c1ea 00        nop     
c1eb 00        nop     
c1ec 00        nop     
c1ed 00        nop     
c1ee 00        nop     
c1ef 00        nop     
c1f0 00        nop     
c1f1 00        nop     
c1f2 00        nop     
c1f3 00        nop     
c1f4 00        nop     
c1f5 00        nop     
c1f6 00        nop     
c1f7 00        nop     
c1f8 00        nop     
c1f9 00        nop     
c1fa 00        nop     
c1fb 00        nop     
c1fc 00        nop     
c1fd 00        nop     
c1fe 00        nop     
c1ff 00        nop     
c200 00        nop     
c201 210fc2    ld      hl,0c20fh
c204 11509f    ld      de,9f50h
c207 013900    ld      bc,0039h
c20a edb0      ldir   
c20c c3509f    jp      9f50h
c20f 0e00      ld      c,00h
c211 cd0fb9    call    0b90fh
c214 c5        push    bc
c215 211cc0    ld      hl,0c01ch
c218 11009f    ld      de,9f00h
c21b 011500    ld      bc,0015h
c21e edb0      ldir   
c220 3ec9      ld      a,0c9h
c222 12        ld      (de),a
c223 13        inc     de
c224 2160de    ld      hl,0de60h
c227 012c00    ld      bc,002ch
c22a edb0      ldir   
c22c 21319f    ld      hl,9f31h
c22f 36c8      ld      (hl),0c8h
c231 23        inc     hl
c232 3600      ld      (hl),00h
c234 114000    ld      de,0040h
c237 214090    ld      hl,9040h
c23a cd3ff5    call    0f53fh
c23d af        xor     a
c23e 3200ac    ld      (0ac00h),a
c241 cd009f    call    9f00h
c244 c1        pop     bc
c245 c318b9    jp      0b918h
c248 ed47      ld      i,a
c24a 3aaeac    ld      a,(0acaeh)
c24d b7        or      a
c24e 204d      jr      nz,0c29dh
c250 3aadac    ld      a,(0acadh)
c253 17        rla     
c254 dc01c2    call    c,0c201h
c257 cd9dc0    call    0c09dh
c25a 2aa6ac    ld      hl,(0aca6h)
c25d ed4ba8ac  ld      bc,(0aca8h)
c261 cd15c1    call    0c115h
c264 3aacac    ld      a,(0acach)
c267 b7        or      a
c268 2017      jr      nz,0c281h
c26a cd9dc0    call    0c09dh
c26d 23        inc     hl
c26e 23        inc     hl
c26f 23        inc     hl
c270 23        inc     hl
c271 3aadac    ld      a,(0acadh)
c274 0e00      ld      c,00h
c276 cb7f      bit     7,a
c278 201a      jr      nz,0c294h
c27a 1f        rra     
c27b 3001      jr      nc,0c27eh
c27d d5        push    de
c27e c30fb9    jp      0b90fh
c281 d5        push    de
c282 21b3ac    ld      hl,0acb3h
c285 cdd4bc    call    0bcd4h
c288 d1        pop     de
c289 d2b8c0    jp      nc,0c0b8h
c28c cd4fad    call    0ad4fh
c28f cd1cc1    call    0c11ch
c292 18d6      jr      0c26ah
c294 cd0fb9    call    0b90fh
c297 cd09b9    call    0b909h
c29a c3169f    jp      9f16h
c29d 2aa6ac    ld      hl,(0aca6h)
c2a0 ed4ba8ac  ld      bc,(0aca8h)
c2a4 ed5ba4ac  ld      de,(0aca4h)
c2a8 edb0      ldir   
c2aa 3aacac    ld      a,(0acach)
c2ad b7        or      a
c2ae 2013      jr      nz,0c2c3h
c2b0 3aadac    ld      a,(0acadh)
c2b3 01008e    ld      bc,8e00h
c2b6 1f        rra     
c2b7 3005      jr      nc,0c2beh
c2b9 ed5baaac  ld      de,(0acaah)
c2bd d5        push    de
c2be ed57      ld      a,i
c2c0 c318b9    jp      0b918h
c2c3 d5        push    de
c2c4 21b3ac    ld      hl,0acb3h
c2c7 cdd4bc    call    0bcd4h
c2ca d1        pop     de
c2cb d2b8c0    jp      nc,0c0b8h
c2ce cd4fad    call    0ad4fh
c2d1 edb0      ldir   
c2d3 18db      jr      0c2b0h
c2d5 cd0fb9    call    0b90fh
c2d8 23        inc     hl
c2d9 7e        ld      a,(hl)
c2da 23        inc     hl
c2db 66        ld      h,(hl)
c2dc 6f        ld      l,a
c2dd ed4bb1ac  ld      bc,(0acb1h)
c2e1 c9        ret     


c2e2 21fbc2    ld      hl,0c2fbh
c2e5 11a4ac    ld      de,0aca4h
c2e8 011e00    ld      bc,001eh
c2eb edb0      ldir   
c2ed 2148c2    ld      hl,0c248h
c2f0 11c2ac    ld      de,0acc2h
c2f3 019a00    ld      bc,009ah
c2f6 edb0      ldir   
c2f8 c3c2ac    jp      0acc2h
c2fb b6        or      (hl)
c2fc b3        or      e
c2fd 19        add     hl,de
c2fe c39b00    jp      009bh
c301 b6        or      (hl)
c302 b3        or      e
c303 00        nop     
c304 83        add     a,e
c305 010000    ld      bc,0000h
c308 00        nop     
c309 00        nop     
c30a 00        nop     
c30b 00        nop     
c30c 00        nop     
c30d 00        nop     
c30e 00        nop     
c30f 00        nop     
c310 00        nop     
c311 00        nop     
c312 00        nop     
c313 00        nop     
c314 00        nop     
c315 00        nop     
c316 00        nop     
c317 00        nop     
c318 00        nop     
c319 f5        push    af
c31a c5        push    bc
c31b d5        push    de
c31c e5        push    hl
c31d cdc2b3    call    0b3c2h
c320 e1        pop     hl
c321 d1        pop     de
c322 c1        pop     bc
c323 f1        pop     af
c324 c9        ret     


c325 3acbbc    ld      a,(0bccbh)
c328 fec3      cp      0c3h
c32a 200a      jr      nz,0c336h
c32c 3e0b      ld      a,0bh
c32e cd5abb    call    0bb5ah
c331 3e12      ld      a,12h
c333 c35abb    jp      0bb5ah
c336 3ec3      ld      a,0c3h
c338 32cbbc    ld      (0bccbh),a
c33b 21b0b0    ld      hl,0b0b0h
c33e 22ccbc    ld      (0bccch),hl
c341 32cebc    ld      (0bcceh),a
c344 21bab0    ld      hl,0b0bah
c347 22cfbc    ld      (0bccfh),hl
c34a 211cb4    ld      hl,0b41ch
c34d 11b0b0    ld      de,0b0b0h
c350 013500    ld      bc,0035h
c353 edb0      ldir   
c355 2100be    ld      hl,0be00h
c358 5d        ld      e,l
c359 54        ld      d,h
c35a 13        inc     de
c35b 3600      ld      (hl),00h
c35d 013f00    ld      bc,003fh
c360 edb0      ldir   
c362 3e00      ld      a,00h
c364 32ecb9    ld      (0b9ech),a
c367 3ebe      ld      a,0beh
c369 32efb9    ld      (0b9efh),a
c36c 3e20      ld      a,20h
c36e 32e7b9    ld      (0b9e7h),a
c371 0e00      ld      c,00h
c373 cd0fb9    call    0b90fh
c376 114000    ld      de,0040h
c379 21ffab    ld      hl,0abffh
c37c c306c0    jp      0c006h
c37f 0e1f      ld      c,1fh
c381 cdbab0    call    0b0bah
c384 0d        dec     c
c385 f2b2b0    jp      p,0b0b2h
c388 c9        ret     


c389 3ad9b8    ld      a,(0b8d9h)
c38c b9        cp      c
c38d c8        ret     z


c38e 79        ld      a,c
c38f fe20      cp      20h
c391 d0        ret     nc


c392 cd79ba    call    0ba79h
c395 3a00c0    ld      a,(0c000h)
c398 e603      and     03h
c39a 3d        dec     a
c39b 2014      jr      nz,0c3b1h
c39d c5        push    bc
c39e 37        scf     
c39f cd06c0    call    0c006h
c3a2 300c      jr      nc,0c3b0h
c3a4 d5        push    de
c3a5 23        inc     hl
c3a6 eb        ex      de,hl
c3a7 2100be    ld      hl,0be00h
c3aa cd06b9    call    0b906h
c3ad c35103    jp      0351h
c3b0 c1        pop     bc
c3b1 c387ba    jp      0ba87h


ffe5 33        inc     sp
ffe6 322052    ld      (5220h),a
ffe9 4f        ld      c,a
ffea 4d        ld      c,l
ffeb 73        ld      (hl),e
ffec 2042      jr      nz,0030h
ffee 4f        ld      c,a
ffef 4f        ld      c,a
fff0 53        ld      d,e
fff1 54        ld      d,h
fff2 45        ld      b,l
fff3 d24d41    jp      nc,414dh
fff6 4e        ld      c,(hl)
fff7 41        ld      b,c
fff8 47        ld      b,a
fff9 45        ld      b,l
fffa 2e42      ld      l,42h
fffc 49        ld      c,c
fffd ce00      adc     a,00h
ffff db00      in      a,(00h)


[Bryce]

As far as I know, TFMs ROMManager program has a similar process to activate ROMs above 15, maybe he can give you a few tips on what's happening?

Bryce.

[redbox]

As far as I know, TFMs ROMManager program has a similar process to activate ROMs above 15, maybe he can give you a few tips on what's happening?

I have asked TFM several times about this but he didn't have any time and pointed me to the BOOSTER.ROM, which is why I'm trying to find out this way.

[arnoldemu]

a quick analysis shows.

rom starts up, does checksum
if checksum succeeds, it then does a loop.
it needs to copy a routine to ram because it manipulates the roms
it then selects each rom, and executes it's startup routine.
it also patches some firmware functions (that are copied into ram), so that it can select the other roms ok.

[redbox]

a quick analysis shows.

rom starts up, does checksum
if checksum succeeds, it then does a loop.
it needs to copy a routine to ram because it manipulates the roms
it then selects each rom, and executes it's startup routine.
it also patches some firmware functions (that are copied into ram), so that it can select the other roms ok.

That's great that you can see what's happening!


Would you mind telling me the locations in memory where each of these occurs, then I can start working backwards with it...?

[arnoldemu]

http://www.cpctech.org.uk/docs/os.asm

@ &51:  &3a6 is copied to &b900. length 01e4.

any calls referencing that area (ba00) or so, these will be within this.
So you can work out the function and where it's calling.

any calls to &c000 or so will be to roms.

keep the dissassembly at &c000 and work through it, documenting the firmware functions.

I can't give anymore help at this time.

[redbox]

keep the dissassembly at &c000 and work through it, documenting the firmware functions.

That's great, thanks for your help.

I did think it might be patching the firmware in RAM, which is good news for the MegaFlash - you don't actually need the Booster ROM as you can patch the OS ROM itself and and load this into the MegaFlash directly to override the CPC's internal OS ROM. 

Bad news for me though as patching these routines to work from &84 to &87 (the Plus cartridge ROM spaces) is incredibly difficult.

[Bryce]

I doubt many people will want to initialise all 32 ROMs much of the time though. It takes up a lot of RAM doing that.

Bryce.

[TFM]

As far as I know, TFMs ROMManager program has a similar process to activate ROMs above 15, maybe he can give you a few tips on what's happening?

Bryce.

Actually not, because the ROManager only manages the ROMs. The Booster initializes them. However, I can give some explanations here. The ROM Booster must be (should!) a ROM position 15. So it get's initialized first. Now it does the following: It initializes all ROMs between 16 and 31. Cuidado! Danger! Don't initialize ROM with a number bigger than 31, because this would crash the Amsdos/Basic.

Then the ROM Booster initialzes itself and then gives the control back to the CPC.

The source is a bis screwed up, because it was probably taken from the ROM itself, and this was generated by the ROM-Gen 1.16 or higher, so this explains that.

All clear?

[TFM]

I doubt many people will want to initialise all 32 ROMs much of the time though. It takes up a lot of RAM doing that.

Bryce.

Yes, but it depends on the ROMs. Some ROMs take only few bytes, needed for the RSX chain (like FutureOS ) and others take whole pages (Maxam, Amsdos, other dos, protext etc.). So if you put "the right" ROMs above 16 it can make sense.

However, every ROM with a number bigger than 7 will probably shit down the Amsdos RAM, which confuses games that directly access memory (like at &A701 etc.).

The Booster ROM is basicly all you need, it provides also a lot of space for programs, to be added into the same ROM. Further you can deactivate = park it, so it will not work if you don't like it working.

[redbox]

Don't initialize ROM with a number bigger than 31, because this would crash the Amsdos/Basic.

Thanks TFM.

Yes, this is what I have found too.  However, I can't find out exactly why - I know that the OS kernel routines have error checks to ensure that only ROMs 0-15 (or 0-7 on a 464) are initialised, but can't see why Amsdos/Basic can't deal with any ROMs above position 31...  Can you please explain the reason for this?

The source is a bis screwed up, because it was probably taken from the ROM itself, and this was generated by the ROM-Gen 1.16 or higher, so this explains that.

Yeah I found the string relating to R-GEN 1.16 too in the RSX table and guess it was a ROM generator.  It appears the author of the Booster from wrote a program called MANAGE.BIN and used this utility to make his ROM.  You can actually access the routine again in Basic if you use the RSX |MANAGE.BIN .

[Bryce]

I'd also like to know why a ROM above 31 would crash the CPC. There's certainly no hardware reason for this.

Bryce.

[TFM]

I'd also like to know why a ROM above 31 would crash the CPC. There's certainly no hardware reason for this.

Bryce.

No absolutely not, it's only a space problem in the CPCs RAM. Every ROM needs some bytes in RAM to be managed by the firmware, so this couple of bytes will overwrite other code of the firmware.

Don't let me be misunderstood (like the song). To connect ROMs with numbers over 31 is no problem at all. You can connect all 256 possible ROMs to the CPC and there will be no problem. But you can only integrate 0-31 to the RSX chain of the CPCs firmware.

[redbox]

No absolutely not, it's only a space problem in the CPCs RAM. Every ROM needs some bytes in RAM to be managed by the firmware, so this couple of bytes will overwrite other code of the firmware. To connect ROMs with numbers over 31 is no problem at all. You can connect all 256 possible ROMs to the CPC and there will be no problem. But you can only integrate 0-31 to the RSX chain of the CPCs firmware.

Ah so it's a problem with the RSXs in ROMs higher than 31. I wasn't aware of this and only knew about ROMs requesting a little bit of RAM as general workspace, which I assume is not what you are talking about here).

So, for example, if you have only 1 ROM in slot 40 you can't initialise it's RSXs because this ROM slot's required 'few bytes' will overwrite some part of the firmware...?  Is this right?  And where in memory would these 'few bytes' be - do you have a formula or something to calculate it?

[TFM]

The firmware always initializes ROMs 0-15 (-7 if 464), but there is space for 16-31 too, when using the Booster ROM.

You may can initialize a ROM of number 40 "by hand" but not by firmware.

ROMs need two kinds of space:

- some bytes for the firmware, their management, and their RSXes.

- RAM that is used by the software on ROM

The minimum amount of bytes a ROM needs is four bytes, the firmware can't work with less.

[Bryce]

Ok, so it's not the actual number being used by a ROM that's important, but the fact that there is only space for 32 ROM "header bytes". So if only ROMs 0 and 7 were initialised, it would still be possible to initialise (by hand) 30 other ROMs at positions above 31?

Is this also the case with the CPC Plus? The reason I ask is the MegaFlash: If ROMs 0 and 7 are initialised, and a cartridge also takes some ROM space, then can I still activate 32 ROMs on the MegaFlash without the CPC crashing?

Bryce.

[redbox]

Ok, so it's not the actual number being used by a ROM that's important, but the fact that there is only space for 32 ROM "header bytes".

This appears to be what TFM is saying and I already knew about this.  It's the same reason it's not a good idea to initialise 32 ROMs at once - Himem gets so low from all the RAM grabbed by the ROMs that the CPC becomes pretty unusable.

So if only ROMs 0 and 7 were initialised, it would still be possible to initialise (by hand) 30 other ROMs at positions above 31?

What I thought he was saying is that you can't initialise any ROM which uses RSXs over position 31 but yes, TFM then says you can do this by hand.  However, the only way I can test this is by trying to initialise a ROM in slot 132 (in the Plus cartridge, 128-131 are system ROMs and after that you have 4 free spaces in a 128kb cartridge from 132-135) and I can tell you that this definitely doesn't work - the ROM does appear to init, but you get artefacts on the screen and none of the RSXs work.

The only other way I can think of testing this is to have a device like your MegaFlash with more than 512kb so it has ROM positions over 31 (would have to be 1Mb I guess) and see what happens.  Or you could try my code on your existing MegaFlash and see if it works with a ROM in say position 20 (change the first LD C to LD C,20 then assemble it and CALL &8000 from BASIC)...?

It is highly possible, of course, that we find a problem with my code but I did take it from the firmware OS routines that Arnoldemu disassembled though, so should be ok.  Can anyone check it for me?

Code Select Expand


org &8000

ld c,&84 ; select ROM &84 (132) from Plus Cartridge
call kl_init_back ; initialise ROM
ret


kl_init_back: ld      a,(&b8d9) ; &B8D9 - 1 - foreground ROM select address (0 for the BASIC ROM)
cp      c
ret     z


;; DISABLED - check ROM is in 0-15 range
;; ld      a,c ; checks rom is in 0-15 range
;; cp      &10
;; ret     nc


call    kl_rom_select ;; HI: KL ROM SELECT


    ld      a,(&c000) ; get ROM type number
and     &03 ; checks number is in range 0-3 in decimal
dec     a ; checks ROM type number is 0 (background ROM)
jr      nz,not_background_rom ; and if not exit routine, else...


push    bc ; preserve ROM number
scf      ; set carry flag
call    &c006 ; initialise ROM, ROM init has SCF at end of routine, therefore...
jr      nc,init_not_done ; if initalise unsuccessful exit routine, else..


push    de
inc     hl
ex      de,hl
ld      hl,&b8da ; &B8DA - 16*2 - ROM entry IY value (ie the address table) - the 6128 has ROMs numbered from 0 to 15:
ld      bc,(&b8d6) ; &B8D6 - 1 - Upper ROM status (eg select number)
ld      b,&00
add     hl,bc
add     hl,bc
ld      (hl),e
inc     hl
ld      (hl),d
ld      hl,&fffc
add     hl,de
call    kl_log_ext ; KL LOG EXT
dec     hl
pop     de
init_not_done: pop     bc
not_background_rom: jp      kl_rom_deselect ;; HI: KL ROM DESELECT



kl_rom_select: call    kl_u_rom_enable ;; HI: KL U ROM ENABLE
push    hl ; routine duplicated in kl_rom_deselect, repeated here for clarity
di     
ld      b,&df
out     (c),c
ld      hl,&b8d6
ld      b,(hl)
ld      (hl),c
ld      c,b
ld      b,a
ei     
pop     hl
ret           



kl_rom_deselect: push    af
ld      a,b
call    kl_l_rom_restore ;; HI: KL L ROM RESTORE
pop     af
push    hl
di     
ld      b,&df
out     (c),c
ld      hl,&b8d6
ld      b,(hl)
ld      (hl),c
ld      c,b
ld      b,a
ei     
pop     hl
ret     




kl_l_rom_restore: di     
exx     
xor     c
and     &0c
xor     c
ld      c,a
out     (c),c
exx      ; routine duplicated in kl_u_rom_enable, repeated here for clarity
ei     
ret     




kl_log_ext: push    hl
ld      de,(&b8d3)
ld      (&b8d3),hl
ld      (hl),e
inc     hl
ld      (hl),d
inc     hl
ld      (hl),c
inc     hl
ld      (hl),b
pop     hl
ret     




kl_u_rom_enable: di     
exx     
ld      a,c
res     3,c ; resets bit 3 to 0 (? problem with ROM number 132, not sure but doesn't work without it)
out     (c),c
exx     
ei     
ret     



[Bryce]

You could test it with any standard ROMBoard that decodes all 8 Data lines. Just add an inverter to say D6, so that they ROMBoard then replies when it's equal to 1. This would shift the entire ROMBoard up to ROMs 64 onwards.

In fact it's even easier on a ROMBoard that DOESN'T decode all the data bits. On these, the ROMs are technically also present right up to 255, you would just have to initialise a position higher up the line, although you might have to park the original ROM that got initialised in the 0-7 range to avaiod a clash? Not sure about that though, is there a problem with having the same ROM twice on a CPC?

Bryce.

[redbox]

You could test it with any standard ROMBoard that decodes all 8 Data lines. Just add an inverter to say D6, so that they ROMBoard then replies when it's equal to 1. This would shift the entire ROMBoard up to ROMs 64 onwards.

Makes sense, but I don't have a ROM board to try it    Maybe we could alter an emulator to do this?  Winape only supports 0-15 at present, not sure about the others.

Not sure about that though, is there a problem with having the same ROM twice on a CPC?

I put Maxam 1.5 in ROM spaces 5 and 6 in WinApe and it worked fine - the ROM just initialised twice and shows as installed twice in the display (|HELP) details, so I don't think there's a problem with this. The RSX commands worked too, assume it routes to the last initialised ROM.

[Bryce]

Interesting to know. I don't know how it actually interprets RSX commands, but I would assume, the one with the highest ROM No. is the one actually being used, because the CPC reads them in from 15 to 0 and lists them in a table in RAM. When you type the RSX, I assumed it read the list from top to bottom, but maybe it's the other way around?

Bryce.

[redbox]

When you type the RSX, I assumed it read the list from top to bottom, but maybe it's the other way around?

It's KL FIND COMMAND which finds RSXs, and the description from the Firmware guide says "the sequence of searching is RSXs, then ROMs with lower numbers before ROMs with higher numbers". 


But this kind of contradicts RSXs that have been initially logged by KL LOG EXT... I think you can either increase or decrease the memory space each time this is done, and think the latter is generally the convention used (because ROM walking is also done from high to low numbers).


On another note - I've found the ROM Utopia to look interesting as it has two RSX commands |ROMON and |ROMOFF.  You can use them alone for all ROMs or with a number, such as |ROMON,7 .


I've tried it with |ROMON,20 and it accepts the input and doesn't crash.  I've also tried it with |ROMON,132 and the Maxam ROM in that space in the cartridge position but unfortunately it didn't do anything.  However, I think it's worth a try to put the Utopia ROM in say slot 6 in the MegaFlash and then any other ROM (Maxam or something) in slot 20.  Then try a |ROMON,20 from BASIC and we can see if it works.


If it does, great news and I can look into it further.  If not, then maybe it's just the code but at least I'll have something to go on!

[Bryce]

Although the Cartridge system is very similar to the ROMBoard system, they are not the same. ROMON and ROMOFF won't work on a ROM in a cartridge. ROMs in a ROMBoard react to the /ROMEN signal, whereas cartridges have a seperate /ROM signal which the ROMON / ROMOFF commands don't trigger.

Bryce.

[redbox]

Although the Cartridge system is very similar to the ROMBoard system, they are not the same. ROMON and ROMOFF won't work on a ROM in a cartridge. ROMs in a ROMBoard react to the /ROMEN signal, whereas cartridges have a seperate /ROM signal which the ROMON / ROMOFF commands don't trigger.

This is very interesting, is this part of the hardware design?  And something to do with how ROM slots 128-131 are patched into their 'real' positions (0, 1 and 7) on the Plus?


I don't know what the ROMEN signal is, do you have any more information.