|
|
|
IDENTIFICATION SERVEUR : 10.14.20.11 - CLIENT : 52.3.228.47 |
|
| Voir le sujet précédent :: Voir le sujet suivant |
| Auteur |
Message |
toinet
Site Admin
Inscrit le: 15 Juin 2007
Messages: 3055
Localisation: Le Chesnay, France
|
 Posté le: Jeu 11 Juil 2019, 21:47 Sujet du message: Hyper Head On (Starcraft, 1980) |
 |
|
#1011 - A car game à la Pacman. Collect dots to earn points. Original disk by Stephane Racle (and not anonymous), Applesauce disk image by 4am. The game was published by Broderbund.
Disk structure
Funny disk. Using Locksmith Fast Disk Backup tells us (through the sound of the Disk II drive) that data is on every even track from T0 to T12, others are not used.
Protection type
Apart from the track every two, the markers are changed for the address field: D5AA96/DEAB
But also, what is fun is that track number is stored as real track / 2, ie.
| Code: |
- real track 2 => T1
- real track 4 => T2
etc.
|
Boot trace
The program loads in one pass, let's interrupt it...
| Code: |
CALL -151
9600<C600.C6FFM
96F8:4C DA FD
9600G
01
0800: 01 A5 27 C9 09 D0 18 A5
0808: 2B 4A 4A 4A 4A 09 C0 85
0810: 3F A9 5C 85 3E 18 AD FE
0818: 08 6D FF 08 8D FE 08 AE
0820: FF 08 30 15 BD 4D 08 85
0828: 3D CE FF 08 AD FE 08 85
0830: 27 CE FE 08 A6 2B 6C 3E
0838: 00 EE FE 08 EE FE 08 20
0840: 89 FE 20 93 FE 20 2F FB
0848: A6 2B 6C FD 08 00 0D 0B
0850: 09 07 05 03 01 0E 0C 0A
0858: 08 06 04 02 0F 00 20 64
0860: A7 B0 08 A9 00 A8 8D 5D
0868: B6 91 40 AD C5 B5 4C D2
0870: A6 AD 5D B6 F0 08 EE BD
0878: B5 D0 03 EE BE B5 A9 00
0858- 08 06 04 02 0F 00 20 64
0860- A7 B0 08 A9 00 A8 8D 5D
0868- B6 91 40 AD C5 B5 4C D2
0870- A6 AD 5D B6 F0 08 EE BD
0878- B5 D0 03 EE BE B5 A9 00
0880: 8D 5D B6 4C 46 A5 8D BC
0888: B5 20 A8 A6 20 EA A2 4C
0890: 7D A2 A0 13 B1 42 D0 14
0898: C8 C0 17 D0 F7 A0 19 B1
08A0: 42 99 A4 B5 C8 C0 1D D0
08A8: F6 4C BC A6 A2 FF 8E 5D
08B0: B6 D0 F6 00 00 00 00 00
08B8: 49 AB 45 2F 85 10 18 60
08C0: 00 00 00 00 00 00 00 00
08C8: 00 00 00 00 00 00 00 B8
08D0: 20 58 FC A9 C2 20 ED FD
08D8: A9 01 20 DA FD A9 AD 20
08E0: ED FD A9 00 20 DA FD 60
08E8: 00 00 00 00 00 00 00 00
08F0: 0A 20 6B BE 4E 78 04 60
08F8: 00 FF FF FF 00 00 B6 09
Let's get Boot 2:
9600<C600.C6FFM
96F8:A9 4C 8D 4A 08 A9 59 8D 4B 08 A9 FF 8D 4C 08 4C 01 08
9600G
B74B- 4A LSR
B74C- 4A LSR
B74D- 4A LSR
B74E- 4A LSR
B74F- AA TAX
*B700.B77F
B700: A0 A0 8C 00 08 EE 03 B7
B708: D0 F8 EE 04 B7 AD 04 B7
B710: C9 0C 90 EE AD 55 C0 EA
B718: EA EA EA EA EA EA EA EA
B720: 8E E9 B7 8E F7 B7 A9 01
B728: 8D F8 B7 8D EA B7 AD E0
B730: B7 8D E1 B7 A9 01 8D EC
B738: B7 A9 00 8D ED B7 AC E7
B740: B7 EA 8C F1 B7 A9 01 8D
B748: F4 B7 8A 4A 4A 4A 4A AA
B750: A9 00 9D F8 04 9D 78 04
B758: 20 93 B7 A2 FF 9A 8E EB
B760: B7 20 93 FE 20 89 FE 4C
B768: 01 0F 00 00 00 00 00 00
B770: 00 00 00 00 00 00 00 00
B778: 00 00 00 00 00 00 00 00
B758: 20 93 B7 A2 FF 9A 8E EB
B760: B7 20 93 FE 20 89 FE 4C
B768: 01 0F 00 00 00 00 00 00
B770: 00 00 00 00 00 00 00 00
B778: 00 00 00 00 00 00 00 00
B780: 00 00 00 00 00 00 00 00
B788: 00 00 00 00 00 00 00 00
B790: 00 00 00 AD E5 B7 AC E4
B798: B7 20 B5 B7 AC ED B7 C8
B7A0: C0 10 D0 05 A0 00 EE EC
B7A8: B7 8C ED B7 EE F1 B7 CE
B7B0: E1 B7 D0 DF 60 08 78 20
B7B8: 00 BD B0 03 28 18 60 28
B7C0: 38 60 AD BC B5 8D F1 B7
B7C8: A9 00 8D F0 B7 AD F9 B5
B7D0: 49 FF 8D EB B7 60 A9 00
B7D8: A8 91 42 C8 D0 FB 60 00
B7E0: 70 02 0A 1B E8 B7 00 08
B7E8: 01 60 01 01 00 01 FB B7
B7F0: 00 B7 00 00 02 03 01 60
B7F8: 01 00 00 00 01 EF D8 00
The disassembly view:
B700- A0 A0 LDY #$A0
B702- 8C 00 08 STY $0800
B705- EE 03 B7 INC $B703
B708- D0 F8 BNE $B702
B70A- EE 04 B7 INC $B704
B70D- AD 04 B7 LDA $B704
B710- C9 0C CMP #$0C
B712- 90 EE BCC $B702
B714- AD 55 C0 LDA $C055
B717- EA NOP
B718- EA NOP
B719- EA NOP
B71A- EA NOP
B71B- EA NOP
B71C- EA NOP
B71D- EA NOP
B71E- A2 60 LDX #$60
B720- 8E E9 B7 STX $B7E9
B723- 8E F7 B7 STX $B7F7
B726- A9 01 LDA #$01
B728- 8D F8 B7 STA $B7F8
B72B- 8D EA B7 STA $B7EA
B72E- AD E0 B7 LDA $B7E0
B731- 8D E1 B7 STA $B7E1
B734- A9 01 LDA #$01
B736- 8D EC B7 STA $B7EC
B739- A9 00 LDA #$00
B73B- 8D ED B7 STA $B7ED
B73E- AC E7 B7 LDY $B7E7
B741- EA NOP
B742- 8C F1 B7 STY $B7F1
B745- A9 01 LDA #$01
B747- 8D F4 B7 STA $B7F4
B74A- 8A TXA
B74B- 4A LSR
B74C- 4A LSR
B74D- 4A LSR
B74E- 4A LSR
B74F- AA TAX
B750- A9 00 LDA #$00
B752- 9D F8 04 STA $04F8,X
B755- 9D 78 04 STA $0478,X
B758- 20 93 B7 JSR $B793
B75B- A2 FF LDX #$FF
B75D- 9A TXS
B75E- 8E EB B7 STX $B7EB
B761- 20 93 FE JSR $FE93
B764- 20 89 FE JSR $FE89
B767- 4C 01 0F JMP $0F01
It is a standard RWTS (apart from the track thing)
$B7E0 tells that we have $70 sectors to load
$B7EC from T1
$B7ED from S0
$B767 shows it jumps to $0F01 at the end
How to get the program in memory:
B71E:A2 60
B767:4C 59 FF
B71EG
*bingo*
The program is now in memory from $0800 to $77FF
And it is executed at $0F01
|
How to normalize
Do as with Quadran 6112 or others. Put the binary of the program as from T1. Use a standard RWTS on T0 and that's it.
An alt. way here is to copy T0/S0 and T0/S1 from the original disk onto the "backup" disk.
The disk image is available at http://www.brutaldeluxe.fr/crack/
Reboot and... enjoy,
LoGo
7/2019 |
|
| Revenir en haut de page |
|
 |
|
|
Vous ne pouvez pas poster de nouveaux sujets dans ce forum
Vous ne pouvez pas répondre aux sujets dans ce forum
Vous ne pouvez pas éditer vos messages dans ce forum
Vous ne pouvez pas supprimer vos messages dans ce forum
Vous ne pouvez pas voter dans les sondages de ce forum
|
|
FAQ 
Rechercher 
Liste des Membres 
Groupes d'utilisateurs
S'enregistrer
Profil 
Se connecter pour vérifier ses messages privés 
Connexion 
