68kMLA Classic Interface

This is a version of the 68kMLA forums for viewing on your favorite old mac. Visitors on modern platforms may prefer the main site.

Click here to select a new forum.
ROM Hacking: Classic-style ROM Disks for every machine?
Posted by: eharmon on 2024-01-02 17:44:36
I would if not for the issue of redistributing copyrighted code. While I think you can export the annotations and apply them to the binary later, I don't think it quite gets everything like equates, and preferably everything would be rewritten into assembly files that are easier to read and potentially can be reassembled into a working ROM.
Yeah, definitely.

I located the documentation I was looking for in the IIvx developer note:

The Macintosh IIvx, like all other Macintosh computers, implements an overlay function at power-up or reset that maps ROM address space (in this case, $4000 0000 through $403F FFFF) to RAM space starting at location $0000 0000. Following the first access to the normal ROM address range, the ROM image at $0000 0000 is removed and replaced by RAM.

So it seems it's after the first access through the true ROM address space, specifically.
Posted by: eharmon on 2024-01-19 18:53:55
Circling back here, I'm deep in futzing but I figured I'd make an update. I disassembled the Q650 ROM from my personal machine and in the loop in question I see:

00000058 : 2478 02ae      MOVEA.L  $000002ae,A2 # RomBase
0000005c : 6100 00e2      BSR      $00000140 # CheckForROMDisk
00000060 : 660c                BNE      $0000006e # FindNextROMDisk
00000062 : 7200                MOVEQ    #$00,D1
00000064 : 240a                MOVE.L   A2,D2
00000066 : 260a                MOVE.L   A2,D3
00000068 : 616a                BSR      $000000d4
0000006a : 4dfa ff82      LEA      -126(PC) {$4294967278},A6

FindNextROMDisk:
0000006e : d5fc 0001 0000 ADDA.L   #$00010000,A4 # Move to the next offset
00000074 : b5fc 00e0 0000 CMPA.L   #$00e00000,A2 # Check if we're past the end
0000007a : 65e0                BCS      $0000005c # Return to the search loop

(Note the offsets are from the start of the Open routine...ish)
(Also this disassembler totally has a bug and d5fc should be an ADDA.L to A2, not A4...funny)

So, roughly, we're searching from $000002ae to $00e00000. In other words, the whole code assumes we're still based at $0, and it'll search the first 14MiB of memory space, if I'm understanding it correctly.

So unless I'm missing something, I'm not actually sure why this code doesn't work. There's no system checks before this, and the resource is marked for all machines.
Posted by: SuperSVGA on 2024-01-19 19:58:37
That's moving the contents of memory address $2AE, so whatever value is stored in the ROMBase global variable.
Posted by: eharmon on 2024-01-19 23:36:17
That's moving the contents of memory address $2AE, so whatever value is stored in the ROMBase global variable.
Whoof, it helps not to imagine a #. I should not read code after a day of work.
< 2