Page 1 of 3
C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Mon Jan 04, 2021 11:58 am
by Darendor
I have delved back into trying to decipher the various files on BTII, and this time I went and tackled the largest file on the Character disk, weighing in at 8957 bytes (36 blocks on the disk).
This file is the combat engine for the game, and I've managed to decipher all of the various text strings within. I will next try to piece the code itself together and hopefully post the end result in this thread.
Edit: I now believe that this file is in fact the main game engine, not just the combat engine. There are a lot, I mean, a LOT of JSR, JMP and BEQ/BNE/BCS/BCC instructions so far, and I'm only about 20% of the way though.
Can anyone here tell me what the following OPCODEs assemble into?
Code: Select all
9af2 3c
9af3 b0
9af4 3c
9af5 b0
9af6 4b
9af7 b0
9af8 5d
9af9 b0
9afa 6e
9afb b0
9afc 7d
9afd b0
9afe 5d
9aff b0
9b00 4b
9b01 b0
9b02 90
9b03 b0
9b04 7d
9b05 b0
9b06 4b
9b07 b0
9b08 a5
9b09 b0
9b0a 4b
9b0b b0
9b0c 6e
9b0d b0
9b0e b6
9b0f b0
9b10 b6
9b11 b0
Re: C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Mon Jan 04, 2021 6:35 pm
by drifting
Darendor wrote: ↑Mon Jan 04, 2021 11:58 am
Can anyone here tell me what the following OPCODEs assemble into?
Code: Select all
9af2 3c
9af3 b0
9af4 3c
9af5 b0
9af6 4b
9af7 b0
9af8 5d
9af9 b0
9afa 6e
9afb b0
9afc 7d
9afd b0
9afe 5d
9aff b0
9b00 4b
9b01 b0
9b02 90
9b03 b0
9b04 7d
9b05 b0
9b06 4b
9b07 b0
9b08 a5
9b09 b0
9b0a 4b
9b0b b0
9b0c 6e
9b0d b0
9b0e b6
9b0f b0
9b10 b6
9b11 b0
That looks like a jump table. Combining them to 16 bits gets you:
Code: Select all
9af2 b03c
9af4 b03c
9af6 b04b
9af8 b05d
9afa b06e
9afc b07d
9afe b05d
9b00 b04b
9b02 b090
9b04 b07d
9b06 b04b
9b08 b0a5
9b0a b04b
9b0c b06e
9b0e b0b6
9b10 b0b6
Re: C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Mon Jan 04, 2021 11:36 pm
by Darendor
Oh.
So those are jump addresses then.
There's a few of those fields in this file scattered among the text strings for some bizarre reason.
Re: C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Mon Jan 04, 2021 11:54 pm
by Darendor
So far I've reassembled the following:
Code: Select all
7aea a6 4c JMP $9009
7aeb e3 09
7aec 7a 90
7aed a6 4c JMP $9edd
7aee 37 dd
7aef 74 9e
7af0 a6 4c JMP $a405
7af1 ef 05
7af2 4e a4
7af3 ca 20 JSR $0893
8af4 79 93
7af5 e2 08
7af6 4f a5 LDA $f6
7af7 1c f6
7af8 6f 85 STA $ea
7af9 00 ea
7afa ca 20 JSR $0914
7afb fe 14
7afc e3 09
7afd ca 20 JSR $95dc
7afe 36 dc
7aff 7f 95
7b00 ca 20 JSR $a7d3
7b01 39 d3
7b02 4d a7
7b03 ca 20 JSR $20a7
7b02 4d a7
7b03 ca 20
7b04 4c a6 LDX $9c
7b05 76 9c
7b06 43 a9 LDA #$00
7b07 ea 00
7b08 6f 85 STA $4d
7b09 a7 4d
7b0a 0c e6 INC $c1
7b0b 2b c1
7b0c ca 20 JSR $a4ea
7b0d 00 ea
7b0e 4e a4
7b0f a6 4c JMP $903c
7b10 d6 3c
7b11 7a 90
7b12 ca 20 JSR $a7d3
7b13 39 d3
7b14 4d a7
7b15 4a a0 LDY #$ae
7b16 44 ae
7b17 48 a2 LDX #$c4
7b18 2e c4
7b19 ca 20 JSR $0806
7b1a ec 06
7b1b e2 08
7b1c ca 20 JSR $9cde
7b1d 34 de
7b1e 76 9c
7b1f ca 20 JSR $a4ea
7b20 00 ea
7b21 4e a4
7b22 4f a5 LDA $cf
7b23 25 cf
7b24 3a d0 BNE $0a
7b25 e0 0a
7b26 ca 20 JSR $9779
7b27 93 79
7b28 7d 97
7b29 4f a5 LDA $4b
7b2a a1 4b
7b2b 1a f0 BEQ $03
7b2c e9 03
7b2d a6 4c JMP $93f4
7b2e 1e f4
7b2f 79 93
7b30 ca 20 JSR $9d97
7b31 7d 97
7b32 77 9d
7b33 43 a9 LDA #$ff
7b34 15 ff
7b35 6f 85 STA $43
7b36 a9 43
7b37 48 a2 LDX #$00
7b38 ea 00
7b39 57 bd LDA $ab57
7b3a bd 57
7b3b 41 ab
7b3c 2f c5 CMP $43
7b3d a9 43
7b3e 1a f0 BEQ $03
7b3f e9 03
7b40 a6 4c JMP $9307
7b41 ed 07
7b42 79 93
7b43 43 a9 LDA #$00
7b44 ea 00
7b45 77 9d STA $ab57,x
7b46 bd 57
7b47 41 ab
7b48 6c 86 STX $dc
7b49 36 dc
7b4a 60 8a TXA
7b4b e0 0a ASL A
7b4c 42 a8 TAY
7b4d 53 b9 LDA $aa8d,y
7b4e 67 8d
7b4f 40 aa
7b50 6f 85 STA $9b
7b51 71 9b
7b52 6f 85 STA $58
7b53 b2 58
7b54 53 b9 LDA $aa8e,y
7b55 64 8e
7b56 40 aa
7b57 6f 85 STA $9c
7b58 76 9c
7b59 6f 85 STA $59
7b5a b3 59
7b5b 4a a0 LDY #$00
7b5c ea 00
7b5d 5b b1 LDA ($9b),y
7b5e 71 9b
7b5f 3a d0 BNE $03
7b60 e9 03
7b61 a6 4c JMP $9307
7b62 ed 07
7b63 79 93
7b64 4a a0 LDY #$3e
7b65 d4 3e
7b66 5b b1 LDA ($9b),y
7b67 71 9b
7b68 23 c9 CMP #$03
7b69 e9 03
8b6a 7a 90 BCC $07
7b6b ed 07
7b6c 23 c9 CMP #$06
7b6d ec 06
7b6e 5a b0 BCS $03
7b6f e9 03
7b70 a6 4c JMP $9307
7b71 ed 07
7b72 79 93
7b73 4a a0 LDY #$38
7b74 d2 38
7b75 5b b1 LDA ($9b),y
7b76 71 9b
7b77 23 c9 CMP #$0b
7b78 e1 0b
7b79 7a 90 BCC $58
7b7a b2 58
7b7b 23 c9 CMP #$0c
7b7c e6 0c
7b7d 3a d0 BNE $08
7b7e e2 08
7b7f 4f a5 LDA $a1
7b80 4b a1
7b81 3a d0 BNE $ed
7b82 07 ed
7b83 4f a5 LDA $89
7b84 63 89
7b85 3a d0 BNE $e9
7b86 03 e9
7b87 ca 20 JSR $0890
7b88 7a 90
7b89 e2 08
7b8a 4f a5 LDA $5b
7b8b b1 5b
7b8c c3 29 AND #$03
7b8d e9 03
7b8e f2 18 CLC
7b8f 83 69 ADC #$14
7b90 fe 14
7b91 42 a8 TAY
7b92 5b b1 LDA ($9b),y
7b93 71 9b
7b94 1a f0 BEQ $25
7b95 cf 25
7b96 23 c9 CMP #$ff
7b97 15 ff
7b98 1a f0 BEQ $7b
7b99 91 7b
7b9a 6f 85 STA $ca
7b9b 20 ca
7b9c 43 a9 LDA #$00
7b9d ea 00
7b9e 6f 85 STA $d0
7b9f 3a d0
7ba0 43 a9 LDA #$80
7ba1 6a 80
7ba2 6f 85 STA $44
7ba3 ae 44
7ba4 48 a2 LDX #$00
7ba5 ea 00
7ba6 4a a0 LDY #$4e
7ba7 a4 4e
7ba8 5b b1 LDA ($9b),y
7ba9 71 9b
7baa 3a d0 BNE $07
7bab ed 07
7bac ca 20 JSR $0902
7bad e8 02
7bae e3 09
7baf 3a d0 BNE $64
7bb0 8e 64
7bb1 1a f0 BEQ $49
7bb2 a3 49
7bb3 ca 20 JSR $a583
7bb4 69 83
7bb5 4f a5
7bb6 6f 85 STA $44
7bb7 ae 44
7bb8 a6 4c JMP $9112
7bb9 f8 12
7bba 7b 91
7bbb 43 a9 LDA #$80
7bbc 6a 80
7bbd 6f 85 STA $44
7bbe ae 44
7bbf 4f a5 LDA $dc
7bc0 36 dc
7bc1 23 c9 CMP #$04
7bc2 ee 04
7bc3 5a b0 BCS $50
7bc4 ba 50
7bc5 4a a0 LDY #$4e
7bc6 a4 4e
7bc7 5b b1 LDA ($9b),y
7bc8 71 9b
7bc9 1a f0 BEQ $05
7bca ef 05
7bcb ca 20 JSR $a583
7bcc 69 83
7bcd 4f a5
7bce 6f 85 STA $44
7bcf ae 44
7bd0 a6 4c JMP $91c9
7bd1 23 c9
7bd2 7b 91
7bd3 57 bd LDA $0390,x
7bd4 7a 90
7bd5 e9 03
7bd6 23 c9 CMP #$01
7bd7 eb 01
7bd8 3a d0 BNE $03
7bd9 e9 03
7bda a6 4c JMP $91b3
7bdb 59 b3
7bdc 7b 91
7bdd 23 c9 CMP #$08
7bde e2 08
7bdf 3a d0 BNE $03
7be0 e9 03
7be1 a6 4c JMP $9185
7be2 6f 85
7be3 7b 91
7be4 23 c9 CMP #$04
7be5 ee 04
7be6 1a f0 BEQ $30
7be7 da 30
7be8 23 c9 CMP #$06
7be9 ec 06
7bea 1a f0 BEQ $78
7beb 92 78
7bec 23 c9 CMP #$03
7bed e9 03
9bee 3a d0 BNE $25
7bef cf 25
7bf0 57 bd LDA $ab50,x
7bf1 ba 50
7bf2 41 ab
7bf3 6f 85 STA $ca
7bf4 20 ca
7bf5 57 bd LDA $03c0,x
7bf6 2a c0
7bf7 e9 03
I could use a sanity check to make sure I haven't gotten it wrong, which knowing me I probably have.
Re: C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Tue Jan 05, 2021 11:48 am
by Darendor
So if I've read up on my 6510 ML properly, these jump tables are loaded into 2 consecutive zero page bytes at some point, correct?
Re: C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Tue Jan 05, 2021 2:52 pm
by Weber G
Ok, this is a very interesting topic, so I spent some hours to investigate the loader of BT2.
It's a track/ sector loader with direct access to the serial interface to the 1541 via CIA $DD00. No kernal functions are used. It's a completely programmed loader which loads bit by bit (not byte by byte).
There are no file names. The addressing works with a track table (starts at $649E) and a sector table (starts at $6522). The information which track/ sector is next is stored in the first block. Also the destination address (RAM) is stored in this block.
The loaded bytes are XORed with "EA" (for sure, it's an EA-game) before stored in the RAM. There is also a buffer for the data which starts at $FB42.
$E0 is used to point at the track/ sector tables. In your example (combat engine), $E0 has the value 00 and points to track 3 and sector 0. The guild has 07 in $E0 and points to track 9 and sector 0.
track/ sector table
Code: Select all
>C:6490 82 82 82 82 82 82 82 82 82 82 82 82 82 00 03 05 ................
>C:64a0 01 07 01 08 0b 09 08 0b 09 0a 05 0a 0b 12 0e 0e ................
>C:64b0 0e 0e 0e 06 0c 01 01 01 01 01 02 02 02 0f 11 11 ................
>C:64c0 11 11 11 11 11 11 11 12 12 12 12 12 12 12 12 12 ................
>C:64d0 13 13 13 13 13 13 13 13 13 16 16 16 16 16 10 10 ................
>C:64e0 10 10 10 10 11 11 11 11 11 11 11 11 11 11 12 12 ................
>C:64f0 12 12 12 12 12 12 13 13 13 13 0e 0e 0e 10 13 13 ................
>C:6500 13 13 13 16 16 16 16 16 16 16 16 16 16 17 17 17 ................
>C:6510 17 0f 11 16 16 16 16 17 17 17 17 17 17 17 17 18 ................
>C:6520 17 04 00 00 00 06 00 00 00 00 08 08 11 0f 0b 00 ................
>C:6530 0d 0c 05 07 09 0b 00 00 00 03 06 09 0c 0f 00 06 ................
>C:6540 0b 00 01 03 05 07 0a 0c 0e 10 12 02 04 06 08 0a ................
>C:6550 0c 0e 10 12 01 03 05 07 09 0b 0d 0f 11 00 02 04 ................
>C:6560 06 08 09 0b 0d 0f 11 13 00 02 04 06 08 0a 0c 0e ................
>C:6570 10 12 02 04 06 08 0a 0c 0e 10 00 02 04 06 0d 10 ................
>C:6580 12 00 08 0a 0c 0e 10 00 02 04 06 08 0a 0c 0e 10 ................
>C:6590 12 01 03 05 07 12 0c 0a 0c 0e 10 00 02 04 06 08 ................
>C:65a0 0a 0c 0e 00 10 10 09 09 0a 0a 0b 0c 0c 0d 0d 0e ................
It should be not that hard to edit the BT2 disks.
Re: C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Tue Jan 05, 2021 3:43 pm
by Darendor
I have a copy of the game with the files on all 4 disks, though.
Re: C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Tue Jan 05, 2021 4:08 pm
by Weber G
Have you already checked the BAM of these disks? The game itself doesn't load the disk data by using file names.
Re: C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Tue Jan 05, 2021 4:39 pm
by Darendor
No, I did not.
Re: C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Wed Jan 06, 2021 9:26 am
by Darendor
It has become clear to me that this is the main game engine file, not just the combat engine.
There are a great many JMP, JSR, BCC/BNE/BEQ/BCS instructions encountered thus far, and if ZeroZero's disassembly of the BTI engine is anything to go by, it seems to handle a lot of zero page variables.
There are in particular a lot of JSR $0806, which in the BTI engine translates to:
It is slowwwwwww going.
Re: C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Wed Jan 06, 2021 3:54 pm
by Weber G
This file is the combat engine. It starts at $9000.
The first lines:
Code: Select all
.C:9000 4C 09 90 JMP $9009
.C:9003 4C DD 9E JMP $9EDD
.C:9006 4C 05 A4 JMP $A405
.C:9009 20 93 08 JSR $0893
.C:900c A5 F6 LDA $F6
.C:900e 85 EA STA $EA
.C:9010 20 14 09 JSR $0914
.C:9013 20 DC 95 JSR $95DC
.C:9016 20 D3 A7 JSR $A7D3
.C:9019 20 A6 9C JSR $9CA6
.C:901c A9 00 LDA #$00
.C:901e 85 4D STA $4D
.C:9020 E6 C1 INC $C1
.C:9022 20 EA A4 JSR $A4EA
.C:9025 4C 3C 90 JMP $903C
.C:9028 20 D3 A7 JSR $A7D3
.C:902b A0 AE LDY #$AE ;YOU STILL FACE
.C:902d A2 C4 LDX #$C4
.C:902f 20 06 08 JSR $0806 ;text output
.C:9032 20 DE 9C JSR $9CDE
.C:9035 20 EA A4 JSR $A4EA
.C:9038 A5 CF LDA $CF
.C:903a D0 0A BNE $9046
.C:903c 20 79 97 JSR $9779
.C:903f A5 4B LDA $4B
.C:9041 F0 03 BEQ $9046
.C:9043 4C F4 93 JMP $93F4
.C:9046 20 97 9D JSR $9D97
.C:9049 A9 FF LDA #$FF
.C:904b 85 43 STA $43
.C:904d A2 00 LDX #$00
.C:904f BD 57 AB LDA $AB57,X
.C:9052 C5 43 CMP $43
.C:9054 F0 03 BEQ $9059
.C:9056 4C 07 93 JMP $9307
.C:9059 A9 00 LDA #$00
.C:905b 9D 57 AB STA $AB57,X
.C:905e 86 DC STX $DC
.C:9060 8A TXA
.C:9061 0A ASL A
.C:9062 A8 TAY
.C:9063 B9 8D AA LDA $AA8D,Y ;character address
.C:9066 85 9B STA $9B
The sub $0806 jumps to the text ouput routine $0B33...
Code: Select all
.C:0800 4C 41 09 JMP $0941
.C:0803 4C 5E 0A JMP $0A5E
.C:0806 4C 33 0B JMP $0B33
.C:0809 4C 37 0B JMP $0B37
.C:080c 4C F1 0B JMP $0BF1
.C:080f 4C 08 0C JMP $0C08
... and gives out the text which is stored at the address which is in the Y- and X-register.
example from above: Y = AE; X = C4
Code: Select all
*C:aec4 YOU STILL FACE . CHOPS AT . SWINGS AT .,
*C:aeec BUT MISSES!@@. POINT/ .S .OF DAMAGE..@@
*C:af14 ., KILLING .HIM!@@.IT!@@.A .AN .A .AN .A
*C:af3c EIOU, AND ., ..@@.THE .THEY SEE THROUGH
Re: C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Wed Jan 06, 2021 5:10 pm
by Darendor
Okay.
Re: C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Wed Jan 06, 2021 5:10 pm
by Darendor
Stupid question, but how did you know it loads into memory at $9000?
Re: C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Wed Jan 06, 2021 5:20 pm
by Weber G
As I mentioned above, the destination address is stored in the first block at position $02 and $03.
In this case, it's EA and 7A.
XORed with EA it's $9000.
Re: C64 BTII: FILE0278460.PRG (CHAR DISK)
Posted: Wed Jan 06, 2021 9:02 pm
by Darendor
You'll have to excuse me. My understanding of ML code is limited, but I am trying to learn.
I suppose my copy of the BTII disks with the filenames was in fact edited in some way. Still, I'm going to disassemble the files anyway.