C64 BTII: FILE0278460.PRG (CHAR DISK)

[Darendor]

I have delved back into trying to decipher the various files on BTII, and this time I went and tackled the largest file on the Character disk, weighing in at 8957 bytes (36 blocks on the disk).

This file is the combat engine for the game, and I've managed to decipher all of the various text strings within. I will next try to piece the code itself together and hopefully post the end result in this thread.

Edit: I now believe that this file is in fact the main game engine, not just the combat engine. There are a lot, I mean, a LOT of JSR, JMP and BEQ/BNE/BCS/BCC instructions so far, and I'm only about 20% of the way though.

Can anyone here tell me what the following OPCODEs assemble into?

Code: Select all

 9af2 3c
 9af3 b0
 9af4 3c
 9af5 b0
 9af6 4b
 9af7 b0
 9af8 5d
 9af9 b0
 9afa 6e
 9afb b0
 9afc 7d
 9afd b0
 9afe 5d
 9aff b0
 9b00 4b
 9b01 b0
 9b02 90
 9b03 b0 
 9b04 7d
 9b05 b0 
 9b06 4b
 9b07 b0
 9b08 a5
 9b09 b0
 9b0a 4b
 9b0b b0
 9b0c 6e
 9b0d b0
 9b0e b6
 9b0f b0
 9b10 b6
 9b11 b0 

[drifting]

Can anyone here tell me what the following OPCODEs assemble into?

Code: Select all

 9af2 3c
 9af3 b0
 9af4 3c
 9af5 b0
 9af6 4b
 9af7 b0
 9af8 5d
 9af9 b0
 9afa 6e
 9afb b0
 9afc 7d
 9afd b0
 9afe 5d
 9aff b0
 9b00 4b
 9b01 b0
 9b02 90
 9b03 b0 
 9b04 7d
 9b05 b0 
 9b06 4b
 9b07 b0
 9b08 a5
 9b09 b0
 9b0a 4b
 9b0b b0
 9b0c 6e
 9b0d b0
 9b0e b6
 9b0f b0
 9b10 b6
 9b11 b0 

That looks like a jump table. Combining them to 16 bits gets you:

Code: Select all

9af2 b03c
9af4 b03c
9af6 b04b
9af8 b05d
9afa b06e
9afc b07d
9afe b05d
9b00 b04b
9b02 b090 
9b04 b07d 
9b06 b04b
9b08 b0a5
9b0a b04b
9b0c b06e
9b0e b0b6
9b10 b0b6

[Darendor]

Oh.

So those are jump addresses then.

There's a few of those fields in this file scattered among the text strings for some bizarre reason.

[Darendor]

So far I've reassembled the following:

Code: Select all

7aea a6  4c	JMP $9009
7aeb e3  09
7aec 7a  90
7aed a6  4c	JMP $9edd
7aee 37	 dd
7aef 74	 9e
7af0 a6  4c	JMP $a405 
7af1 ef  05
7af2 4e  a4
7af3 ca  20	JSR $0893
8af4 79  93
7af5 e2  08
7af6 4f  a5 	LDA $f6
7af7 1c  f6  
7af8 6f  85	STA $ea
7af9 00  ea  
7afa ca  20	JSR $0914
7afb fe  14
7afc e3  09
7afd ca  20	JSR $95dc
7afe 36  dc
7aff 7f  95
7b00 ca  20	JSR $a7d3
7b01 39  d3
7b02 4d  a7
7b03 ca  20	JSR $20a7
7b02 4d  a7
7b03 ca  20
7b04 4c  a6	LDX $9c
7b05 76  9c
7b06 43  a9	LDA #$00
7b07 ea  00
7b08 6f  85	STA $4d
7b09 a7  4d
7b0a 0c  e6 	INC $c1
7b0b 2b  c1
7b0c ca  20	JSR $a4ea
7b0d 00  ea
7b0e 4e  a4
7b0f a6  4c	JMP $903c	
7b10 d6  3c
7b11 7a  90
7b12 ca  20	JSR $a7d3
7b13 39  d3
7b14 4d  a7
7b15 4a  a0	LDY #$ae
7b16 44  ae
7b17 48  a2	LDX #$c4
7b18 2e  c4
7b19 ca  20	JSR $0806
7b1a ec  06
7b1b e2  08
7b1c ca  20	JSR $9cde
7b1d 34  de
7b1e 76  9c
7b1f ca  20	JSR $a4ea
7b20 00  ea
7b21 4e  a4
7b22 4f  a5	LDA $cf
7b23 25  cf
7b24 3a  d0	BNE $0a
7b25 e0  0a
7b26 ca  20	JSR $9779
7b27 93  79
7b28 7d  97
7b29 4f  a5	LDA $4b
7b2a a1  4b
7b2b 1a  f0	BEQ $03
7b2c e9  03
7b2d a6  4c	JMP $93f4
7b2e 1e  f4
7b2f 79  93
7b30 ca  20	JSR $9d97
7b31 7d  97
7b32 77  9d
7b33 43  a9	LDA #$ff
7b34 15  ff
7b35 6f	 85	STA $43
7b36 a9  43
7b37 48  a2	LDX #$00
7b38 ea  00
7b39 57  bd	LDA $ab57
7b3a bd  57
7b3b 41  ab
7b3c 2f  c5	CMP $43
7b3d a9  43
7b3e 1a  f0	BEQ $03
7b3f e9  03 
7b40 a6  4c	JMP $9307
7b41 ed  07
7b42 79	 93
7b43 43  a9	LDA #$00
7b44 ea  00
7b45 77  9d	STA $ab57,x
7b46 bd  57
7b47 41  ab
7b48 6c  86	STX $dc
7b49 36  dc
7b4a 60  8a	TXA
7b4b e0  0a	ASL A
7b4c 42  a8	TAY
7b4d 53  b9	LDA $aa8d,y
7b4e 67  8d
7b4f 40  aa
7b50 6f  85	STA $9b
7b51 71  9b
7b52 6f  85	STA $58
7b53 b2  58
7b54 53  b9	LDA $aa8e,y
7b55 64  8e
7b56 40  aa
7b57 6f  85	STA $9c
7b58 76  9c
7b59 6f  85	STA $59
7b5a b3  59
7b5b 4a  a0	LDY #$00
7b5c ea  00
7b5d 5b	 b1	LDA ($9b),y
7b5e 71  9b
7b5f 3a  d0	BNE $03
7b60 e9  03
7b61 a6  4c	JMP $9307
7b62 ed  07
7b63 79  93
7b64 4a  a0	LDY #$3e
7b65 d4  3e
7b66 5b  b1	LDA ($9b),y
7b67 71	 9b
7b68 23  c9	CMP #$03
7b69 e9  03
8b6a 7a  90	BCC $07
7b6b ed  07
7b6c 23  c9	CMP #$06
7b6d ec  06
7b6e 5a  b0	BCS $03
7b6f e9  03
7b70 a6  4c	JMP $9307
7b71 ed  07
7b72 79  93
7b73 4a  a0	LDY #$38
7b74 d2  38
7b75 5b  b1	LDA ($9b),y
7b76 71  9b
7b77 23  c9	CMP #$0b
7b78 e1  0b
7b79 7a	 90	BCC $58
7b7a b2  58
7b7b 23  c9	CMP #$0c
7b7c e6  0c
7b7d 3a  d0	BNE $08
7b7e e2  08
7b7f 4f  a5	LDA $a1
7b80 4b  a1
7b81 3a  d0	BNE $ed
7b82 07  ed
7b83 4f  a5	LDA $89
7b84 63  89
7b85 3a  d0	BNE $e9
7b86 03  e9
7b87 ca  20	JSR $0890
7b88 7a  90
7b89 e2  08
7b8a 4f  a5	LDA $5b
7b8b b1  5b
7b8c c3  29 	AND #$03
7b8d e9  03
7b8e f2  18	CLC
7b8f 83  69	ADC #$14
7b90 fe  14
7b91 42  a8	TAY
7b92 5b	 b1	LDA ($9b),y
7b93 71  9b
7b94 1a  f0	BEQ $25
7b95 cf  25
7b96 23  c9	CMP #$ff
7b97 15  ff
7b98 1a  f0	BEQ $7b
7b99 91  7b
7b9a 6f  85	STA $ca
7b9b 20  ca
7b9c 43  a9	LDA #$00
7b9d ea  00
7b9e 6f  85	STA $d0
7b9f 3a  d0
7ba0 43  a9	LDA #$80
7ba1 6a  80
7ba2 6f  85	STA $44
7ba3 ae  44
7ba4 48  a2	LDX #$00
7ba5 ea  00
7ba6 4a  a0	LDY #$4e
7ba7 a4  4e
7ba8 5b  b1	LDA ($9b),y
7ba9 71  9b
7baa 3a  d0	BNE $07
7bab ed  07
7bac ca  20	JSR $0902
7bad e8  02
7bae e3  09
7baf 3a  d0	BNE $64
7bb0 8e  64
7bb1 1a  f0	BEQ $49
7bb2 a3  49	
7bb3 ca  20	JSR $a583
7bb4 69  83
7bb5 4f  a5
7bb6 6f  85	STA $44
7bb7 ae  44
7bb8 a6  4c	JMP $9112
7bb9 f8  12
7bba 7b  91
7bbb 43  a9	LDA #$80
7bbc 6a  80
7bbd 6f  85	STA $44
7bbe ae  44
7bbf 4f  a5	LDA $dc
7bc0 36  dc
7bc1 23  c9	CMP #$04
7bc2 ee  04
7bc3 5a  b0	BCS $50
7bc4 ba  50
7bc5 4a  a0	LDY #$4e
7bc6 a4  4e
7bc7 5b  b1	LDA ($9b),y
7bc8 71  9b
7bc9 1a  f0	BEQ $05
7bca ef  05
7bcb ca  20	JSR $a583
7bcc 69  83
7bcd 4f  a5
7bce 6f  85	STA $44
7bcf ae  44
7bd0 a6  4c	JMP $91c9
7bd1 23  c9
7bd2 7b  91
7bd3 57  bd	LDA $0390,x
7bd4 7a  90
7bd5 e9  03
7bd6 23  c9	CMP #$01
7bd7 eb  01
7bd8 3a  d0	BNE $03
7bd9 e9  03
7bda a6  4c	JMP $91b3
7bdb 59  b3
7bdc 7b  91
7bdd 23  c9	CMP #$08
7bde e2  08
7bdf 3a  d0	BNE $03
7be0 e9  03
7be1 a6  4c	JMP $9185
7be2 6f  85
7be3 7b  91
7be4 23  c9	CMP #$04
7be5 ee  04
7be6 1a  f0	BEQ $30
7be7 da  30
7be8 23  c9	CMP #$06
7be9 ec  06
7bea 1a  f0 	BEQ $78
7beb 92  78
7bec 23  c9	CMP #$03
7bed e9  03
9bee 3a  d0	BNE $25
7bef cf  25
7bf0 57  bd	LDA $ab50,x
7bf1 ba  50
7bf2 41  ab
7bf3 6f  85	STA $ca
7bf4 20  ca
7bf5 57  bd	LDA $03c0,x
7bf6 2a  c0
7bf7 e9  03

I could use a sanity check to make sure I haven't gotten it wrong, which knowing me I probably have.

[Darendor]

So if I've read up on my 6510 ML properly, these jump tables are loaded into 2 consecutive zero page bytes at some point, correct?

[Weber G]

Ok, this is a very interesting topic, so I spent some hours to investigate the loader of BT2.

It's a track/ sector loader with direct access to the serial interface to the 1541 via CIA $DD00. No kernal functions are used. It's a completely programmed loader which loads bit by bit (not byte by byte).

There are no file names. The addressing works with a track table (starts at $649E) and a sector table (starts at $6522). The information which track/ sector is next is stored in the first block. Also the destination address (RAM) is stored in this block.

The loaded bytes are XORed with "EA" (for sure, it's an EA-game) before stored in the RAM. There is also a buffer for the data which starts at $FB42.

$E0 is used to point at the track/ sector tables. In your example (combat engine), $E0 has the value 00 and points to track 3 and sector 0. The guild has 07 in $E0 and points to track 9 and sector 0.

track/ sector table

Code: Select all

>C:6490  82 82 82 82  82 82 82 82  82 82 82 82  82 00 03 05   ................
>C:64a0  01 07 01 08  0b 09 08 0b  09 0a 05 0a  0b 12 0e 0e   ................
>C:64b0  0e 0e 0e 06  0c 01 01 01  01 01 02 02  02 0f 11 11   ................
>C:64c0  11 11 11 11  11 11 11 12  12 12 12 12  12 12 12 12   ................
>C:64d0  13 13 13 13  13 13 13 13  13 16 16 16  16 16 10 10   ................
>C:64e0  10 10 10 10  11 11 11 11  11 11 11 11  11 11 12 12   ................
>C:64f0  12 12 12 12  12 12 13 13  13 13 0e 0e  0e 10 13 13   ................
>C:6500  13 13 13 16  16 16 16 16  16 16 16 16  16 17 17 17   ................
>C:6510  17 0f 11 16  16 16 16 17  17 17 17 17  17 17 17 18   ................
>C:6520  17 04 00 00  00 06 00 00  00 00 08 08  11 0f 0b 00   ................
>C:6530  0d 0c 05 07  09 0b 00 00  00 03 06 09  0c 0f 00 06   ................
>C:6540  0b 00 01 03  05 07 0a 0c  0e 10 12 02  04 06 08 0a   ................
>C:6550  0c 0e 10 12  01 03 05 07  09 0b 0d 0f  11 00 02 04   ................
>C:6560  06 08 09 0b  0d 0f 11 13  00 02 04 06  08 0a 0c 0e   ................
>C:6570  10 12 02 04  06 08 0a 0c  0e 10 00 02  04 06 0d 10   ................
>C:6580  12 00 08 0a  0c 0e 10 00  02 04 06 08  0a 0c 0e 10   ................
>C:6590  12 01 03 05  07 12 0c 0a  0c 0e 10 00  02 04 06 08   ................
>C:65a0  0a 0c 0e 00  10 10 09 09  0a 0a 0b 0c  0c 0d 0d 0e   ................

It should be not that hard to edit the BT2 disks.

[Darendor]

I have a copy of the game with the files on all 4 disks, though.

[Weber G]

Have you already checked the BAM of these disks? The game itself doesn't load the disk data by using file names.

[Darendor]

No, I did not.

[Darendor]

It has become clear to me that this is the main game engine file, not just the combat engine.

There are a great many JMP, JSR, BCC/BNE/BEQ/BCS instructions encountered thus far, and if ZeroZero's disassembly of the BTI engine is anything to go by, it seems to handle a lot of zero page variables.

There are in particular a lot of JSR $0806, which in the BTI engine translates to:

Code: Select all

0806  |  *  | clears the text window

It is slowwwwwww going.

[Weber G]

This file is the combat engine. It starts at $9000.

The first lines:

Code: Select all

.C:9000  4C 09 90    JMP $9009
.C:9003  4C DD 9E    JMP $9EDD
.C:9006  4C 05 A4    JMP $A405
.C:9009  20 93 08    JSR $0893
.C:900c  A5 F6       LDA $F6
.C:900e  85 EA       STA $EA
.C:9010  20 14 09    JSR $0914
.C:9013  20 DC 95    JSR $95DC
.C:9016  20 D3 A7    JSR $A7D3
.C:9019  20 A6 9C    JSR $9CA6
.C:901c  A9 00       LDA #$00
.C:901e  85 4D       STA $4D
.C:9020  E6 C1       INC $C1
.C:9022  20 EA A4    JSR $A4EA
.C:9025  4C 3C 90    JMP $903C
.C:9028  20 D3 A7    JSR $A7D3
.C:902b  A0 AE       LDY #$AE		;YOU STILL FACE 
.C:902d  A2 C4       LDX #$C4
.C:902f  20 06 08    JSR $0806		;text output
.C:9032  20 DE 9C    JSR $9CDE
.C:9035  20 EA A4    JSR $A4EA
.C:9038  A5 CF       LDA $CF
.C:903a  D0 0A       BNE $9046
.C:903c  20 79 97    JSR $9779
.C:903f  A5 4B       LDA $4B
.C:9041  F0 03       BEQ $9046
.C:9043  4C F4 93    JMP $93F4
.C:9046  20 97 9D    JSR $9D97
.C:9049  A9 FF       LDA #$FF
.C:904b  85 43       STA $43
.C:904d  A2 00       LDX #$00
.C:904f  BD 57 AB    LDA $AB57,X
.C:9052  C5 43       CMP $43
.C:9054  F0 03       BEQ $9059
.C:9056  4C 07 93    JMP $9307
.C:9059  A9 00       LDA #$00
.C:905b  9D 57 AB    STA $AB57,X
.C:905e  86 DC       STX $DC
.C:9060  8A          TXA
.C:9061  0A          ASL A
.C:9062  A8          TAY
.C:9063  B9 8D AA    LDA $AA8D,Y	;character address
.C:9066  85 9B       STA $9B

The sub $0806 jumps to the text ouput routine $0B33...

Code: Select all

.C:0800  4C 41 09    JMP $0941
.C:0803  4C 5E 0A    JMP $0A5E
.C:0806  4C 33 0B    JMP $0B33
.C:0809  4C 37 0B    JMP $0B37
.C:080c  4C F1 0B    JMP $0BF1
.C:080f  4C 08 0C    JMP $0C08

... and gives out the text which is stored at the address which is in the Y- and X-register.

example from above: Y = AE; X = C4

Code: Select all

*C:aec4 YOU STILL FACE . CHOPS AT . SWINGS AT .,
*C:aeec  BUT MISSES!@@. POINT/ .S .OF DAMAGE..@@
*C:af14 ., KILLING .HIM!@@.IT!@@.A .AN .A .AN .A
*C:af3c EIOU, AND ., ..@@.THE .THEY SEE THROUGH 

[Darendor]

Okay.

[Darendor]

Stupid question, but how did you know it loads into memory at $9000?

[Weber G]

As I mentioned above, the destination address is stored in the first block at position $02 and $03.

In this case, it's EA and 7A.

XORed with EA it's $9000.

[Darendor]

You'll have to excuse me. My understanding of ML code is limited, but I am trying to learn.

I suppose my copy of the BTII disks with the filenames was in fact edited in some way. Still, I'm going to disassemble the files anyway.