Posted By
Gaia
on 2012-07-21
08:00:28
|  Re: Mr Puniverse Cheat
@Sixteen Plus: I am trying to fix that soon (as I recall Tom does some FF1D writes and hence the "default" frame rate gets lower. So if one assumes that frames will come at a fixed rate (which you shouldn't actually, on the plus/4  ) then it may get disaligned (or you get clicks in the audio, or whatever).
Anyway I looked a little into the problem and it seems that when the standard IRQ handler aims to read the stack (basically recovering the status register prior to the IRQ occured) it goes out of bound and finds a value of $3A at $0201. Then since bit #4 is 1 it assumes that this was a BREAK command and jumps to ($0316) -> $F44C instead of ($0314) -> $CE0E. Now the question is, why could that happen.
If you do a "B F44C" in the monitor and when it hits in at 3:52, you set >0201 2A and G CE0E in the external monitor it will not crash (immediately :) ). But it's just a workaround for now.
Here's the trace dump:
. 1D49 DEX
. 1D4A CPX #$FF
. 1D4C BNE $1D41
. 1D41 PLA ; IRQ happens here...!
. FCB3 PHA
. FCB4 TXA
. FCB5 PHA
. FCB6 TYA
. FCB7 PHA
. FCB8 STA $FDD0
. FCBB JMP $CE00
. CE00 TSX ; X = #$FD here
. CE01 LDA $0104,X ; so we are reading from $0201 here, which is not the stack!
. CE04 AND #$10 ; $0201 contains #$3A so this will assume B flag having been set in the status register
. CE06 BNE $CE0B
. CE0B JMP ($0316) ; BRK routine
. F44C CLD ; crash....
. F44D LDX #$05
|
