Previous | Next
| From: Crown (all posts)
Date: 1998-06-03
Subject: $ff1a/$ff1b
|
Hi there,
I've just done some measures regarding $ff1a/$ff1b and $ff1f.
$ff1a-$ff1b is being cleared to zero in line $137 between cycle $c0
and $c2 (That means that it has the new values in the second cycle,
and the old values in the first).
It increments in lines where VertSub counter (bit 0-2 of $ff1f equals 7). This happens between cycle $92 $96.
The clear can be skipped, as nothing other happens in line $137,
the safest method is to wait for line $136, and write $1FE into $ff1c-$ff1d.
This register pair is used -as we already discussed- in bitmap modes for generating the bitmap address. Also in character mode, the cursor is being compared to this registers, so you can move the cursor with this regs also.
Now $ff1f. Bit 0-2 called VertSub counter, this gives the currently displayed line inside a char. It's set to 7 in line 0 between cycle $C8 and $CA. It's increment mechanism is a bit odd.
Cycle : $C4 $C6 $C8
read value 0 0 1 Inc from 0 to 1
1 0 2 Inc from 1 to 2
2 2 3 Inc from 2 to 3
3 0 4 Inc from 3 to 4
4 4 5 Inc from 4 to 5
5 4 6 Inc from 5 to 6
6 6 7 Inc from 6 to 7
7 0 0 Inc from 7 to 0
I do not have any idea why this could happen.
Also in $ff1f we find the blink counter at bit 3-6.
This increments in line $CD between cycle $AE and $B0.
I also discovered a very interesting thing. It seems, that it is possible to force the TED and the CPU to access memory in the very same cycle! I do not have all the details yet, but I guess the address which got acessed is the and-ed value between the CPU and the TED addresses.
I hope nobody used this feature, for example to write a defender packer, as this would not be an easy one to emulate. Actually this would be a really big challenge to crack also.
Tibor Biczo / Crown of GOTU
|
| |
Copyright © Plus/4 World Team, 2001-2024 |
