Date : Tue, 13 Sep 1994 12:37:51 WET DST
From : Bonfield James <jkb@...>
Subject: Icky 6502 operations
CHris Lam writes:
>on a more technical note, a 6502 emulator should strictly check all
>absolute addresses to see if they fall on paged I/O. in Frak! i've seen
>
> BIT &FE68
> BIT &70
>
>i.e. the BIT &FE68 serves purely to access &FE68 and so reset the T2
>interrupt flag in the user VIA.
Actually, things can get even more complicated. Reads from incorrect memory
locations can occur during certain operations. Consider the case:
LDX #&80
LDA &FEE8,X
This should access location &FF68, which is in ROM - so no extra hardware
accesses. However before accessing FF68 it will also access FE68 and hence
clear the IFR bit.
INC instructions are even worse.
The general operation of an INC abs can be considered as:
read abs into tmp
write tmp to abs
inc tmp
write tmp to abs
In the CMOS chips this changes to (I think);
read abs into tmp
read abs into tmp
inc tmp
write tmp to abs
Even more grotesque, the T2 IFR bit could be cleared in the following manner.
write to FE66 and FE67 a "BNE &FE02". And set DDRB (FE02) to &60.
No clear zero flag and jump to FE66. This will read bytes from FE66, FE67 (the
BNE instruction) _and_ FE68 before performing the branch and RTS instruction.
Are there any games out there that require these internal 'address fixes' to
work? It'd slow down emulation considerably to be this accurate. I can't see
anyone ever needing this techniques except for obfuscation ("obfsucation rules
OK") purposes.
James B.
PS. Appologies to James Fidell regarding the 6522 and 6502 data sheets. I lost
them (and my NAUG) in my car for a week - found again now! Several people have
asked me about them so I'll probably find it easiest to type up the extra
information in them that's not listed in the NAUG.