Date : Fri, 19 Nov 2010 07:17:22 -0600
From : mfirth@... (Michael Firth)
Subject: BBC file formats
I was just going to post similar.
The first file is basically (removing comments):
120 *LOAD"MONST-M" 1D00
130 PAGE=&4300
140 RUN
150 END
If you then do the first two commands, you can extract the BASIC
"stub" that's at the end of the machine code:
0 REM /// Monsters /// V2
10 REM Copyright (C) Acornsoft 1982
20 MODE7:VDU23;10,32,0;0;0;:FORI%=0TO&400STEP4:I%!&7C00=I%!(PAGE+&300):NEXT
30 VDU28,11,22,30,20
40 DIMBL%8
50
ENVELOPE1,10,-1,-1,0,2,2,1,120,0,0,-120,120,120:ENVELOPE2,2,0,0,0,1,1,1,120,-120,-120,-120,120,0:ENVELOPE3,2,-1,-1,-1,255,255,255,120,0,0,-120,120,120:ENVELOPE4,3,0,0,0,1,1,1,120,-5,-5,-10,120,90
60 CHAR%=224
70 PROCDEFINE("GameOvr")
80 FORI%=&E00TO&3400STEP4:!I%=I%!&0F00:NEXT
90 CALL &E02
95 END
100 DEFPROCDEFINE(A$)
FORI%=1TOLENA$:PROCCHAR(ASC(MID$(A$,I%,1))):NEXT:ENDPROC
110 DEFPROCCHAR(C%) ?BL%=C%:X%=BL%:Y%=BL%DIV256:A%=10:CALL&FFF1
120
FORK%=1TO5STEP4:VDU23,CHAR%:FORJ%=0TO7:VDUBL%?(K%+J%DIV2):NEXT:CHAR%=CHAR%+1:NEXT:ENDPROC
The important line of this is line 80, which is a fairly standard code
re-locator loop, that moves the code that has been loaded to &1D00
down to &E00.
The next line then is a CALL to the "JMP" instruction that I decoded earlier.
That will now be jumping to &F00 further into the code though, due to
the relocation.
Hope this helps (at least no one can argue its off topic!)
Michael
Quoting James McGill <plexer@...>:
> Ah, I just realized that I was decoding the CHAIN file incorrectly.
> The correct decoding calls
>
> PAGE=&4300
>
> Which is offset &2600 bytes into the program (when loaded into &1D00),
> which is exactly where the tokenized BASIC begins. So it seems that
> there is a program within a program.
>
> On Fri, Nov 19, 2010@... PM, James McGill <plexer@...> wrote:
>> The IMG I'm trying to disassemble is available here:
>> http://www.bbcmicrogames.com/software/acornsoft/monsters.zip
>>
>> It's loaded into &1D00, so that JMP looks reasonable. What's
>> interesting is that there's clearly a small amount of tokenized BASIC
>> near the end of the file. It's possible that the machine code loads
>> and executes this - I'll keep looking into it.
>>
>> If anyone's feeling generous I'd appreciate any other pointers. I'm
>> trying to ramp up on BBC development, but obviously struggling a bit
>> :)
>>
>> Cheers,
>> James
>>
>>
>>
>> On Fri, Nov 19, 2010@... PM, Michael Firth <mfirth@...> wrote:
>>> If you assume that the first two bytes (0D FF) are a BASIC end of
>>> program marker for some reason, the rest of what you've posted is
>>> plausable assembler:
>>>
>>> JMP &1DF5
>>> LDY #&05
>>> STY &22B1
>>> LDA #&81
>>>
>>> Without having the rest of the program, its hard to know if that is
>>> what it is or not.
>>>
>>> One other key thing for any assembler code is to know what the load
>>> and exec addresses are - do you have any way of finding out those?
>>>
>>> Alternatively, if you can upload the image file somewhere I'm sure
>>> that people will be able to decode it for you.
>>>
>>> Regards
>>>
>>> Michael
>>>
>>>
>>> Quoting James McGill <plexer@...>:
>>>
>>>> I strongly suspect that this is a tokenized Basic file (especially
>>>> given that it starts with &0D), but it isn't one that I'm able to
>>>> decode. I've tried a few different programs but they all die, and I
>>>> think I know why. The first few bytes of the program are (in hex):
>>>>
>>>> 0D FF 4C F5 ?1D A0 05 8C ?B1 22 A9 81
>>>>
>>>> Which as far as I know means: (newline) (end of program) (other stuff)
>>>>
>>>> If I ignore the end of program marker and try and decode the line
>>>> anyway I get:
>>>>
>>>> "Line number: 65356
>>>> "Length: 245"
>>>> "Data: ?EVALTHENPOS"LENDIVGET$RAD"EVALOSCLI REM????"? ?"? ?`?8?
>>>> ?? L??? ? ?"
>>>>
>>>> I also tried disassembling this as if it were 6502 machine code and
>>>> the results appeared to be mostly garbage, but I haven't stared too
>>>> closely. Notably it involved chains of JMPS to out of bounds memory
>>>> locations, which suggests to me that this probably isn't machine code.
>>>>
>>>> Any thoughts? Is it possible that the program is somehow modified at
>>>> runtime so that it can be decoded correctly, or that the MONSTRS file
>>>> (used to CHAIN) loads only a subset of the original program somehow?
>>>>
>>>> Regards,
>>>> James
>>>>
>>>> On Fri, Nov 19, 2010@... AM, J.G.Harston <jgh@...> wrote:
>>>>> James McGill wrote:
>>>>>> The game I'm looking at is AcornSoft ?Monsters, and I have a copy on
>>>>>> my linux box in .IMG format (as well as a physical copy on cassette).
>>>>>> I used BBC Explorer ?to open the disk and extract two files - MONSTRS
>>>>>> and MONST-M, but now I'm not quite sure what I'm looking at. MONST-M
>>>>> ...
>>>>>> Is anyone aware of a way to disassemble or decode these files?
>>>>>
>>>>> If you can see them in BBC Explorer (or *INFO *.* when mounted by
>>>>> an emulator) it should show for load and execution addresses. BASIC
>>>>> will tend to be something like 001900/008023, FF1900/FF8023 or similar,
>>>>> or sometimes FFFBxx/xxxxxx if it's been RISC OS filestamped. Also BASIC
>>>>> files start with <cr> (&0D).
>>>>>
>>>>> The filenames suggest that MONSTRS is the file to CHAIN, and MONST-M
>>>>> is the machine code - suggested by the trailing "-M". If examining
>>>>> MONSTRS reveals a string that looks like a "*LOAD MONST-M" or
>>>>> "*RUN MONST-M" command that would confirm it.
>>>>>
>>>>> If you want to disassemble machine code, tools are available at
>>>>> http://mdfs.net/Software/Assembler/DisAssem
>>>>>
>>>>> --
>>>>> J.G.Harston - jgh@...
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> bbc-micro mailing list
>>>>> bbc-micro@...
>>>>> http://lists.cloud9.co.uk/mailman/listinfo/bbc-micro
>>>>>
>>>>
>>>> _______________________________________________
>>>> bbc-micro mailing list
>>>> bbc-micro@...
>>>> http://lists.cloud9.co.uk/mailman/listinfo/bbc-micro
>>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> bbc-micro mailing list
>>> bbc-micro@...
>>> http://lists.cloud9.co.uk/mailman/listinfo/bbc-micro
>>>
>>
>