Shamus

The below is from an atari800 debugging session…

The display list:

> dlist

35B8: 8 BLANK
35B9: DLI 8 BLANK
35BA: 8 BLANK
35BB: LMS 0800 MODE 4
35BE: 20x MODE 4
35D2: DLI MODE 4
35D3: DLI LMS 0B70 MODE 6
35D6: MODE 6
35D7: JVB 35B8

The display list isn’t modified, so knowing where it started I could save the screen data:

> write 800 bff shamus.dat

How about the character set? It’s here:

> m 2f4
02F4: E0 00 00 00 00 00 80 00 FF 00 00 00 00 00 00 00  ................

But it appears to be using the rom char set. Must be reset in the DLI:

> m 200
0200: 79 29 02 08 00 00 07 00 24 40 06 0C 0B EA CC 77  y)......$@.....w

> d 2979
2979: 48        PHA
297A: AD 0B D4  LDA $D40B   ;VCOUNT
297D: C9 28     CMP #$28
297F: 90 D8     BCC $2959
2981: 8D CF 02  STA $02CF   ;GBYTEA
2984: CD D0 02  CMP $02D0   ;GBYTEA+1
2987: 90 12     BCC $299B
2989: A9 E0     LDA #$E0
298B: 8D 09 D4  STA $D409   ;CHBASE
298E: A9 E8     LDA #$E8
2990: 8D 16 D0  STA $D016   ;COLPF0
2993: AD CF 02  LDA $02CF   ;GBYTEA
2996: 8D D0 02  STA $02D0   ;GBYTEA+1
2999: 68        PLA
299A: 40        RTI
299B: AD 4E 02  LDA $024E
299E: 8D 16 D0  STA $D016   ;COLPF0
29A1: AD 4F 02  LDA $024F
29A4: 8D 17 D0  STA $D017   ;COLPF1
29A7: AD 50 02  LDA $0250
29AA: 8D 18 D0  STA $D018   ;COLPF2
29AD: AD 51 02  LDA $0251
29B0: 8D 19 D0  STA $D019   ;COLPF3
29B3: AD CF 02  LDA $02CF   ;GBYTEA
29B6: 8D D0 02  STA $02D0   ;GBYTEA+1
29B9: 68        PLA
29BA: 40        RTI

Hmmm, nope. Changes it back to the default character set at $E000, but doesn’t reset it to the custom character set. Maybe the Vblank? Let’s check:

> m 222
0222: 23 00 00 0B 14 5F 19 07 07 01 00 00 7A 7A C7 BB  #...._......zz..

says the VBI is at $0b00??? That’s in the middle of the graphics ram… Hmmm. Probably not self-modifying graphics ram to create the VBI. Don’t know what’s going on there but will leave it for a moment.

Back to the character set. It must be set somewhere, so do a search, first on the hardware CHBASE ($D409):

> s 0800 bfff 09 d4
Found at 2975
Found at 298C

Apparently there’s another interrupt right before 2979:

> d 2959
2959: AD D9 02  LDA $02D9   ;KRPDER
295C: 8D 16 D0  STA $D016   ;COLPF0
295F: AD DA 02  LDA $02DA   ;KEYREP
2962: 8D 17 D0  STA $D017   ;COLPF1
2965: AD DB 02  LDA $02DB   ;NOCLIK
2968: 8D 18 D0  STA $D018   ;COLPF2
296B: AD DC 02  LDA $02DC   ;HELPFG
296E: 8D 19 D0  STA $D019   ;COLPF3
2971: AD D8 02  LDA $02D8   ;ACMISR+1
2974: 8D 09 D4  STA $D409   ;CHBASE
2977: 68        PLA
2978: 40        RTI

so the value of $02D8 is getting stuffed into CHBASE:

> m 02d8
02D8: 34 FF C4 76 9F 60 0B 00 00 00 00 00 C0 1F BC 00  4..v............

So, $3400 is one character set. I’m guessing it’s shifting between at least 2 character sets because all of the robots are animated, so I’ll dump maybe 4k from that area and see:

> write 3400 43ff shamus-fonts.dat

which I will look at later.

The VBI stuff is bothering me. There’s clearly some sort of interrupt going on, but how can one be set if the VBI vectors are pointing seamingly to bad code? It jumps to a VBI and eventually hits a BRK, maybe? There is a software handler for that, the BRK vector at $0206:

> m  206
0206: 07 13 24 40 06 0C 03 EA CC 77 0F 00 8F 05 2A 14  ..$@.....w....*.

So, there is a routine to intercept the BRK command:

> d 1307
1307: 28        PLP
1308: 18        CLC
1309: 69 01     ADC #$01
130B: 91 FA     STA ($FA),Y ;ZTEMP3+1
130D: C8        INY
130E: 18        CLC
130F: 69 01     ADC #$01
1311: 91 FA     STA ($FA),Y ;ZTEMP3+1
1313: AD 32 02  LDA $0232   ;SSKCTL
1316: 29 10     AND #$10
1318: 4A        LSR
1319: 4A        LSR
131A: 4A        LSR
131B: 4A        LSR
131C: AC 1B 02  LDY $021B   ;CDTMV2+1
131F: 18        CLC
1320: 79 3C 00  ADC $003C,Y ;NOCKSM
1323: 38        SEC
1324: E9 01     SBC #$01
1326: 99 3C 00  STA $003C,Y ;NOCKSM
1329: 60        RTS

I have no idea what it’s doing, but it’s there.

Let’s look at where the VBI vector might be set:

> s 0600 bfff 24 02
Found at 2753
Found at 2A1D
Found at 2F38
Found at 2F3B
Found at 2F44
Found at 2F70
Found at 2F85

2748: 8D 1E D0  STA $D01E   ;HITCLR
274B: A9 FF     LDA #$FF
274D: 8D 28 02  STA $0228   ;CDTMA2
2750: A9 00     LDA #$00
2752: 8D 24 02  STA $0224   ;VVBLKD
2755: 8D 23 02  STA $0223   ;VVBLKI+1
2758: A9 07     LDA #$07
275A: 8D 13 02  STA $0213   ;VTIMR2+1
275D: A9 00     LDA #$00
275F: 8D 16 02  STA $0216   ;VIMIRQ
2762: 8D 2C 02  STA $022C   ;CDTMF4
2765: 8D 2D 02  STA $022D   ;INTEMP

Maybe it’s using the POKEY timer:

> m 0212
0212: 8F 05 2A 14 00 32 0F 9C 74 FF 01 0F 01 00 01 01  ..*..2..t.......

buuuuut, that’s a BRK, which would go through the BRK handler:

> d 058f
058F: 00        BRK

> m 0
0000: 1D 1D 1C 00 86 04 00 00 00 00 23 F2 86 04 00 00  ..........#.....
0010: 00 FF 00 01 00 EA 02 0B 00 00 00 00 00 00 00 00  ................

OK, it’s not using the POKEY timer because POKMSK at $0010 is zero. All pokey interrupts are off.

Hmmm. OK, I just discovered the antic command of the atari800 debugger:

> antic
DMACTL=3E    CHACTL=02    DLISTL=B8    DLISTH=35    HSCROL=03    VSCROL=00
PMBASE=00    CHBASE=E0    VCOUNT=00    NMIEN= 80    ypos=   0

NMIEN=80 shows that DLIs are enabled, but the VBI is disabled! Things that would have been nice to know earlier, I guess.

OK, so if there are no VBIs, it must be using the pokey timer to change the font. *OR*, it’s actually changing the font in place:

> write 3400 43ff shamus-fonts2.dat

Yes, it’s changing the font in place. So: no VBIs, no character set swapping.

colors:

> m 02c0
02C0: 00 00 00 00 24 44 94 46 00 00 00 00 00 00 00 6B  ....$D.F.......k