Reply by autostaretx April 28, 20072007-04-28
--- In m..., "ingenious9" wrote:
>
> With 2 Universal Programmers (SuperPro 3000U & ChipMaster 6000) I can
> only read a portion of the memory addresses which is from 0000 to
> 0FFF with the 2 programmers. But when I am re-assemblying it to the
> assembler language, I get Jumps to Subroutines (JSR) at some
> addresses that i cannot read ...example (JSR F061, JSR F948, JSR
> FB69, etc).
>
> my question is, is the memory dump that i can read offseted?..
> (current dump is 0000-0FFF, so i would assume it is F000-FFFF
> instead?) so that the values fall within range

The memory could easily be located in the F000->FFFF range
as seen by the processor.

One trick when you think it might be relocated is to look
at the target addresses. You mention F061
Note in your listing that (F)061 -is- an entry point!
(it follows an RTI, so something had to branch/jump/jsr
to actually reach what you're calling 0061 )

Based on that one example (and you can test the rest),
it would appear that your memory chip actually lives
in the F000->FFFF range when in circuit.

That also means that the uppermost addresses (FF62->FFFF)
will be the vector addresses for the interrupts,
and that whatever is contained in (F)FFE and (F)FFF are
the address of the Reset point, where the entire program
actually starts...

have fun
--dick

> this is part of the actual dump, the original is way longer
> 0000 8E 00 FF BD F4 80 4F CE 00 40 8C 00 84 27 05 A7
> 0010 00 08 20 F6 CE FB B2 18 CE 00 40 8C FB B2 27 0A
> 0020 E6 00 18 E7 00 08 18 08 20 F1 BD F9 D3 20 FE 3F
> 0030 06 5B 4F 66 6D 7C 07 7F 67 00 7D 00 57 26 07 C6
> 0040 01 F7 00 57 20 03 7F 00 57 3B 18 CE 00 25 18 1C
> 0050 00 80 C6 55 D7 3A C6 AA D7 3A D6 00 C8 20 D7 00
> 0060 3B BD FB 69 04 18 CE 00 23 18 1C 00 04 7D 00 68
> 0070 26 08 C6 02 F7 00 50 7F 00 5F 7D 00 66 26 03 7E
> Here's the code re-assembled
>
> 0000 8E 00FF LDS #00FF
> 0003 BD F480 JSR F480 <---------------
> 0006 4F CLR A
> 0007 CE 0040 LDX #0040
> 000A 8C 0084 CPX #0084
> 000D 27 05 BEQ 0014
> 000F A7 00 STA A 00,X
> 0011 08 INX
> 0012 20 F6 BRA 000A
> 0014 CE FBB2 LDX #FBB2
> 0017 18 CE 0040 LDY #0040
> 001B 8C FBB2 CPX #FBB2
> 001E 27 0A BEQ 002A
> 0020 E6 00 LDA B 00,X
> 0022 18 E7 00 STA B 00,Y
> 0025 08 INX
> 0026 18 08 INY
> 0028 20 F1 BRA 001B
> 002A BD F9D3 JSR F9D3 <----------------
> 002D 20 FE BRA 002D
> 002F 3F SWI
> 0030 06 TAP
> 0031 5B
> 0032 4F CLR A
> 0033 66 6D ROR 6D,X
> 0035 7C 077F INC 077F
> 0038 67 00 ASR 00,X
> 003A 7D 0057 TST 0057
> 003D 26 07 BNE 0046
> 003F C6 0001 LDA B #01
> 0041 F7 0057 STA B 0057
> 0044 20 03 BRA 0049
> 0046 7F 0057 CLR 0057
> 0049 3B RTI
> 004A 18 CE 0025 LDY #0025
> 004E 18 1C 0080 BSET 00,Y 80
> 0052 C6 0055 LDA B #55
> 0054 D7 3A STA B 3A
> 0056 C6 00AA LDA B #AA
> 0058 D7 3A STA B 3A
> 005A D6 00 LDA B 00
> 005C C8 0020 EOR B #20
> 005E D7 00 STA B 00
> 0060 3B RTI
> 0061 BD FB69 JSR FB69 <---------------
> 0064 04 LSR D
> 0065 18 CE 0023 LDY #0023
> 0069 18 1C 0004 BSET 00,Y 04
> 006D 7D 0068 TST 0068
> 0070 26 08 BNE 007A
> 0072 C6 0002 LDA B #02
> 0074 F7 0050 STA B 0050
> 0077 7F 005F CLR 005F
> 007A 7D 0066 TST 0066
> 007D 26 03 BNE 0082
> 007F 7E F1EA JMP F1EA
>
> does it make sense to anyone? am I missing something here?
> btw...if someone needs the full dump or re-assembled code
> for further analysis, i will prodide it
>
> thks
>
Reply by Tony Papadimitriou April 27, 20072007-04-27
----- Original Message -----
From: "ingenious9"
To:
> With 2 Universal Programmers (SuperPro 3000U & ChipMaster 6000) I can
> only read a portion of the memory addresses which is from 0000 to
> 0FFF with the 2 programmers. But when I am re-assemblying it to the

What do you mean you can only read to $0FFF? They won't allow you to read
any address in the full address range? If so, this isn't very useful.

> does it make sense to anyone? am I missing something here?
> btw...if someone needs the full dump or re-assembled code for further
> analysis, i will prodide it

Obviously, you're not dumping the whole program. Try dumping the whole
memory map (from $0000 to $FFFF) and try to find all code regions within
that by disassembling starting from the reset vector ($FFFE) and all ISR
vectors. If you know for certain that the code and data start off at a
given address, start from there but go all the way to $FFFF

> thks

t...@acm.org
Reply by ingenious9 April 27, 20072007-04-27
With 2 Universal Programmers (SuperPro 3000U & ChipMaster 6000) I can
only read a portion of the memory addresses which is from 0000 to
0FFF with the 2 programmers. But when I am re-assemblying it to the
assembler language, I get Jumps to Subroutines (JSR) at some
addresses that i cannot read ...example (JSR F061, JSR F948, JSR
FB69, etc).

my question is, is the memory dump that i can read offseted?..
(current dump is 0000-0FFF, so i would assume it is F000-FFFF
instead?) so that the values fall within range
this is part of the actual dump, the original is way longer
0000 8E 00 FF BD F4 80 4F CE 00 40 8C 00 84 27 05 A7
0010 00 08 20 F6 CE FB B2 18 CE 00 40 8C FB B2 27 0A
0020 E6 00 18 E7 00 08 18 08 20 F1 BD F9 D3 20 FE 3F
0030 06 5B 4F 66 6D 7C 07 7F 67 00 7D 00 57 26 07 C6
0040 01 F7 00 57 20 03 7F 00 57 3B 18 CE 00 25 18 1C
0050 00 80 C6 55 D7 3A C6 AA D7 3A D6 00 C8 20 D7 00
0060 3B BD FB 69 04 18 CE 00 23 18 1C 00 04 7D 00 68
0070 26 08 C6 02 F7 00 50 7F 00 5F 7D 00 66 26 03 7E
Here's the code re-assembled

0000 8E 00FF LDS #00FF
0003 BD F480 JSR F480 <---------------
0006 4F CLR A
0007 CE 0040 LDX #0040
000A 8C 0084 CPX #0084
000D 27 05 BEQ 0014
000F A7 00 STA A 00,X
0011 08 INX
0012 20 F6 BRA 000A
0014 CE FBB2 LDX #FBB2
0017 18 CE 0040 LDY #0040
001B 8C FBB2 CPX #FBB2
001E 27 0A BEQ 002A
0020 E6 00 LDA B 00,X
0022 18 E7 00 STA B 00,Y
0025 08 INX
0026 18 08 INY
0028 20 F1 BRA 001B
002A BD F9D3 JSR F9D3 <----------------
002D 20 FE BRA 002D
002F 3F SWI
0030 06 TAP
0031 5B
0032 4F CLR A
0033 66 6D ROR 6D,X
0035 7C 077F INC 077F
0038 67 00 ASR 00,X
003A 7D 0057 TST 0057
003D 26 07 BNE 0046
003F C6 0001 LDA B #01
0041 F7 0057 STA B 0057
0044 20 03 BRA 0049
0046 7F 0057 CLR 0057
0049 3B RTI
004A 18 CE 0025 LDY #0025
004E 18 1C 0080 BSET 00,Y 80
0052 C6 0055 LDA B #55
0054 D7 3A STA B 3A
0056 C6 00AA LDA B #AA
0058 D7 3A STA B 3A
005A D6 00 LDA B 00
005C C8 0020 EOR B #20
005E D7 00 STA B 00
0060 3B RTI
0061 BD FB69 JSR FB69 <---------------
0064 04 LSR D
0065 18 CE 0023 LDY #0023
0069 18 1C 0004 BSET 00,Y 04
006D 7D 0068 TST 0068
0070 26 08 BNE 007A
0072 C6 0002 LDA B #02
0074 F7 0050 STA B 0050
0077 7F 005F CLR 005F
007A 7D 0066 TST 0066
007D 26 03 BNE 0082
007F 7E F1EA JMP F1EA

does it make sense to anyone? am I missing something here?
btw...if someone needs the full dump or re-assembled code for further
analysis, i will prodide it

thks