Insert your backup copy of SG, initialize the drive, and use
the drivemon to load this sector into drive buffer $0300 using the
job queue. Disassemble the code in the drive at $0300. This code,
when executed, loads T/S $12/12 (18/18) into drive buffer $0600 and
decrypts it. Control is then passed back to the computer, where a
memory-execute (M-E) command of $0693 is sent to the drive. This
initialize the drive side of the loader. To view the decrypted code
at $600, insert your backup copy of SG and do the following:
1) Use the job queue to read T/S $12/$12 into drive memory $0600
(T/S $12/$02 should already be present at $0300).
2) Assemble the following at $0400:
A 0400 JSR $0314
0403 JMP $F969
3) Execute our routine at $0400 by placing the value $12 into
drive memory $08 and $09, then place the value $E0 (job queue
execute command) into $01.
After a short period of drive activity, you may disassemble the
decrypted code at $0600. The entry point of the loader is $0693,
where some setup is done. Then, a loop is executed to load and
transmit each sector. After the load is completed, the code exits
by JMP'ing to $D048, which re-initialize the drive. This is the
ideal place for us to "wedge" ourselves into the loader. We can
execute a job queue read of our sector at $12/$06, THEN jump to
$D048. The drive code from $06E0 - $06FF is filled with zeroes and
is available for our use. Assemble the following code at $06E0:
A 06E0 LDA #$12
06E2 STA $08
06E4 LDA #$06
06E6 STA $09
06E8 LDA #$80
06EA STA $01
06EC LDA $01
06EE BMI $06EC
06F0 JMP $D048
And the following at $06C4:
A 06C4 JMP $06E0
This "patch" will load our sector into drive buffer $0400 and
exit the same way as the original code.
Because the loader is encrypted, we must also re-encrypt the
code containing our patch. To do this, re-execute step #3 above.
K.J. REVEALED TRILOGY PAGE [125] (C)1990 K.J.P.B.
<<previous page -
next page>>