A82: Re: No Subject


[Prev][Next][Index][Thread]

A82: Re: No Subject



In a message dated 97-07-18 21:07:58 EDT, you write:

<< I have a few questions/observations regarding the inner workings of 
 OShell (2.5), the assembly language shell for the TI-82.  As far as I 
 understand it, the TI-BASIC program SHELL exploits some kind of bug in 
 the TI-82 by first storing E17 in the variable Q.  What happens next is 
 a little confusing (the first of many things).  The program then exits 
 with a 'Stop' command.  What does happen, however, is that after ENTER 
 is pressed, (which would presumably re-run SHELL), the program OShell82 
 is run instead.  If OShell82 isn't present, SHELL simply reruns.  
 Interestingly enough, no 'Done.' is displayed after SHELL runs, which is 
 another small but interesting thing.  There isn't anything intrinsic 
 about SHELL which performs the magic of getting OShell82 to run, because 
 you can write a program called anything in TI-BASIC on your calculator 
 which invokes OShell82 by using the same code as SHELL.  Now, OShell82 
 is described in the VAT as starting at 8D24, which is the start of user 
 memory (and not where programs normally reside).  This must play an 
 important role in running OShell.  I guess Q also resides at the start 
 of user memory, am I right?  So by assigning E17 to Q, you somehow allow 
 OShell82 to execute?  Is that it?  My final, and most important 
 question, is: Could I write a shell in assembly and then use PRGM82.EXE 
 to turn it into an 82 executable, relocate it to 8D24 by editing an 
 backup file and use a similar proceedure to run it?
 
 Cheers,
 Dominic Cooney, coonsta@hotmail.com
 "YOU'LL PAY TO KNOW WHAT YOU _REALLY_ THINK!" -J.R. 'BOB' DOBBS
 
 ______________________________________________________
 Get Your Private, Free Email at http://www.hotmail.com
  >>
OK, in the backup, the variable Q points to $8114 (I think...check
82-RAM.txt), which is the pointer to ROM when a certain key is pressed.  When
you store E17 to Q, it overwrites these pointers, as the calc stores it as 00
91, which is where the code for OShell82 is located.  So when you press a key
(any key, not just enter), It makes a jump to $9100 and executes it as if it
were executing machine code - the ROM.  So then you have complete control
over the proccessor, and you can do anything you like.  You could do that to
make your own shell, but you have to find a memory location that is
equivelent to a BASIC command, and Q will have to point to $8114 (or whatever
that is...).  You can actually use any variable that can be relocated in
memory ie that you can find in the VAT.  The only problem is exiting the
shell, because where are you going to ret to?  OShell-82 v1.0 had this
problem, but Jason Todd (Alphasoft) fixed that quickly in his next version.

~Adamman

P.S. I didn't find any of this out at all.  This explaination has knowledge
gained from an email sent through the CALC-TI list by (?).  I'll send another
message if I can find that email.