A86: Re: How did they find the ROM calls???
[Prev][Next][Index][Thread]
A86: Re: How did they find the ROM calls???
They probably used a similar logic as what I used to find the _exec_basic
and _to_frac ROM calls... (although I had the very nice benifit of an
emulator). For example, suppose you wanted to find _puts. (This may not be
how they did it, but it could have been done this way.)
A] You know that somewhere there should be a bitmap that contains the letter
'A' and you know what it looks like. So you search for these values in the
ROM. (We're assuming they already hacked the backups to receive ROM dumps.)
B] Once you find that, the letter is probably part of a big table with a
bunch of bitmaps in it. You try to find the first part of the table. It is
reasonable to assume that the table begins with the NULL character, so you
calculate the offset that character would be at and double-check that there
really is a bitmap there.
C] Now you have a pointer to the null bitmap. Chances are that somewhere in
ROM (presumably in the _putmap routine) there is something like ld hl,addr
where addr is the pointer to the bitmaps. So you search for that and find
it.
D] Now you know where the _putmap routine is. We search for things that call
the _putmap routine. We notice that _putc calls it and seems to do some
extra stuff. Now we search for routines that call _putc and voila we've
found _puts. Now we just search for its entry in the ROM call table.
----- Original Message -----
From: <Pbf16@aol.com>
To: <assembly-86@lists.ticalc.org>
Sent: Sunday, March 05, 2000 7:33 PM
Subject: A86: How did they find the ROM calls???
>
> Does anybody know how the authors of Zshell or Ash found out the ROM calls
for thier specific calcs?
>
>
References: