Explain MOS Patches
Opened this issue · 8 comments
B-Em comes with two patched version of the MOS ROM. Explain what has been patched as a Wiki page.
So, for reference, here is a hex diff of MOS 3.20 and MOS 3.22. I'll look at what those differences mean later and see if I can write it up for the Wiki.
747c747
< 00002EA0 - 80 02 A0 04 98 1C 34 FE 8A F0 05 A9 04 0C 34 FE ......4.......4.
---
> 00002EA0 - 80 02 A0 04 98 1C 34 FE 8A F0 05 EA 98 0C 34 FE ......4.......4.
760c760
< 00002F70 - FB 00 F7 4F 53 20 33 2E 32 30 00 C8 B1 F0 C9 20 ...OS 3.20.....
---
> 00002F70 - FB 00 F7 4F 53 20 33 2E 32 32 00 C8 B1 F0 C9 20 ...OS 3.22.....
961,1008c961,1008
< 00003C00 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003C10 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003C20 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003C30 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003C40 - 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003C50 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003C60 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003C70 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003C80 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003C90 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003CA0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003CB0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003CC0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003CD0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003CE0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003CF0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003D00 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003D10 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003D20 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003D30 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003D40 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003D50 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003D60 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003D70 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003D80 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003D90 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003DA0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003DB0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003DC0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003DD0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003DE0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003DF0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003E00 - 60 20 60 20 60 20 60 20 13 00 33 00 12 00 12 00 ` ` ` ` ..3.....
< 00003E10 - 60 60 60 60 60 60 60 60 7B C6 F0 F0 FB C6 F0 F0 ````````{.......
< 00003E20 - 20 20 20 20 20 20 20 20 00 00 02 FF 20 20 20 20 ....
< 00003E30 - 0C 0C 0C 0C 10 10 10 10 20 20 20 20 20 20 20 20 ........
< 00003E40 - 3B 81 CF 7F 05 19 0E 27 B4 2C FF 40 04 00 D3 81 ;......'.,.@....
< 00003E50 - 3B 81 CF 7F 65 18 0E 27 14 2A FF 40 04 00 D3 81 ;...e..'.*.@....
< 00003E60 - FF 00 00 FF 75 23 DF EB 74 29 00 00 0E 00 80 00 ....u#..t)......
< 00003E70 - FF 00 00 FF D5 21 DF EB D4 27 00 00 0E 00 80 00 .....!...'......
< 00003E80 - 20 20 60 20 60 20 20 20 20 60 20 60 20 20 60 20 ` ` ` ` `
< 00003E90 - 60 20 20 60 20 60 20 20 60 20 60 20 20 60 20 60 ` ` ` ` ` ` `
< 00003EA0 - 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
< 00003EB0 - 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
< 00003EC0 - 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
< 00003ED0 - 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
< 00003EE0 - 44 00 7F 40 FF 00 7F 41 44 00 7F 40 7F 00 7F 41 D..@...AD..@...A
< 00003EF0 - 44 00 7F 40 7F 00 7F 41 44 00 7F 40 7F 00 7F 41 D..@...AD..@...A
---
> 00003C00 - 28 43 29 20 31 39 38 34 20 41 63 6F 72 6E 20 43 (C) 1984 Acorn C
> 00003C10 - 6F 6D 70 75 74 65 72 73 20 4C 74 64 2E 54 68 61 omputers Ltd.Tha
> 00003C20 - 6E 6B 73 20 61 72 65 20 64 75 65 20 74 6F 20 74 nks are due to t
> 00003C30 - 68 65 20 66 6F 6C 6C 6F 77 69 6E 67 20 63 6F 6E he following con
> 00003C40 - 74 72 69 62 75 74 6F 72 73 20 74 6F 20 74 68 65 tributors to the
> 00003C50 - 20 42 42 43 20 43 6F 6D 70 75 74 65 72 20 28 61 BBC Computer (a
> 00003C60 - 6D 6F 6E 67 20 6F 74 68 65 72 73 20 74 6F 6F 20 mong others too
> 00003C70 - 6E 75 6D 65 72 6F 75 73 20 74 6F 20 6D 65 6E 74 numerous to ment
> 00003C80 - 69 6F 6E 29 3A 2D 20 44 61 76 69 64 20 41 6C 6C ion):- David All
> 00003C90 - 65 6E 2C 43 6C 69 76 65 20 41 6E 67 65 6C 2C 44 en,Clive Angel,D
> 00003CA0 - 61 76 69 64 20 42 65 6C 6C 2C 50 61 75 6C 20 42 avid Bell,Paul B
> 00003CB0 - 6F 6E 64 2C 41 6C 6C 65 6E 20 42 6F 6F 74 68 72 ond,Allen Boothr
> 00003CC0 - 6F 79 64 2C 4A 75 6C 69 61 6E 20 42 72 6F 77 6E oyd,Julian Brown
> 00003CD0 - 2C 54 75 64 6F 72 20 42 72 6F 77 6E 2C 42 72 69 ,Tudor Brown,Bri
> 00003CE0 - 61 6E 20 43 6F 63 6B 62 75 72 6E 2C 50 65 74 65 an Cockburn,Pete
> 00003CF0 - 20 43 6F 63 6B 65 72 65 6C 6C 2C 4D 61 72 6B 20 Cockerell,Mark
> 00003D00 - 43 6F 6C 74 6F 6E 2C 43 68 72 69 73 20 43 75 72 Colton,Chris Cur
> 00003D10 - 72 79 2C 4A 6F 65 20 44 75 6E 6E 2C 50 61 75 6C ry,Joe Dunn,Paul
> 00003D20 - 20 46 72 65 61 6B 6C 65 79 2C 53 74 65 76 65 20 Freakley,Steve
> 00003D30 - 46 75 72 62 65 72 2C 4D 61 72 74 79 6E 20 47 69 Furber,Martyn Gi
> 00003D40 - 6C 62 65 72 74 2C 4A 6F 68 6E 20 48 61 72 72 69 lbert,John Harri
> 00003D50 - 73 6F 6E 2C 48 65 72 6D 61 6E 6E 20 48 61 75 73 son,Hermann Haus
> 00003D60 - 65 72 2C 4D 69 6B 65 20 48 69 6C 6C 2C 4A 6F 68 er,Mike Hill,Joh
> 00003D70 - 6E 20 48 6F 72 74 6F 6E 2C 4E 65 69 6C 20 4A 6F n Horton,Neil Jo
> 00003D80 - 68 6E 73 6F 6E 2C 52 69 63 68 61 72 64 20 4B 69 hnson,Richard Ki
> 00003D90 - 6E 67 2C 44 61 76 69 64 20 4B 69 74 73 6F 6E 2C ng,David Kitson,
> 00003DA0 - 4A 75 6C 69 61 6E 20 4C 6F 6D 62 65 72 67 2C 52 Julian Lomberg,R
> 00003DB0 - 6F 62 20 4D 61 63 6D 69 6C 6C 61 6E 2C 52 69 63 ob Macmillan,Ric
> 00003DC0 - 68 61 72 64 20 4D 61 6E 62 79 2C 50 65 74 65 72 hard Manby,Peter
> 00003DD0 - 20 4D 63 4B 65 6E 6E 61 2C 41 6E 64 72 65 77 20 McKenna,Andrew
> 00003DE0 - 4D 63 4B 65 72 6E 61 6E 2C 4D 69 63 6B 20 4E 65 McKernan,Mick Ne
> 00003DF0 - 69 6C 2C 49 61 6E 20 4E 69 62 6C 6F 63 6B 2C 47 il,Ian Niblock,G
> 00003E00 - 6C 65 6E 20 4E 69 63 68 6F 6C 6C 73 2C 52 6F 62 len Nicholls,Rob
> 00003E10 - 65 72 74 20 4E 6F 6B 65 73 2C 52 69 63 68 61 72 ert Nokes,Richar
> 00003E20 - 64 20 50 61 67 65 2C 53 74 65 76 65 20 50 61 72 d Page,Steve Par
> 00003E30 - 73 6F 6E 73 2C 45 64 20 50 68 69 70 70 73 2C 4A sons,Ed Phipps,J
> 00003E40 - 6F 68 6E 20 52 61 64 63 6C 69 66 66 65 2C 52 69 ohn Radcliffe,Ri
> 00003E50 - 63 6B 20 52 61 6E 64 2C 42 72 69 61 6E 20 52 6F ck Rand,Brian Ro
> 00003E60 - 62 65 72 74 73 6F 6E 2C 52 69 63 68 61 72 64 20 bertson,Richard
> 00003E70 - 52 75 73 73 65 6C 6C 2C 47 6F 72 64 6F 6E 20 53 Russell,Gordon S
> 00003E80 - 61 67 65 2C 54 65 72 72 79 20 53 63 6F 74 63 68 age,Terry Scotch
> 00003E90 - 65 72 2C 44 61 76 69 64 20 53 65 61 6C 2C 50 61 er,David Seal,Pa
> 00003EA0 - 75 6C 20 53 77 69 6E 64 65 6C 6C 2C 4A 6F 6E 20 ul Swindell,Jon
> 00003EB0 - 54 68 61 63 6B 72 61 79 2C 48 75 67 6F 20 54 79 Thackray,Hugo Ty
> 00003EC0 - 73 6F 6E 2C 41 64 72 69 61 6E 20 57 61 72 6E 65 son,Adrian Warne
> 00003ED0 - 72 2C 4A 65 73 73 20 57 69 6C 6C 73 2C 52 6F 67 r,Jess Wills,Rog
> 00003EE0 - 65 72 20 57 69 6C 73 6F 6E 2C 47 72 61 68 61 6D er Wilson,Graham
> 00003EF0 - 20 57 69 6E 74 65 72 66 6C 6F 6F 64 2E 20 20 20 Winterflood.
1225,1226c1225,1226
< 00004C80 - 8D 8A C2 A5 CD A0 0A 29 08 F0 02 A0 10 84 A3 5D .......).......]
< 00004C90 - D1 90 8D 24 FE 4A AE 88 C2 B0 03 AE 89 C2 A0 00 ...$.J..........
---
> 00004C80 - 8D 8A C2 A5 CD A0 0A 29 08 F0 02 A0 10 84 A3 20 .......).......
> 00004C90 - D7 B8 8D 24 FE 4A AE 88 C2 B0 03 AE 89 C2 A0 00 ...$.J..........
1458,1459c1458,1459
< 00005B10 - 86 25 86 5A 9C 36 9B 96 9C 25 86 25 86 25 86 CD .%.Z.6...%.%.%..
< 00005B20 - 9C 9E 9C B1 9C 17 9D 1E 9D 25 86 27 9D 2A 9D 20 .........%.'.*.
---
> 00005B10 - 86 25 86 5A 9C 36 9B 96 9C 25 86 25 86 25 86 DC .%.Z.6...%.%.%..
> 00005B20 - B8 9E 9C B1 9C 17 9D 1E 9D 25 86 27 9D 2A 9D 20 .........%.'.*.
1934,1935c1934,1935
< 000078D0 - 60 A9 02 48 98 10 E3 FF FF FF FF FF FF FF FF FF `..H............
< 000078E0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
---
> 000078D0 - 60 A9 02 48 98 10 E3 0A 0A 5D D1 90 60 AD BC 0D `..H.....]..`...
> 000078E0 - C5 F4 D0 03 4C CE 9C A9 08 60 FF FF FF FF FF FF ....L....`......
7561c7561
< 0001D880 - A9 19 20 93 98 A9 20 91 F0 A0 06 91 F0 88 A2 07 .. ... .........
---
> 0001D880 - 20 E0 B8 EA EA A9 20 91 F0 A0 06 91 F0 88 A2 07 ..... .........
7665c7665
< 0001DF00 - 0D 4F 53 20 33 2E 32 30 0D 00 7A 60 A9 20 DA A6 .OS 3.20..z`. ..
---
> 0001DF00 - 0D 4F 53 20 33 2E 32 32 0D 00 7A 60 A9 20 DA A6 .OS 3.22..z`. ..
8079c8079
< 0001F8E0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
---
> 0001F8E0 - C9 38 A9 19 B0 02 A9 20 4C 93 98 FF FF FF FF FF .8..... L.......
Before delving into this we need a map as to which hex offset within the file (and therefore within the 1Mbit ROM) corresponds to which paged ROM as seen by the OS:
00000-03FFF: OS (C000-FFFF in address map)
04000-07FFF: ROM 9: DFS
08000-0BFFF: ROM A: ViewSheet
0C000-0FFFF: ROM B: Edit (text editor)
10000-13FFF: ROM C: BASIC
14000-17FFF: ROM D: ADFS
18000-1BFFF: ROM E: View
1C000-1FFFF: ROM F: Terminal
So this difference is in the OS part:
747c747
< 00002EA0 - 80 02 A0 04 98 1C 34 FE 8A F0 05 A9 04 0C 34 FE ......4.......4.
---
> 00002EA0 - 80 02 A0 04 98 1C 34 FE 8A F0 05 EA 98 0C 34 FE ......4.......4.
Here is this snippet as assembler in MOS 3.20:
EEA0: 80 02 BRA EEA4
EEA2: A0 04 LDY #04
EEA4: 98 TYA
EEA5: 1C 34 FE TRB FE34
EEA8: 8A TXA
EEA9: F0 05 BEQ EEB0
EEAB: A9 04 LDA #04
EEAD: 0C 34 FE TSB FE34
EEB0: 60 RTS
EEB1: 48 PHA
EEB2: 08 PHP
EEB3: 78 SEI
and the patched version:
EEA0: 80 02 BRA EEA4
EEA2: A0 04 LDY #04
EEA4: 98 TYA
EEA5: 1C 34 FE TRB FE34
EEA8: 8A TXA
EEA9: F0 05 BEQ EEB0
EEAB: EA NOP
EEAC: 98 TYA
EEAD: 0C 34 FE TSB FE34
EEB0: 60 RTS
EEB1: 48 PHA
EEB2: 08 PHP
That still doesn't explain what the purpose of that change is.
Next:
760c760
< 00002F70 - FB 00 F7 4F 53 20 33 2E 32 30 00 C8 B1 F0 C9 20 ...OS 3.20.....
---
> 00002F70 - FB 00 F7 4F 53 20 33 2E 32 32 00 C8 B1 F0 C9 20 ...OS 3.22.....
This is just updating the version number.
< 00003C00 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
< 00003C10 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
...
< 00003EE0 - 44 00 7F 40 FF 00 7F 41 44 00 7F 40 7F 00 7F 41 D..@...AD..@...A
< 00003EF0 - 44 00 7F 40 7F 00 7F 41 44 00 7F 40 7F 00 7F 41 D..@...AD..@...A
---
> 00003C00 - 28 43 29 20 31 39 38 34 20 41 63 6F 72 6E 20 43 (C) 1984 Acorn C
> 00003C10 - 6F 6D 70 75 74 65 72 73 20 4C 74 64 2E 54 68 61 omputers Ltd.Tha
...
> 00003EE0 - 65 72 20 57 69 6C 73 6F 6E 2C 47 72 61 68 61 6D er Wilson,Graham
> 00003EF0 - 20 57 69 6E 74 65 72 66 6C 6F 6F 64 2E 20 20 20 Winterflood.
This is not a patch per-se but a consequence of how the ROM image was obtained. In the MOS 3.20 ROM as supplied the ROM image has been obtained by reading the addresses on a BBC Master itself, for example by *SAVE. There are three pages of 256 bytes within the OS address space devoted to I/O to this has captured whatever I/O devices were present (FF means nothing responded) whereas the real ROM as read by an EPROM programmer has a series of credits in.
That concludes the changes to the OS itsself.
1225,1226c1225,1226
< 00004C80 - 8D 8A C2 A5 CD A0 0A 29 08 F0 02 A0 10 84 A3 5D .......).......]
< 00004C90 - D1 90 8D 24 FE 4A AE 88 C2 B0 03 AE 89 C2 A0 00 ...$.J..........
---
> 00004C80 - 8D 8A C2 A5 CD A0 0A 29 08 F0 02 A0 10 84 A3 20 .......).......
> 00004C90 - D7 B8 8D 24 FE 4A AE 88 C2 B0 03 AE 89 C2 A0 00 ...$.J..........
This is now in the DFS ROM. Here's the MOS 3.20 version as assembler:
8C83: A5 CD LDA CD
8C85: A0 0A LDY #0A
8C87: 29 08 AND #08
8C89: F0 02 BEQ 8C8D
8C8B: A0 10 LDY #10
8C8D: 84 A3 STY A3
8C8F: 5D D1 90 EOR 90D1,X
8C92: 8D 24 FE STA FE24
8C95: 4A LSR A
so this is writing something to the control latch associated with the WD1770. Here's the patched version:
8C83: A5 CD LDA CD
8C85: A0 0A LDY #0A
8C87: 29 08 AND #08
8C89: F0 02 BEQ 8C8D
8C8B: A0 10 LDY #10
8C8D: 84 A3 STY A3
8C8F: 20 D7 B8 JSR B8D7
8C92: 8D 24 FE STA FE24
8C95: 4A LSR A
so what has happened here is that what now needs to be executed is longer than the old version so some of it has been put in a subroutine is previously unused space:
B8D7: 0A ASL A
B8D8: 0A ASL A
B8D9: 5D D1 90 EOR 90D1,X
B8DC: 60 RTS
So I think this is the double-density patch to DFS. Acorn DFS doesn't use double density discs itself but should be able to work with them via OSWORD but that fails because it doesn't write to the correct bit of the latch to select double density. This patch fixes that.
1458,1459c1458,1459
< 00005B10 - 86 25 86 5A 9C 36 9B 96 9C 25 86 25 86 25 86 CD .%.Z.6...%.%.%..
< 00005B20 - 9C 9E 9C B1 9C 17 9D 1E 9D 25 86 27 9D 2A 9D 20 .........%.'.*.
---
> 00005B10 - 86 25 86 5A 9C 36 9B 96 9C 25 86 25 86 25 86 DC .%.Z.6...%.%.%..
> 00005B20 - B8 9E 9C B1 9C 17 9D 1E 9D 25 86 27 9D 2A 9D 20 .........%.'.*.
This doesn't disassemble into anything sensible but looks like it could be a jump table with altenrate bytes (the high bytes) being within the paged ROM area. In the patched version the high byte is towards the end of the ROM, presumably another previously unused area. So the original address points to:
9CCE: 20 EE 83 JSR 83EE
9CD1: 20 3F 97 JSR 973F
...
and the patched address points to:
B8DD: AD BC 0D LDA 0DBC
B8E0: C5 F4 CMP F4
B8E2: D0 03 BNE B8E7
B8E4: 4C CE 9C JMP 9CCE
B8E7: A9 08 LDA #08
B8E9: 60 RTS
Given the return value this looks like responding to paged ROM service calls. The patch looks like it is checking that one of the filing system extended vectors points to the current ROM - one way to check if the current ROM is the current filing system. So what this patch is doing is stopping DFS from implementing OSWORD calls if it is not the current filing system. That is because in DFS's implementation of OSWORD &7F it uses the filing system workspace as if it owns it when it doesn't causing corruption.
1934,1935c1934,1935
< 000078D0 - 60 A9 02 48 98 10 E3 FF FF FF FF FF FF FF FF FF `..H............
< 000078E0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
---
> 000078D0 - 60 A9 02 48 98 10 E3 0A 0A 5D D1 90 60 AD BC 0D `..H.....]..`...
> 000078E0 - C5 F4 D0 03 4C CE 9C A9 08 60 FF FF FF FF FF FF ....L....`......
This is the area into which the two subroutines for the other two patches have been put. That concludes the changes to DFS.
7561c7561
< 0001D880 - A9 19 20 93 98 A9 20 91 F0 A0 06 91 F0 88 A2 07 .. ... .........
---
> 0001D880 - 20 E0 B8 EA EA A9 20 91 F0 A0 06 91 F0 88 A2 07 ..... .........
This change is in the terminal ROM. Note that there is quite a bit of OS code in this ROM which has nothing to do with terminal emulation. Disassembly of the original:
9880: A9 19 LDA #19
9882: 20 93 98 JSR 9893
9885: A9 20 LDA #20
9887: 91 F0 STA (F0),Y
9889: A0 06 LDY #06
988B: 91 F0 STA (F0),Y
988D: 88 DEY
988E: A2 07 LDX #07
9890: BD EE 02 LDA 02EE,X
9893: 48 PHA
9894: 20 9C 98 JSR 989C
9897: 68 PLA
and the patched version:
9880: 20 E0 B8 JSR B8E0
9883: EA NOP
9884: EA NOP
9885: A9 20 LDA #20
9887: 91 F0 STA (F0),Y
9889: A0 06 LDY #06
988B: 91 F0 STA (F0),Y
988D: 88 DEY
988E: A2 07 LDX #07
9890: BD EE 02 LDA 02EE,X
9893: 48 PHA
9894: 20 9C 98 JSR 989C
so once again this is going off to a patched-in subroutine:
B8E0: C9 38 CMP #38
B8E2: A9 19 LDA #19
B8E4: B0 02 BCS B8E8
B8E6: A9 20 LDA #20
B8E8: 4C 93 98 JMP 9893
This looks like a Y2K patch to me. The RTC can hold the date/time in BCD and 9880 in the original code seems to fix the century at 19 (hex 19 is also (decimal) 19 in BCD) to make up for the fact the RTC chip only stores the last two digits of the year. The patched in code compares a value, presumably the last two digits of the year in BCD, and then chooses 19 or 20 for the century accordingly.
7665c7665
< 0001DF00 - 0D 4F 53 20 33 2E 32 30 0D 00 7A 60 A9 20 DA A6 .OS 3.20..z`. ..
---
> 0001DF00 - 0D 4F 53 20 33 2E 32 32 0D 00 7A 60 A9 20 DA A6 .OS 3.22..z`. ..
This is just a version number update.
8079c8079
< 0001F8E0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
---
> 0001F8E0 - C9 38 A9 19 B0 02 A9 20 4C 93 98 FF FF FF FF FF .8..... L.......
This is the patched in piece of the Y2K patch.
That concludes the patched to MOS 3.20 to make MOS 3.22.
Steve,
The patch at EEAB, EEAC I think fixed a bug in OSBYTE &6B (*FX 107), which selects between the internal and external 1MHz buses.
Dave
So now on to MOS 3.50 patched to become 3.52. First in the OS:
750c750
< 00002ED0 - 60 D0 FB 00 F7 4D 4F 53 20 33 2E 35 30 00 C8 B1 `....MOS 3.50...
---
> 00002ED0 - 60 D0 FB 00 F7 4D 4F 53 20 33 2E 35 32 00 C8 B1 `....MOS 3.52...
This is just the version number change.
960c960
< 00003BF0 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
---
> 00003BF0 - FF FF FF FF FF C9 38 A9 19 B0 02 A9 20 4C 76 96 ......8..... Lv.
This looks like some new code patched into previously unused space. Let's disassemble it:
FBF5: C9 38 CMP #38
FBF7: A9 19 LDA #19
FBF9: B0 02 BCS FBFD
FBFB: A9 20 LDA #20
FBFD: 4C 76 96 JMP 9676
This looks like a piece of the Y2K patch again. Maybe the other half of this is in the terminal ROM. Now onto the DFS ROM:
1227c1227
< 00004CA0 - 0A 29 08 F0 02 A0 10 84 A3 5D 60 91 8D 24 FE 4A .).......]`..$.J
---
> 00004CA0 - 0A 20 82 BF EA EA EA 84 A3 5D 60 91 8D 24 FE 4A . .......]`..$.J
Disassembly of the original:
8CA0: 0A ASL A
8CA1: 29 08 AND #08
8CA3: F0 02 BEQ 8CA7
8CA5: A0 10 LDY #10
8CA7: 84 A3 STY A3
8CA9: 5D 60 91 EOR 9160,X
8CAC: 8D 24 FE STA FE24
8CAF: 4A LSR A
8CB0: AE 88 C2 LDX C288
8CB3: B0 03 BCS 8CB8
8CB5: AE 89 C2 LDX C289
8CB8: 64 A2 STZ A2
and the patched version:
8CA0: 0A ASL A
8CA1: 20 82 BF JSR BF82
8CA4: EA NOP
8CA5: EA NOP
8CA6: EA NOP
8CA7: 84 A3 STY A3
8CA9: 5D 60 91 EOR 9160,X
8CAC: 8D 24 FE STA FE24
8CAF: 4A LSR A
8CB0: AE 88 C2 LDX C288
8CB3: B0 03 BCS 8CB8
8CB5: AE 89 C2 LDX C289
this goes off to a patched in subroutine:
BF82: 29 08 AND #08
BF84: F0 04 BEQ BF8A
BF86: A9 20 LDA #20
BF88: A0 10 LDY #10
BF8A: 60 RTS
so once again this is dealing with the control latch associated with the WD1770.
1312c1312
< 000051F0 - F0 10 E0 F0 A9 FF 8D 82 C2 86 C7 84 C8 A0 0C B1 ................
---
> 000051F0 - F0 10 E0 F0 86 C7 84 C8 A9 FF 8D 82 C2 A0 0C B1 ................
Disassembly of original:
91F0: F0 10 BEQ 9202
91F2: E0 F0 CPX #F0
91F4: A9 FF LDA #FF
91F6: 8D 82 C2 STA C282
91F9: 86 C7 STX C7
91FB: 84 C8 STY C8
91FD: A0 0C LDY #0C
91FF: B1 C7 LDA (C7),Y
9201: 99 BA 00 STA 00BA,Y
9204: 88 DEY
9205: 10 F8 BPL 91FF
9207: A2 0C LDX #0C
and the patched version:
91F0: F0 10 BEQ 9202
91F2: E0 F0 CPX #F0
91F4: 86 C7 STX C7
91F6: 84 C8 STY C8
91F8: A9 FF LDA #FF
91FA: 8D 82 C2 STA C282
91FD: A0 0C LDY #0C
91FF: B1 C7 LDA (C7),Y
9201: 99 BA 00 STA 00BA,Y
9204: 88 DEY
9205: 10 F8 BPL 91FF
9207: A2 0C LDX #0C
I am not sure what material difference this makes. It looks life instructions have been re-ordered to preserve the flags from the 'CPX #F0' for longer but I can't see anything that depends on those flags.
1543c1543
< 00006060 - 0F A2 E0 A1 F3 A1 77 A2 7E A2 1A 86 86 A2 89 A2 ......w.~.......
---
> 00006060 - 43 AE E0 A1 F3 A1 77 A2 7E A2 1A 86 86 A2 89 A2 C.....w.~.......
This look like another jump table being patched. So the old entry went to A210 (probably a table jumped to with RTS):
A210: 20 EB 83 JSR 83EB
A213: 20 D4 97 JSR 97D4
A216: A4 EF LDY EF
A218: 30 F1 BMI A20B
A21A: C0 7D CPY #7D
A21C: 90 ED BCC A20B
A21E: AA TAX
A21F: 20 AE A5 JSR A5AE
A222: A0 D4 LDY #D4
A224: B1 B0 LDA (B0),Y
A226: 48 PHA
A227: DA PHX
New entry:
AE44: AD BC 0D LDA 0DBC
AE47: C5 F4 CMP F4
AE49: D0 03 BNE AE4E
AE4B: 4C 10 A2 JMP A210
AE4E: A9 08 LDA #08
AE50: 60 RTS
This looks like the same OSWORD patch as for MOS 3.20.
1571,1572c1571,1572
< 00006220 - AE A5 A0 D4 B1 B0 48 DA 68 FA 10 DF A6 F0 86 C7 ......H.h.......
< 00006230 - A6 F1 86 C8 C8 10 07 A6 C7 A4 C8 4C F4 91 20 52 ...........L.. R
---
> 00006220 - AE A5 A0 D4 B1 B0 48 DA 68 FA 10 DF A4 EF EA EA ......H.h.......
> 00006230 - A6 F0 86 C7 A6 F1 86 C8 C8 10 03 4C F8 91 20 52 ...........L.. R
Original code:
A222: A0 D4 LDY #D4
A224: B1 B0 LDA (B0),Y
A226: 48 PHA
A227: DA PHX
A228: 68 PLA
A229: FA PLX
A22A: 10 DF BPL A20B
A22C: A6 F0 LDX F0
A22E: 86 C7 STX C7
A230: A6 F1 LDX F1
A232: 86 C8 STX C8
A234: C8 INY
A235: 10 07 BPL A23E
A237: A6 C7 LDX C7
A239: A4 C8 LDY C8
A23B: 4C F4 91 JMP 91F4
A23E: 20 52 8B JSR 8B52
A241: 20 88 83 JSR 8388
A244: C8 INY
A245: 30 08 BMI A24F
A247: A0 00 LDY #00
A249: AD 04 C1 LDA C104
A24C: 91 C7 STA (C7),Y
A24E: 60 RTS
patched code:
A222: A0 D4 LDY #D4
A224: B1 B0 LDA (B0),Y
A226: 48 PHA
A227: DA PHX
A228: 68 PLA
A229: FA PLX
A22A: 10 DF BPL A20B
A22C: A4 EF LDY EF
A22E: EA NOP
A22F: EA NOP
A230: A6 F0 LDX F0
A232: 86 C7 STX C7
A234: A6 F1 LDX F1
A236: 86 C8 STX C8
A238: C8 INY
A239: 10 03 BPL A23E
A23B: 4C F8 91 JMP 91F8
A23E: 20 52 8B JSR 8B52
A241: 20 88 83 JSR 8388
A244: C8 INY
A245: 30 08 BMI A24F
A247: A0 00 LDY #00
A249: AD 04 C1 LDA C104
A24C: 91 C7 STA (C7),Y
I'll have to come back to this one but could also be OSWORD-related.
1765,1766c1765,1766
< 00006E40 - A2 01 28 60 FF FF FF FF FF FF FF FF FF FF FF FF ..(`............
< 00006E50 - FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
---
> 00006E40 - A2 01 28 60 AD BC 0D C5 F4 D0 03 4C 10 A2 A9 08 ..(`.......L....
> 00006E50 - 60 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF `...............
This is the patched in subroutine for the first OSWORD patch.
1975c1975
< 00007B60 - A9 8F A2 0C A0 FF 20 F4 FF 8C DE C2 60 AC DE C2 ...... .....`...
---
> 00007B60 - A9 8F A2 0C A0 FF 20 F4 FF 8C E6 C2 60 AC E6 C2 ...... .....`...
Original code:
BB60: A9 8F LDA #8F
BB62: A2 0C LDX #0C
BB64: A0 FF LDY #FF
BB66: 20 F4 FF JSR FFF4
BB69: 8C DE C2 STY C2DE
BB6C: 60 RTS
BB6D: AC DE C2 LDY C2DE
BB70: A9 8F LDA #8F
BB72: A2 0B LDX #0B
BB74: 4C F4 FF JMP FFF4
BB77: A0 45 LDY #45
BB79: B9 10 BC LDA BC10,Y
patched code:
>d bb60
BB60: A9 8F LDA #8F
BB62: A2 0C LDX #0C
BB64: A0 FF LDY #FF
BB66: 20 F4 FF JSR FFF4
BB69: 8C E6 C2 STY C2E6
BB6C: 60 RTS
BB6D: AC E6 C2 LDY C2E6
BB70: A9 8F LDA #8F
BB72: A2 0B LDX #0B
BB74: 4C F4 FF JMP FFF4
BB77: A0 45 LDY #45
BB79: B9 10 BC LDA BC10,Y
So this calls OSBYTE &8F, issue pages ROM service request with service code &0C claim NMI workspace but stores the result in a different place. I don't know what the significance of this is, though possibly there was a bug where DFS was not calling service call &0B, release NMI, with the correct previous ROM number.
2041c2041
< 00007F80 - 7F 60 FF FF FF FF FF FF FF FF FF FF FF FF 01 00 .`..............
---
> 00007F80 - 7F 60 29 08 F0 04 A9 20 A0 10 60 FF FF FF 01 00 .`).... ..`.....
This is the second half of the WD1770 control register (possibly double-density) related patch.
7527c7527
< 0001D660 - 20 73 96 A9 19 20 76 96 A9 20 91 F0 A0 06 91 F0 s... v.. ......
---
> 0001D660 - 20 73 96 20 F5 FB EA EA A9 20 91 F0 A0 06 91 F0 s. ..... ......
This is in the terminal ROM. Original code:
9660: 20 73 96 JSR 9673
9663: A9 19 LDA #19
9665: 20 76 96 JSR 9676
9668: A9 20 LDA #20
966A: 91 F0 STA (F0),Y
966C: A0 06 LDY #06
966E: 91 F0 STA (F0),Y
9670: 88 DEY
9671: A2 07 LDX #07
9673: BD EE 02 LDA 02EE,X
9676: 48 PHA
9677: 20 7E 96 JSR 967E
patched version:
9660: 20 73 96 JSR 9673
9663: 20 F5 FB JSR FBF5
9666: EA NOP
9667: EA NOP
9668: A9 20 LDA #20
966A: 91 F0 STA (F0),Y
966C: A0 06 LDY #06
966E: 91 F0 STA (F0),Y
9670: 88 DEY
9671: A2 07 LDX #07
9673: BD EE 02 LDA 02EE,X
9676: 48 PHA
so this is the other half of the Y2K patch.
7667c7667
< 0001DF20 - 33 2E 35 30 0D 00 7A 60 A9 20 DA A6 B0 DA A6 B1 3.50..z`. ......
---
> 0001DF20 - 33 2E 35 32 0D 00 7A 60 A9 20 DA A6 B0 DA A6 B1 3.52..z`. ......
Version number change.
FYI, at least some of these changes come (not surpisingly) from JGH.
His BUILDMOS program does the patching:
http://mdfs.net/Info/Comp/BBC/SROMs/BuildMOS.bas
This creates version 3.21, so maybe he has a later version.
Dave
Thanks, David.
The patch to 3.20 in the OS ROM at EEAB comes from BuildMOS and does say it fixes OSBYTE &6B so as you described.
BuildMOS includes a Y2K patch but it's a different one that fixes the century at 20.
It also includes a *MOVE patch which I don't think is included here. It does not include the DFS patches.