Final Countdown - Amiga - Disassembling zob

 Last time we looked at the structure of the executables zob and space. Using a custom tool, we could see that zob is mostly a small (300 bytes) code block, while space has a small code block (612 bytes) and a larger data block (40kb) which is probably compressed code. 

If we disassemble zob, this is what we see. I started to analyze some of it but didn't get far. 

_lbC000000
    movem.l d0-d7/a0-a6, -(a7)  ;; save all registers at addr of A7
    lea     ($dff180).l, a6     ;; $dff180 is a memory register, COLOR00
    lea     (_lbL0000C6,pc), a0 ;; load PC+offset (given by label) into A0
    lea     ($120).l, a1
    move.l  (a0)+, d0
    move.l  (a0)+, d1
    move.l  (a0)+, d5
    movea.l a1, a2
    adda.l  d0, a0 
    adda.l  d1, a2
    move.l  -(a0), d0 
    eor     d0, d5 

_lbC000024
    lsr.l   #$1, d0 
    bne     _lbC00002A

    bsr     _lbC0000A0 

_lbC00002A 
    bcs     _lbC00005E 

    moveq   #$8, d1
    moveq   #$1, d3
    lsr.l   #$1, d0
    bne     _lbC000036

    bsr     _lbC0000A0

The second instruction loads the address of the COLOR00 register into A6. This register controls de background color.

In the third instruction the code references an address (or displacement) that the disassembler called _lbL0000C6, relative to the program counter. There are other labels that are referenced in this block of code and are not in the code itself, specifically the two calls to subroutine (bsr) at _lbC0000A0 and the jumps to _lbC00005E and _lbC000036. We have to analyze the block of code to see what addresses correspond to these labels.

Comments

Post a Comment

Popular posts from this blog

How many instructions per frame?

 To get an idea of the complexity of code executing during one frame of the game, we can calculate an estimate of how many instructions are executed for each frame.  The main CPU is the Motorola 68000 running at a 10MHz clock. 10MHz means each clock cycle takes 100 ns or 0.1μs. The game runs at 60Hz or 60 frames per second so each frame takes 16.6667ms. So in each frame there are 166,667 cycles.  The M68k is a CISC processor and its simplest instructions take 4 cycles, but there are instructions that take more. An upper bound to the number of instructions executed per frame is thus 166,667 / 4 = 41,666.75 or just about 42 thousand instructions per frame. The real number varies per frame depending on the mix of instructions that are executed on it, and it probably never reaches this value of 42k instructions per frame because you don't expect to execute only instructions of 4 cycles, but something in the order of tens of thousands of instructions per frame seems right. 
Read more

Reference on D88 disk image format

 To investigate what code gets executed when a disk is loaded in one of the Japanese computers, we can investigate the contents of the disk image. Disk images for many Japanese computers are often distributed in the D88 format. Luckily it is a simple format and there's a reference about it in English here: https://www.z88dk.org/tools/x1/XBrowser_User_Guide.pdf Look in Appendix II. It is a reference to a tool intended for Sharp X1 users, but the format is the same used in PC88 and other Japanese computer emulators and tools.  The information is organized by tracks and then by sectors, as in a real disk. File header The file begins with a header with the following fields: struct header { char[17] name; // image name, usually empty u8[9] reserved; // reserved, usually zero u8 write_protect; // non-zero value means write-protected disk u8 media_type; // 0: 2D, 0x10: 2DD, 0x20: 2HD, 0x30: 1D, 0x40: 1DD u32 disk_size; //
Read more