Joe Maroni 23 January 2006 19:48

help writing an whdload install for Brian the Lion Demo needed
i´ve tried to write a slave to support the demo version of Brian the Lion months ago...maybe Codetapper remember this, after i asked for some help.

but i didn´t really understand what the bootprog really do...

now i´ve restarted it and it seems that i´m still too stupid for it...:(

first i reassembled the bootblock, without the first 12 bytes (disktype, checksum, rootblock pointer)

this is what i´ve already understand:


EXT_0000 EQU $0
EXT_0003 EQU $16
EXT_0004 EQU $40
EXT_0005 EQU $44
EXT_0006 EQU $48
EXT_0007 EQU $4C
EXT_0008 EQU $58
EXT_0009 EQU $5A
EXT_000A EQU $5E
TRAP_01 EQU $80
TRAP_02 EQU $84
TRAP_03 EQU $88
EXT_0010 EQU $CC
EXT_0011 EQU $D0
EXT_0012 EQU $D4
EXT_0013 EQU $D8
EXT_0014 EQU $E0
EXT_0015 EQU $64F
EXT_0016 EQU $800
EXT_0017 EQU $1000
EXT_0018 EQU $7F00
EXT_0019 EQU $7A000
EXT_001A EQU $A0000
EXT_001F EQU $1570035


CLR.L (EXT_0004).W ------------
CLR.L (EXT_0005).W
CLR.L (EXT_0006).W clear
CLR.L (EXT_0007).W variables
CLR (EXT_000A).W
CLR.L (EXT_0014).W ------------
MOVEA.L (ABSEXECBASE).W,A6 move execbase to A6
LEA 322(A6),A6 load adress of pointer of MemList (offset $142 in ExecBaseStruct)
ExecBaseStruct starts at $676 (512 k Chip) or $C00276 (1 MB Chip)
lets do it with 1MB, and now A6 contains C00368
MOVEA.L (A6),A0 move the value that is stored at $C00368 to A0

MOVE.B 15(A0),D2 pointer to the first MemChunk struct...??
MOVE.L 20(A0),D0 points to memory start of the above MemChunk...??
MOVE.L 24(A0),D1 points to memory end of the above MemChunk...??
ANDI.L #$FFF80000,D0 AND the value $FFF80000 to the memory start adress to be sure you have $80000 bytes free
CMP.B #$03,D2 check if the MemChunk is ChipRam...??
BNE.S LAB_0000 if not branch to LAB_0000
MOVE.L #$00080000,D0 otherwise move $80000 to D0

MOVE.L D0,(EXT_0012).W move memory start pointer to $D4
MOVE.L #$00000800,(EXT_0013).W move $800 to absolute adress $D8
LEA LAB_0001(PC),A0 load adress of LAB_0001 to A0
MOVE.L A0,(TRAP_01).W send adress to TRAP #0 vector
TRAP #0 cause an exception and start again at $80

LEA LAB_0002(PC),A0 set LAB_0002 adress to A0
MOVE.L A0,(ILLEG_OPC).W now put this adress to $10
DC.W $4E7A --------------------------------------------------
DC.W $0002 this code seems to be illegal, no reassembler was
ANDI #$FFFE,D0 possible to reassemble this...!?
DC.W $4E7B continue with next label...
DC.W $0002 --------------------------------------------------
LEA (EXT_0016).W,A7 setup stack to $800
BSR LAB_0003 branch to label LAB_0003 and see what happens
MOVEA.L (EXT_0012).W,A1 move value $D4 to A1
ADDA.L #$0007DE00,A1 ADD $0007DE00 to A1 = $7DED4
MOVEQ #16,D0 move $16 to D0
MOVEQ #6,D1 move $6 to D1
MOVEQ #0,D2 move $0 to D2
TRAP #1 Trap -> go to LAB_0004
MOVEA.L (EXT_0012).W,A1
ADDA.L #$0007DE00,A1
JMP (A1)

LEA LAB_0027(PC),A0 load adress of variable LAB_0027 to A0
MOVE.L #$FFFF0000,14(A0) move $FFFF0000 to LAB_0027 + $14
LEA HARDBASE,A6 load custom chip base to A6
MOVE #$7FFF,D0 move $7FFF (%1111111111111111) to D0
MOVE D0,154(A6) ------------------------------------
MOVE D0,158(A6) disable Interrupts(INTENA),Disk(ADKCON),DMA(DMACON)
MOVE D0,150(A6) ------------------------------------
MOVE #$0000,384(A6) set background black
MOVE #$4489,126(A6) $4489 -> DSKSYNC
MOVE #$9500,158(A6) set %1001010100000000 to ADKCON
bit 15 - set bits
bit 14 - first precompensation specifier 00 = none
bit 13 - second precompensation specifier 00 = none
bit 12 - 1 = MFM precompensation
bit 11 - not used for disk
bit 10 - enables sync and start DMA
bit 9 - used for GCR...??
bit 8 - write speed setup -> 1 for MFM
bit 7 - 0 only used for audio

MOVE #$8210,150(A6) set %1000001000010000 to DMACON
bit 15 - set bits
bit 14 - read-only
bit 13 - read-only
bit 12 - unused
bit 11 - unused
bit 10 - 1 = blitter hasn´t full priority over CPU
bit 9 - enable all DMA (bits 8-0)
bit 5 - disable Sprite DMA...??

LEA LAB_0004(PC),A0 load adress of LAB_0004 to A0
MOVE.L A0,(TRAP_02).W load this adress to Trap vector $84
LEA CIAB_PRA,A0 put CIA B base adress to A0
MOVE.B #$03,4609(A0) Direction for Port A ???
MOVE.B #$FF,512(A0) Direction for Port A ???
MOVE.B #$FF,768(A0) Direction for Port B ???
RTS return from subroutine

BSR.S LAB_0007 branch to label LAB_0007
LEA LAB_0027(PC),A5
LEA EXT_0019,A0
MOVE.L A1,0(A5)
MOVE.B #$08,3840(A3)
SUBQ #1,D0
DIVU #$000B,D1
MOVE.L D1,6(A5)
DIVU #$000B,D0
MOVE.L D0,10(A5)
TST 14(A5)
BPL.S LAB_0006
CLR 14(A5)
BTST #4,(A3)
BEQ.S LAB_0006
BSR LAB_0024
BRA.S LAB_0005

BSR.S LAB_0008
ROR #7,D1
MOVE.L A1,0(A5)
BSR.S LAB_0008
MOVE 14(A5),D0
MOVE.B #$F9,(A4)
MOVE.B #$81,(A4)

LEA CIAA_PRA,A3 load CIA A base to A3
LEA -3841(A3),A4 $BFE001 - $F01 = $BFD100 -> A4
LEA HARDBASE,A6 load DFF000 to A6
RTS return to where we came from
please lets do everything step by step that everybody can understand what happens...:)

BippyM 23 January 2006 20:47

Moved to coders/tutorials as I feel this may turn into a tutorial on WHDInstalling :D

Galahad/FLT 23 January 2006 20:51

What is it with Tutorials. Ok, I'll do a DD2 tutorial in a Carrier Command Style!!!!! ;)

Joe Maroni 23 January 2006 20:53

yeah...that´s right...:great

@ all advanced assembler coders

please don´t laugh....it´s really hard for me to understand...especially the indirect adressing modes...

in my eyes i would understand the command as:
LEA 322(A6),A6 ; load effective adress at position $4 + $142 into A6

but Codetapper gave me the advice that this is a memory test...:crazy

assembler is so hard to understand....:(

Joe Maroni 23 January 2006 20:54


many many thanks...:bowdown

BippyM 23 January 2006 21:12


@ all advanced assembler coders

in my eyes i would understand the command as:
LEA 322(A6),A6 ; load effective adress at position $4 + $142 into A6

assembler is so hard to understand....:(

Yeah that is how I would interpret it (Assuming a6 is currently $4)

Joe Maroni 23 January 2006 22:30


and i think that´s the problem why assembler is not that easy for us...:(

maybe we should first lear nsome methods what is possible with assembler...

getting into SV mode can be done in more than one way AFAIK, but how does those methods look like...???

1. Permit() after "open" the exec.lib is the first
2. disable some interrupts is another method
3. do a TRAP #x (x <- Trap vector) is another one (causes an exception)

and all this stuff is very hard to understand....

BippyM 23 January 2006 23:17

Well from a book I have it gives the following code for getting into the supervisor mode


Execbase                =4                ;Execbase address
SuperState                =-150                ;Turn on function
        move.l Execbase,a6        ;Execbase address into a6
        jsr SuperState (a6)        ;Turn on supervisor mode
        move.l d0,savesp                ;Save return value

savesp:blk.l 1                        ;Space for SP Value

I don't know if this is correct (I assume it is) but it's from a book on Amiga asm.

Joe Maroni 24 January 2006 06:29

Execbase is always $4
LVO for Superstate is -150

first you move the execbase into A6 (library bases must ever be in A6 if you call any functions of them !)
then you jump to subroutine "Superstate"
this function returns the old user stack (supervisor has its own stack !) in D0
to save it for later use you put it with a move to variable "savesp"

that´s how i would understand it...:)

more details:

it is allowed to change from supervisor mode into user mode but not in the other direction...
the function "superstate" just causes an exception and then jumps to the routine that starts at $020 (vector $08)

BTW: first post edited..

Codetapper 24 January 2006 11:46

I would advise that you ditch IRA for now and use Resource for disassembly. It has the advantage that when you are looking down the list and you see execbase (4) in register a6, you can press "e" (for exec) and it will change the hex offset into human readable form. When it gets into lists, you can use the symbols features to tell Resource that it is a memlist and it will auto-comment the code.

Ditto with anything involving the DOS and graphics library functions - hit "d" and "g" respectively. "h" for any hardware references etc. It will help a great deal while learning this stuff!

BippyM 24 January 2006 17:31

x_to: I don't mind scanning in the article from this asm book I have.. I'll scan the few pages and OCR them :)

The book is also available on an LSD doc disk and I'll up the article to the zone if you require it :D

Joe Maroni 24 January 2006 17:40


not necessary...i already have tons of books here at home...:crazy

BTW: it would be nice if someone of the advanced coders can check the stuff in the first post...i hope i explained everything right...i´m not sure myself...:(

NOB 24 January 2006 18:12

1 Attachment(s)
Here is an bootblock that moves itself to the upper
memory, entering the supervisormode via privilege violation
and moving a mini(crap) prog to $300 and jumps in..


go: dc.b "DOS",0
dc.l 0
dc.l "HOL."
move: lea start(pc),a0
lea $7fc00.l,a1 ;move to $7fc00
move.l a1,a4
move.w #end-start,d0
trans: move.b (a0)+,(a1)+
dbf d0,trans
jmp (a4)
lea $dff000,a6 ;stop interrupts
move.w #$7fff,d0
move.w d0,$9a(a6)
move.w d0,$96(a6)
move.w d0,$9e(a6)
move.w d0,$9c(a6)
lea $bfd100,a5
move.b #%10000001,(a5);Drive select turn off drive motors
nop ;wait a bit
move.b #%11111001,(a5);select all
move.l $20.w,a5 ;privilege violation memory vektor adress-> rescue it
lea super(pc),a4 ;
move.l a4,$20.w ;move own address to $20 (privilege violation vektor)
super: move.w #$2700,sr
;call an violation(usermode)       
;(writing to the sr in usermode is a privilege violation)
;and enters the supervisor mode
;$20 points here ..continue here in supervisor mode
;and set the status register
move.l a5,$20.w ;write back old $20 Vector;(Vector number is 8)
lea $0000c0.l,a7 ;now SSP Supervisorstackpointer
lea $000200.l,a0 ;set userstackpointer
move.l a0,usp ;don´t know if this is nescessary....
move2: lea trap(pc),a0 ;move to $300
lea $00300.l,a1
move.l a1,a4
move.w #end-trap,d0
trans2: move.b (a0)+,(a1)+
dbf d0,trans2
jmp (a4) ;jmp to $300
move d0,$dff180 ;blinken
addq #1,d0
btst #6,$bfe001
beq.s ende
bra.s trap
ende: rts ;crash......

musashi5150 25 January 2006 10:06

Is there a doc for ReSource somewhere... I don't know half of the options ;)

Codetapper 25 January 2006 10:45

Resource v1 had a nice example disassembling a program, LoadWB or some AmigaDos command like that. I learned a great deal from that doc! I think it might also be on one of the LSD docs disks. I'd have to dig it out to see if I have it, maybe someone else will beat me to upload it?

gizmomelb 25 January 2006 12:23

seems an index for the LSD Docs Disks has been on here previously, according to this thread: http://eab.abime.net/showthread.php?t=13919

All of the LSD Docs Disks appear to be online here: http://borrowedtime.emuunlim.com/lsd/index.htm

so I downloaded disk 65, and luckily there's an index included on the disk - LSD Docs Disk #7 has the Resource docs, so I'm downloading it now to see if I can extract the powerpacked file and save it as a standard text file for easier reading on IBMs (no powerpacker compatible decruncher that I'm aware of).


EDIT: the file is in the Zone - both as an Amiga PowerPacked file and in plain text for Windows users.

musashi5150 25 January 2006 18:26

Looks like a great doc - thanks guys :)

