💾 Archived View for gemini.spam.works › mirrors › textfiles › apple › DOCUMENTATION › ls.6.boot.trac… captured on 2020-10-31 at 21:08:38.
-=-=-=-=-=-=-
Locksmith 6.0 Automatic Boot Tracer Soft-docs
---------------------------------------------
by
The Ghost
------------------------------------------------------------------------------
GHOST NOTE: This is exactly from the hard docs of Locksmith 6.0, and I have
done this section first for those of you that can't wait for the full docs
to get started with this feature. I'm not sure whether I will be doing the
complete soft docs or not.
------------------------------------------------------------------------------
Introduction to ABT
-------------------
[A] BOOT TRACER
The Automatic Boot Tracer is intended for use by the more experienced Apple
programmer. It is actually a sophisticated debugger which can simulate the
operation of the 6502 in the Apple. Because disk reading is simulated. it
is possible to actually "boot" a disk (whether protected or not) under
control of this debugger, and trace the boot code of the program.
Boot tracing, a normally manual and very tedious technique which is used
by the most sophisticated "hackers", can be performed automatically under
control of the Locksmith Automatic Boot Tracer.
To invoke the boot tracer, key 'A' from the main menu. You must have a RAM
card of at least 16K on your system for ABT to work. If you have an Apple //e
or Apple //c, the "built-in" 16K RAM will work.
Locksmith ABT will prompt you for the slot numbr of the RAM card. Key in a
digit from 0 to 7.
The ABT will be installed on the RAM card you choose, and the ABT will be
entered.
Note that in this manual, the ABT (automatic boot tracer) is also referred
to as the debugger and the simulator, since it actually simulates the
operation of the 6502, ad can be used as a powerful debugger.
The screen will clear and a line of inverse text will appear on the top line
of the display. The ABT is now operating.
If you press reset at any time, you will be placed in the Apple monitor and
can reboot another disk by entering the slot number followed by control-P.
Be careful not to reboot a disk which will automatically load over the ABT
on the RAM card you selected.
INFORMATION LINE
The top line of the screen which appears in inverse text is a one-line
status display which appears initially as follows:
FA62 CLD A=00 X=00 Y=00 P=34 S=FD
The first 4 characters are the program counter (FA62 in this example). The
6502 opcode at the program counter is also displayed (CLD in this example).
Next, the values of the A,X,and Y registers are displayed. The "P=" value is
the processor status register contents, and the "S=" value is the stack
pointer.
At this time, press the R key followed by a key from A through X. Notice that
the information line disappeared and moved to another line of the screen. You
can put the information line on any line of the screen that is convenient
for the software you will be debugging / tracing. If you don't want the
information line displayed, you can place it on row Y or Z (which are off
the screen).
IDLE MODE
The simualtor is in "idle" mode at this time. That is, the program to be
simulated is not currently running, but is stopped at the address displayed
by the program counter.
Press control-C at this time to enable the processing of 65C02 instructions.
This is necessary if you are running on an Apple //c or an enhanced Apple //e.
Press the S key to start execution under control of the simualtor. The ABT
is now running simulated 6502 code. The simulator is now in "running" mode.
Note the rapidly changing program counter. The "beep" you hear from the
speaker may sound a bit different than the Apple "beep" which you are used
to, but that is only because under control of the simulator it is slowed
down considerably and sounds lower.
To stop the program being executed, press [control-Z]. You are now again
in "idle" mode. Control-Z is the default character to stop execution of
the simulated program, but it can be set to a different "stop" key if you
need to be able to use control-Z with the software you are tracing. To
change the stop key, first stop the program being executed and return to
"idle" mode by pressing control-Z. Then press control-X followed by any other
key, and the other key will be used for the "stop" key.
To reset the "stop" key to control-Z, enter idle mode and press control-X,
control-Z.
Enter idle mode. Now press the space bar and watch the information line. The
space bar is used in idle mode to single step one instruction. A "+" or "-"
will appear after each conditional branch instruction, depending on whether
the branch will be taken ("+") or will be taken ("-").
While in idle mode, enter control-Y. You are placed in the system monitor,
and can enter any monitor commands such as "L" (to disassemble 6502 code).
To re-enter the simulator, press control-Y, RETURN. Before placing you in the
system monitor, the simulator saved low memory pages 00 to 07 on its RAM
card. After re-entering the simualtor, this memory was "refreshed", insuring
that no memory was inadvertently changed while in the system monitor.
To review the idle mode commands we have already learned:
Space-bar single steps one instruction. It can also be used to "single-cycle"
(see below).
"R" moves the information line to rows A through X.
"S" starts the simulated program running and enters "running" mode.
Control-Y enters the system monitor. To re-enter the simulator,
press control-Y again, followed by the Return key.
Control-X is used to change the program "stop" key, which stops the program
and enters idle mode.
Other idle mode commands:
"T" (trace subroutine) executes the simulator program until a JSR or RTS
instruction is fetched.
Control-R causes a "simulated" reset to occur. The program counter is fetched
from $FFFC.
Control-I causes a "simulated" IRQ interrupt.
Control-F turns off the "simulated" IRQ pending flag.
Control-N causes a "simulated" NMI interrupt.
Control-Q quits the simualtor and returns to the system monitor.
Control-RESET also exits the simualtor.
"1" is used to get single-cycle mode. In single-cycle mode, the space bar
cycles one 6502 processor cycle at a time, instead of an entire instruction
step.
"0" is used to set instruction-step mode. It is valid only when on an
instruction boundary (not on a cycle in the middle of an instruction).
"D" turns the "beep" flag on and off. The beep is sounded when idle mode is
entered.
"C" turns the "click" flag on and off. The click is sounded for every
keystroke when not in "running" mode.
Control-C turns the 65C02 flag on and off. The default value for this switch
is "off". If 65C02 instructions are to be simualted, this flag must be on.
The Apple //e (enhanced version) and Apple //c both contain 65C02 processors
in their resident ROM code. Note that the simulator itself does not use 65C02
instructions. You can therefore run 65C02 instructions on a normal 6502
processor.
"K" will take the next key pressed and place it in the keyboard character
register. When instruction stepping through code that reads the keyboard,
this key allows a convenient way to enter a keystroke to the program being
traced, without entering the keystroke in "running" mode.
"ESC" is used to enter the simulator control menu. The simualtor control
menu is used to display and change internal simulator control information.
SIMULATOR CONTROL WINDOW
Press the "ESC" key while in idle mode. The simulator control window is
displayed, and the cursor appears in the upper left of the window.
Use the RETURN key, and the left and right arrow keys to move the cursor
around the simulator control window. These keys only move the cursor and
do not change any information in the window. To change data anywhere in the
window, simply position the cursor over the value to change and re-enter the
desired value. To exit from the simulator control window and return to idle
mode, press the ESC key again. If you wish to cancel any changes made in the
simulator control window, you may press control-C instead.
Let's look at the control window in detail.
The top line looks very much like the information line in idle mode, except
that the program counter appears to be further to the right and no instruction
is disassembled on the line. The number on the left of the line is used for
single-byte reading, single-byte writing, and memory editing. Enter an address
value followed by 'R' to read, 'W' to write (also specify value to write), and
'E' to edit, using the memory edit window.
To change display modes for the simulator program (text, graphics, hi-res,
low-res, page 1, page 2, fullscreen, mixed), key in the address to toggle
($C050-$C057) and enter 'R'. When tracing a program in graphics mode, it
is useful to put the information line on rows U,V,W, or X, and toggle mixed
mode graphics. The simulator will display the information line on either
text page 1 or 2, whichever is selected by the program being simulated.
Enter an address, followed by 'E' to enter the memory edit window.
While in the memory edit window, the memory is displayed in both hex and
ASCII text. The cursor can be moved with the RETURN key and arrow keys.
To change data, simply key in a new value in the appropiate address. The
ESC key returns to the simulator control window, saving all changes to memory.
If the changes made in the memory edit window are not to be made, enter
control-C.
The second line of the simulator control window contains:
RU=65 0=I 1=I 2=I 3=S 4=I 5=I 7=I
"RU=65" This value (decimal 101), the "register update" value, represents
the number of instructions that are simulated before the registers and
program counter are updated on the screen, when in "running" mode. If this
number is set small (01 for example), the registers will be updated after
every instruction. This however causes the simulator to run less efficiently,
because of the overhead involved in updating the information line.
SLOT SPECIFICATIONS
The rest of the second line displays the slot numbers and how they are to be
used. Because the simulator resides on a RAM board (indicatd by 'S' in the
slot display, for "SYSTEM"), it must know about all other RAM boards and
firmware boards if it is to correctly simulate their operation. Initially,
the slots will be set to 'I' (invalid). Any reference by the simulated
program to these invalid slots will cause the simulated program to stop
and control is passed to idle mode. Valid slot specification values are:
'S' system (simulator) slot
'I' invalid
'D' floppy disk drive
'A' RAM card of 16K or 32K
'B' RAM card of 64K or more
'F' Firmware card or ROM card
'T' transparent
If the specification for a slot is "transparent", any commands for the device
in that slot will be given without any checking or conversion by the
simulator.
Transparent mode should be used for:
Any devices such as RAM and ROM cards that bank select memory into the
address range D000 to FFFF, which is used by the simulator.
Any devices such as disk drives which are timing dependent, as the
simulator runs much slower than the 6502 in native mode.
Any devices that may use DMA (direct memory access) to modify memory
from addresses $0000 to $07FF, as this memory is used by the simulator
with a copy of the user's memory actually residing on the simulator's
RAM board.
ADDRESS COMPARE STOP
The third line of the simulator control window starting with "PC" is the
"PC compare stop" line. Up to four program counter values for "compare
stops" can be specified. If the simulated program's PC equals one of these
values, the simulator immediately enters idle mode. In addition, one "PC
compare stop range" can be specified. To enter program counter stop values
or a range, change the number (initially "0") to the number of stop
addresses to be entered and then enter the addresses in the space provided.
To disable PC compare stop, set the number back to "0".
The "MR" line of the simulator control window is the "memory read address
compare stop" line. Like the "PC compare stop" line, up to four addresses
and one range can be specified. Whenever the simulated program attempts to
read one of these addresses, either by direct addressing, indirect addressing
or stack fetch, the simulator enters idle mode.
The "MW" line of the simulator control window is the "memory write address
compare stop" line. Idle mode is entered whenever the simulated program
attempts to write to one of the addresses specified here.
PROGRAM COUNTER SWAP
The "PCSW" area of the simualtor control window is the "program counter swap"
control area. Up to four address pairs can be specified here. If the simulated
program's PC equals the first value of a pair, the PC is immediately set to
the second value, and execution continues. This is very useful for eliminating
slow timing loops, which are unnecessary in the simulator. Initially 3 pairs
of PCSW values are given. They are:
FCA8 FCB3 - This nullifies the monitor wait routine.
BA00 BA10 - This nullifies the DOS 3.3 seek delay routine.
BD9E BDAB - This nullifies the DOS 3.3 motor-on wait routine.
PROGRAM COUNTER TRACE TABLE
The bottom eight lines of the simulator control window contain the PC trace
table. The last 64 values of the program counter are kept here, so that when
the simualted program is halted, a history of the last 64 instructions can
be examined.
PROGRAM HALTS
A program running under control of the simulator halts and the simulator
enters idle mode whenever one of the following conditions is met:
The "stop" key is pressed by the user.
An invalid 6502 or 65C02 opcode is encountered. "???" is displayed
in the information line where the opcode is normally displayed.
A JSR or RTS instruction is fetched while running with the "T" (trace)
command.
A read or write to the device select addresses of a slot marked as "I"
(invalid) in the slot table.
A compare stop occurs for PC, MR, or MW, while running.
An attempt is made to write to the floppy disk.
An attempt is made to reference certain I/O addresses. Among these are
$C060 and $C068 for either read or write.
Note that in the case of a compare stop for MR or MW or an invalid device
select reference, that idle mode is entered with te PC containing the
address of the instruction <after> the one that caused the compare stop.
Look at the last address in the trace table to find the correct address.
INTERNAL OPERATION NOTES
A few notes on the internal operation of the boot tracer / simulator /
debugger:
Floppy disk reading is simulated by reading in an entire track of nibbles and
passing them one at a time to the simulated program requesting them. Each time
the simulated program requests a nibble, the next nibble in the buffer is
returned. The simulated program never has to wait for a nibble by polling
the high-order bit of the disk register. Because of this, framing bit timing
is not reserved. In addition, the track is not synchronized to any other track
upon reading. Floppy disk writing is not supported.
When reading a floppy disk, the simulator maintains the nibbles of the most
current track on the simulator's system RAM card. This track image is valid
until either the slot or drive number is changed or reselected, or the
read/write head is stepped to a different track. Only if the current track
image is invalid will the real floppy disk be read again. Therefore, if
the user performs a "CATALOG" operation while under control of the simulator
and then changes the diskette and performs another "CATALOG" operation, the
catalog information from the first disk will still be displayd because the
catalog (located entirely on track $11) did not cause the head to change
tracks and invalidate the track buffer. To manually invalidate the track
buffer, change the slot specification to 'I' and back to 'D' while in the
simulator control window.
The simualtor has code for "sector assist" built-in. This means that when
the simualted program requests a nibble followed by testing for disk register
ready and compare for $D5, the simulator immediately finds the next $D5 in the
track buffer and returns it to the simulatd program, instead of requiring the
program to ignore each nibble until the value $D5 is found.
The paddle I/O addresses ($C064-$C067 and $C06C-$C06F) are correctly simualted
if the code that accesses the I/O addresses is similar to the monitor routine
at $FB1E (PREAD). If the reference is not similar to the monitor routine, idle
mode will be entered.
-END-