********************************************************************************
* Caverns of Freitag, by David Shapiro *
* Copyright 1982 *
* *
* Disassembly of "OILER". *
********************************************************************************
* This appears to be some sort of DOS accelerator that gets inserted into the *
* OS. It's not part of the copy protection, and once the game starts DOS is *
* overwritten. *
********************************************************************************
* Disassembly by Andy McFadden, using 6502bench SourceGen v1.5. *
* Last updated 2020/01/21 *
********************************************************************************
DOS_FILE_LENGTH .eq $aa60 {addr/2} ;range length for LOAD and BLOAD
DOS_FILE_ADDRESS .eq $aa72 {addr/2} ;address of last file loaded
RWTS_ENTRY .eq $b7b5 ;disable interrupts and call RWTS
RWTS_PARAM_BLOCK .eq $b7e8 ;RWTS parameter block
RWTS_VOL_EXP .eq $b7eb ;volume number expected (0 matches all)
RWTS_TRACK_NUM .eq $b7ec ;track number (0 - 34)
RWTS_SECTOR_NUM .eq $b7ed ;sector number (0-15)
RWTS_BUF .eq $b7f0 {addr/2} ;pointer to data buffer for READ/WRITE
.org $02de
02de: ad 84 a8 INIT lda $a884 ;check DOS command table
02e1: c9 49 cmp #āIā ;look for 'I' in "INIT"
02e3: d0 05 bne L02EA
02e5: a9 20 lda #ā ā ;replace with space to disable cmd
02e7: 8d 84 a8 sta $a884
02ea: a9 00 L02EA lda #<MAIN ;replace JMP $A471 with JMP $B700
02ec: 8d 8c a3 sta $a38c ; at end of BLOAD command handler
02ef: a9 b7 lda #>MAIN
02f1: 8d 8d a3 sta $a38d
02f4: a0 b3 ldy #$b3 ;copy stuff into $B700-B7B2
02f6: b9 ff 02 L02F6 lda L02FF,y ; $B700-B749 is the DOS 2nd stage boot loader
02f9: 99 ff b6 sta MAIN-1,y ; $B74A-B78C writes DOS to tracks 0-2 during INIT
02fc: 88 dey ; $B78D-B792 unused
02fd: d0 f7 bne L02F6 ; $B793-B7B4 read/write a group of pages
02ff: 60 L02FF rts
.org $b700
b700: ad 61 aa MAIN lda DOS_FILE_LENGTH+1 ;check high byte of length
b703: f0 04 beq :Punt ;short file? branch
b705: c9 79 cmp #$79 ;multiple T/S sectors?
b707: 90 03 bcc LB70C ;size is good, handle it in-house
b709: 4c 71 a4 :Punt jmp $a471 ;punt to original routine
]tsListBuffer .var $00 {addr/2} ;from $B5C9
]datSectBuf .var $02 {addr/2} ;from $B5CB
]outBuf .var $04 {addr/2}
b70c: a2 05 LB70C ldx #$05 ;copy $B5C9-B5CE to $00-05
b70e: b5 00 :Loop lda ]tsListBuffer,x ; B5C9: address of T/S list sector buffer
b710: 48 pha ; B5CB: address of data sector buffer
b711: bd c9 b5 lda $b5c9,x ; B5CD: address of next buffer on chain (not used)
b714: 95 00 sta ]tsListBuffer,x ;previous contents are pushed on stack
b716: ca dex
b717: 10 f5 bpl :Loop
; get to work
b719: ad 72 aa lda DOS_FILE_ADDRESS
b71c: 18 clc
b71d: 69 fc adc #$fc
b71f: 85 04 sta ]outBuf
b721: 8d f0 b7 sta RWTS_BUF
b724: a9 00 lda #$00
b726: 8d eb b7 sta RWTS_VOL_EXP
b729: 6d 73 aa adc DOS_FILE_ADDRESS+1
b72c: 85 05 sta ]outBuf+1
b72e: c6 05 dec ]outBuf+1
b730: 8d f1 b7 sta RWTS_BUF+1
b733: a0 ff ldy #$ff
b735: b1 02 :Loop lda (]datSectBuf),y
b737: 91 04 sta (]outBuf),y
b739: 88 dey
b73a: c0 03 cpy #$03
b73c: d0 f7 bne :Loop
b73e: ad 60 aa lda DOS_FILE_LENGTH
b741: c9 fd cmp #$fd
b743: ad 61 aa lda DOS_FILE_LENGTH+1
b746: 69 00 adc #$00
b748: 85 04 sta ]outBuf
b74a: a9 0e lda #$0e
b74c: 85 05 sta ]outBuf+1
b74e: a4 05 :ReadLoop ldy ]outBuf+1
b750: b1 00 lda (]tsListBuffer),y
b752: 8d ec b7 sta RWTS_TRACK_NUM
b755: c8 iny
b756: b1 00 lda (]tsListBuffer),y
b758: 8d ed b7 sta RWTS_SECTOR_NUM
b75b: c8 iny
b75c: 84 05 sty ]outBuf+1
b75e: c6 04 dec ]outBuf
b760: f0 0e beq LB770
b762: a0 e8 ldy #<RWTS_PARAM_BLOCK
b764: a9 b7 lda #>RWTS_PARAM_BLOCK
b766: 20 b5 b7 jsr RWTS_ENTRY
b769: ee f1 b7 inc RWTS_BUF+1
b76c: 90 e0 bcc :ReadLoop
b76e: b0 2c bcs RestoreAndExit ;failed
b770: ad f0 b7 LB770 lda RWTS_BUF
b773: 85 04 sta ]outBuf
b775: ad f1 b7 lda RWTS_BUF+1
b778: 85 05 sta ]outBuf+1
b77a: a5 02 lda ]datSectBuf
b77c: 8d f0 b7 sta RWTS_BUF
b77f: a5 03 lda ]datSectBuf+1
b781: 8d f1 b7 sta RWTS_BUF+1
b784: a0 e8 ldy #$e8
b786: a9 b7 lda #$b7
b788: 20 b5 b7 jsr RWTS_ENTRY
b78b: b0 0f bcs RestoreAndExit
b78d: ad 60 aa lda DOS_FILE_LENGTH
b790: 69 04 adc #$04
b792: a8 tay
b793: 18 clc
b794: 88 LB794 dey
b795: b1 02 lda (]datSectBuf),y
b797: 91 04 sta (]outBuf),y
b799: 98 tya
b79a: d0 f8 bne LB794
; restore $00-05
b79c: a0 05 RestoreAndExit ldy #$05
b79e: a2 00 ldx #$00
b7a0: 86 48 stx $48
b7a2: 68 :Loop pla
b7a3: 95 00 sta ]tsListBuffer,x
b7a5: e8 inx
b7a6: 88 dey
b7a7: 10 f9 bpl :Loop
b7a9: b0 03 bcs ReportError
b7ab: 4c ea a2 jmp $a2ea ;CLOSE command handler
b7ae: a9 08 ReportError lda #$08
b7b0: 4c d2 a6 jmp $a6d2 ;error handler
No exported symbols found.