Log inRegister an accountBrowse CSDbHelp & documentationFacts & StatisticsThe forumsAvailable RSS-feeds on CSDbSupport CSDb Commodore 64 Scene Database
You are not logged in - nap
CSDb User Forums


Forums > C64 Coding > Disabling AR freeze button
2003-02-20 22:19
6R6

Registered: Feb 2002
Posts: 245
Disabling AR freeze button

Is it possible to disable the Action
Replay freeze function 100% ?

In that case, please enlighten me... :)

 
... 83 posts hidden. Click here to view all posts....
 
2008-02-04 09:25
AlexC

Registered: Jan 2008
Posts: 299
Quote: uhm but...both FC3 and AR5 can switch off themselves completely (and will be switched on again when you press freeze) so its pretty much impossible to detect them programatically.

Most of those methods will also fail against Trilogic Expert. It can also be switched to off and than re-enabled after PC register passes protection code. In some games you will also lack time in IRQ to recheck again.

Some older version - if memory serves me well - of AR were leaving certain values on stack during freeze.

In case of AR you can also enable it's memory and store your code there which will get overwritten due to freeze.


IMHO the best option is to use VIC, SID and timer registers to detect freeze has been triggered. Also synchronization issues can screw up code execution so that return after freeze will not be possible. Those methods are also very flexible as they work against different carts not just AR.

You can also play with disk drive memory in order to detect any writes (but today it's real use is rather limited unless you are afraid of piracy).
2008-02-04 13:55
sailor

Registered: Jan 2002
Posts: 90
Hello.

Started a topic about cart-detection for some time ago, there was some mention about freeze-detection too. If anyone is interrested, check this one: How to detect a cartridge..?

Regards:
Jani

2008-02-06 15:29
Necronomfive
Account closed

Registered: Dec 2004
Posts: 20
It's impossible to detect a AR/RR Cartridge once the freezer software has disabled it. The only way to prevent freezing is fire an NMI and not acknowledging it. On RR/MMC Replay, nothing will happen in this case when the Freeze button is pushed. On AR, I am pretty sure that the system will be fucked up once freeze is pressed, because the cartridge will map in Ultimax mode without the CPU jumping to the NMI vectors.
2008-02-06 17:05
Frantic

Registered: Mar 2003
Posts: 1648
@AlexC: Looking forward to that codebase article! ;)
2008-02-10 21:12
AlexC

Registered: Jan 2008
Posts: 299
Ok, here it is - please post your comments as it still needs a lot of work to be finished.

0. Versions used
Vice 1.22
C64C Pal
Action Replay MK VI

1. Detecting cartridges
Most cartridges (including RR if active) can be detected by writing to range DE00-DEFF and checking if value written there will be persistent. This allows to detect: Action Replay MK VI, Final Cartridge III and Retro Replay. This method will fail against Trilogic Expert.

start: lda $de10
ldx #$0a
ldy #$00

compare:
cmp $de10
bne nocart


delay: dey
bne delay

dex
bne compare

cartfound:
jsr print
rts

nocart: rts

1.1 FCIII
FCIII can also be detected by analyzing system vectors starting from $0302:

$0302 = $DE41
$0304 = $DF8D
$0306 = $DE49
$0308 = $DE73
$030a = $DE4F
$0330 = $DE21 (LOAD)
$0332 = $DE35 (SAVE)

Following code can be use to detect FCIII vectors:

lda #$de
cmp $0303
beq crtfound
rts
crtfound: jsr $fce2

The following code will restart system into clean basic – FCIII extensions will not be available until freeze, however cartridge led will be lit.

Another methods to detect FCIII can be based on it’s control register: $DFFF.

Bit 0: number of bank to show at $8000 ($3)
Bit 1: unused
Bit 2: unused
Bit 4-5: 00 turn all 16kb of ROM
01 start freezer
10 enable first 8kb of ROM
11 disable FCIII ROM
Bit 6: unused
Bit 7: 1 (always show 16kb of bank 0)

FCIII has following banks:
0 BASIC, Monitor
1 Notepad, BASIC (Bar)
2 Desktop, Freezer/Print
3 Freezer

To jump into freezer you can use following code:

lda #$9f
sta $dfff

The above code works however only in Vice – on real C64 (at least on my original copy of FCIII this enters freezer and hangs system). [this needs further research]

Using #$B3 value instead will give you interesting result on real C64 and will jam CPU if you are using Vice.

How to use FCIII control register for detection? Simple: you can read from it, however it will not return the value that has been written to it. Instead – in case of default system start – it will always return #$FF. This leads us to following code:

10 for i = 1 to 10: print peek(57343):next

Both on real C64 and Vice in case of FCIII you will get ten $FF results. This allows to detect cart even if kill command has been used. If you disconnect the cartridge you will get different results: at least two 0 values from above basic test (other values than 0 and FF are possible too!). Check it out yourself!

$DFFF read value can differ if any writes has been done to it besides normal system start (using BASIC option from System menu).[this needs further research]

Another detection method is based on the fact that 512 bytes of FCIII ROM can’t be turned off – this code is always there at $DE00-DFFF. At $DE01 you will find following code:

DE01 8D FF DF STA $DFFF
DE04 60 RTS

So to detect FCIII you can check if those bytes are there. If not – FCIII is not connected to the system.

1.2 Action Replay
Original Action Replay on real C64 will crash system if it’s control register at $DE00 is being read. Check the following code:

start: ldy #$0a
lda $de00
dey
bne start
rts

Actually one read is enough to crash system in case of all AR and it’s clones I have.

Ever tough INC $D020 can be dangerous for AR? I must be kidding right? Than check the following code on real C64:

$9000 nop
$9001 inc $d020
$9004 jmp $9000

Now try to freeze it few time. You will quickly find out that usually either the PC value is incorrect or after restarting you will hit BRK and enter monitor again.

As stated above AR has control resister at $DE00. Here is a list of possible values you can write to it:

$00 enable bank 0
$06 disable cart and I/O area for it
$08 enable bank 1
$0A disable cart
$10 enable bank 2
$18 enable bank 3
$20 enable RAM at $8000 - $9FFF write to C64 memory underneath is enabled
$23 enable RAM at $8000 - $9FFF write to C64 memory underneath is disabled

Writing $23 to $DE00 will result in jump to the freezer if PC is above $0FFF.

Here is the meaning of bits:

Bit 0: Game low (=1)
Bit 1: Exrom high (=1)
Bit 2: disable cart (=1) – turns off $de00 register
Bit 3: Rom bank selector low
Bit 4: Rom bank selector high
Bit 5: enable ram at $8000 and I/O
Bit 6: resets freeze mode
Bit 7: unused

1.3 Retro Replay
Detection – unless ZAP command has been used – is quite easy: use the code from section 1.

You can use following routine to jump into main menu (works with AR too):

sei
lda #$00
sta $de00
jmp $fce2

You can disable it (works with AR too) by following code:

sei
lda #$14
sta $de00
jsr $e453
cli
rts

Please note that this will not affect freeze button.

RR has in fact 2 control registers (from official RR manual): $DE00 and $DE01. There is theoretically possibility of disabling freeze button due to bit 2 of DE01. Bit 2 has NoFreeze name and can disable freeze button if set to 1 but can be written only once. RR 3.8 set it to 0 (enables freeze) at $817F.

Consult RR manual for further Information: http://rr.c64.org/rr_manual.html#appb

1.3.2 Freeze vs breakpoint
If you ever wondered about differences between freezepoints and breakpoint here it is: breakpoint will work only if vector at $FFFE and $0316 has not been changed (it uses BRK). Freezepoint is using however JSR $DFD3. [this needs further explenation]


2008-02-10 22:48
AlexC

Registered: Jan 2008
Posts: 299
Quote: ar also freezes with irq+nmi disabled, it only fails if you enable the ultimax mode. then, however, your code must run from $0000-$0fff. quite a pain in the ass to code ;)

According to my experiments this is not entarly true. Take a look at following example (KickAssembler):

.pc = $1000

start:	sei
	lda #$35
	sta $01

	jsr disirq
	jsr disnmi
	
	

loop:	jmp *

disirq:	lda #$7f
	sta $dc0d
	sta $dd0d
	
	lda $dc0d
	lda $dc0d

	//disable screen
	sta $d011
	ora %00010000
	sta $d011

	//read VIC IIR
	lda $d019
	
	//no irq's from vic
	lda #$00
	sta $d01a	

	//setup own handler
	ldx #<irq
	ldy #>irq
	stx $fffe
	sty $ffff	
	
	rts

disnmi:	lda #$00
	sta $dd0e
	sta $dd04
	sta $dd05
	lda #$81
	sta $dd0d
	lda #$01
	sta $dd0e

	//setup own handler
	ldx #<nmi
	ldy #>nmi
	stx $fffa
	sty $fffb

	rts


irq:	rti
nmi:	rti


Run it with sys 4096 and try to use freeze RR or AR button. The interesting part is that Expert has no problems with it - actually this code will enter Expert monitor during execution. If you have Expert you can test ESM led by setting cart into OFF position and running this code.
2008-02-11 08:48
chatGPZ

Registered: Dec 2001
Posts: 11386
Quote:

Ever tough INC $D020 can be dangerous for AR? I must be kidding right? Than check the following code on real C64:

$9000 nop
$9001 inc $d020
$9004 jmp $9000

Now try to freeze it few time. You will quickly find out that usually either the PC value is incorrect or after restarting you will hit BRK and enter monitor again.


did you actually check this on a real c64? never forget, the freezer stuff in vice is BROKEN. atleast with emulated AR or RR, repeatedly freezing and restarting _anything_ will fail (and it works just fine on the real thing).
2008-02-11 11:03
AlexC

Registered: Jan 2008
Posts: 299
Quote: Quote:

Ever tough INC $D020 can be dangerous for AR? I must be kidding right? Than check the following code on real C64:

$9000 nop
$9001 inc $d020
$9004 jmp $9000

Now try to freeze it few time. You will quickly find out that usually either the PC value is incorrect or after restarting you will hit BRK and enter monitor again.


did you actually check this on a real c64? never forget, the freezer stuff in vice is BROKEN. atleast with emulated AR or RR, repeatedly freezing and restarting _anything_ will fail (and it works just fine on the real thing).


According to my tests it works only on real C64. Could not reproduce the same effect on Vice even after switching to different AR ROMS.

Also please note the first line of quote - "on real c64" ;)

Speaking about broken freezer it also applies to Expert (at least NMI's are not emulated properly on hardware level).
2008-02-11 11:26
chatGPZ

Registered: Dec 2001
Posts: 11386
Quote:

at least NMI's are not emulated properly on hardware level


yeah, NMI seems to be generally broken... i played around with some other stuff a while ago which used restore as a "panik" button, and on vice it would trigger the nmi only once (but on real c64 it worked like it should).
2008-02-11 18:40
Martin Piper

Registered: Nov 2007
Posts: 722
Yes in VICE the NMI can only trigger once, which is a bug :) It also seems to always trigger from the restore key near the top of the screen raster. Unless it is triggered by a timer of course.
Previous - 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 - Next
RefreshSubscribe to this thread:

You need to be logged in to post in the forum.

Search the forum:
Search   for   in  
All times are CET.
Search CSDb
Advanced
Users Online
RS-232
Martin Piper
Chesser/Blazon
Airwolf/F4CG
jicas/Patagonia
DivertigO
Chesoner/House Designs
Guests online: 112
Top Demos
1 Next Level  (9.7)
2 13:37  (9.7)
3 Mojo  (9.7)
4 Coma Light 13  (9.6)
5 Edge of Disgrace  (9.6)
6 What Is The Matrix 2  (9.6)
7 The Demo Coder  (9.6)
8 Uncensored  (9.6)
9 Comaland 100%  (9.6)
10 Wonderland XIV  (9.6)
Top onefile Demos
1 Layers  (9.6)
2 No Listen  (9.6)
3 Cubic Dream  (9.6)
4 Party Elk 2  (9.6)
5 Copper Booze  (9.6)
6 Dawnfall V1.1  (9.5)
7 Rainbow Connection  (9.5)
8 Onscreen 5k  (9.5)
9 Morph  (9.5)
10 Libertongo  (9.5)
Top Groups
1 Performers  (9.3)
2 Booze Design  (9.3)
3 Oxyron  (9.3)
4 Triad  (9.3)
5 Censor Design  (9.3)
Top Coders
1 Axis  (9.8)
2 Graham  (9.8)
3 Lft  (9.8)
4 Crossbow  (9.8)
5 HCL  (9.8)

Home - Disclaimer
Copyright © No Name 2001-2024
Page generated in: 0.084 sec.