OK, I couldn't resist a some weekend pre-work, think of it as a little warm-up that largely retreads previous efforts that were first reported here...
The retail version of World Championship Baseball (WCB) is a 12K game, placing it firmly in the middle age of late Mattel Intellivision titles. It is larger than the 4K and 6K of early games, but smaller than the 16K+ titles subsequently written by INTV Corp. A legit copy of the WCB ROM can be found on the "Intellivision Lives!" compilation of games released by Intellvision Productions in 2001. It is possible to rip this image from the CD-ROM (it is not copy protected) and introspect it using the JzIntv emulator, produced by Joe Zbiciak.
At this point I should give a hat-tip to Joe, both for producing the tools I'll be using for this investigation, and for suggesting that Rick's debugger is still to be found in the ROM. This is not a given, 1982 is a long time ago, and technical details can be inaccurately recorded on the Blue Sky Rangers website.
We're going to start gently, with a preliminary investigation of the WCB ROM. The memory map of WCB follows a Mattel standard with the first 8K of the game residing between addresses $5000 and $6fff, and the final 4K being mapped to addresses $d000-$dfff.
Using JzIntv we can look through the memory for signs of the debugger in WCB. Having booted JzIntv in debug mode with:
> jzintv -d wcb.binWe can then look at a small section of memory starting at $5000 using a command like:
m 5000Which should result in some gobbledegook like this:
5000: 002B* 0065 001C 0050 0036 0050 00AB 005D # ...e...P.6.P.... 5008: 0082 005D 000C 0053 007E 0000 0000 0004 # .......S........ 5010: 0003 0004 0003 000B 0180 0190 01A0 01B0 # ................ 5018: 01C0 01D0 01E0 01F0 0071 001A 0001 0080 # .........q...... 5020: 0011 0051 0001 0000 006C 0052 0030 0080 # ...Q.....l.R.0.. 5028: 0014 0059 0005 0000 00C9 0055 001E 0000 # ...Y.......U.... 5030: 0099 005F 0001 0080 0000 0000 0002 0275 # ...............u 5038: 02B8 0003 0240 01D3 0001 02B9 0028 0050 # ...............PWe can then step through memory by repeatedly issuing a "m" on its own:
> m 5040: 0004* 0118 0038 0001 02B9 0020 0050 0004 # .....8.......P.. 5048: 0118 0038 0001 02B9 002C 0050 0004 0118 # ...8.......P.... 5050: 0038 02BC 0200 02B8 00F0 0004 0114 0338 # .8.............8 5058: 02BC 023E 02BB 0007 0004 0118 007B 0050 # ...............P 5060: 004C 0041 0059 0045 0052 0053 003A 0000 # .L.A.Y.E.R.S.... 5068: 02BC 027A 02BB 0007 0004 0118 007B 0053 # ...z...........S 5070: 004B 0049 004C 004C 0020 004C 0045 0056 # .K.I.L.L...L.E.V 5078: 0045 004C 003A 0000 02B8 0001 02B9 0247 # .E.L...........GAs can be seen, where it makes sense, off to the right of the output JzIntv presents a text representation of ROM data. As a result, it reports text seen in the game, such as prompts like "PLAYERS" and "SKILL LEVEL". It's possible to view the full ROM in this way with just two commands.
m 5000 2000will show the first 8K, and then
m d000 1000will show the final 4K. Scrolling through the results we see the following section between addresses $da9f and $db86:
This may look like a list of random data that happens to be in the range of ASCII text, however, if it is reformatted, it becomes clear it is a list of CP-1610 assembler mnemonics:
.P.O.P.. .P.U.S.H .C.L.R.. .T.S.T.. .N.O.P.. .H.L.T.. .S.D.B.D .E.I.S.. .D.I.S.. .J.U.M.P .T.C.I.. .C.L.R.C .S.E.T.C .I.N.C.. .D.E.C.. .C.O.M.. .N.E.G.. .A.D.C.. .G.S.W.D .R.S.W.D .S.W.A.P .D.S.W.P .S.L.L.. .R.L.C.. .S.L.L.C .S.L.R.. .S.A.R.. .R.R.C.. .S.A.R.C .M.O.V.. .A.D.D.. .S.U.B.. .C.M.P.. .A.N.D.. .X.O.R.. .B.R.A.. .B.C.S.. .B.V.S.. .B.P.L.. .B.E.Q.. .B.L.T.. .B.L.E.. .B.U.S.C .R.E.T.N .B.C.C.. .B.V.C.. .B.M.I.. .B.N.E.. .B.G.E.. .B.G.T.. .B.E.S.C .S.I.N.. .J...... .J.E.... .J.D.... .J.S.R.. .J.S.R.E .J.S.R.DBecause the CP1610 CPU at the heart of the Intellivision is a 16-bit machine, JzIntv represents each 16-bit memory location as two characters. The 00 in the most significant byte (MSB) of each 16-bit word leads to lots of periods in the output (00 is a non-printable character and JzIntv prints all non-printable characters as periods). However, ignoring these periods, it can be seen that each mnemonic is padded to 4 characters in length with spaces ($0020).
There is no real reason for WCB to have a human readable list of CP-1610 assembler mnemonics in its object code, the fact that it does is strong evidence that at least some of Rick Koenig's debugger is still present in the ROM. A promising start.
Comments
Post a Comment