[net.micro.cbm] c64 kernel memory map, summary

miller@uiucdcs.UUCP (04/19/84)

#N:uiucdcs:36100074:000:471
uiucdcs!miller    Apr 18 16:31:00 1984

As usual when I break a subject up into several parts, I get mail from people
who, for one reason or another, didn't get all of the parts.  Also as is usual,
I've gotten tired of mailing out individual copies to people.  Hence, I am
posting the entire c64 kernel memory map as a response to this base note.
Those who didn't get everything can do it now.  If you did get it all, sorry
about this; please just skip over it as it is quite long.

A. Ray Miller
Univ Illinois

miller@uiucdcs.UUCP (04/19/84)

#R:uiucdcs:36100074:uiucdcs:36100075:000:6260
uiucdcs!miller    Apr 18 16:32:00 1984


/**** uiucdcs:net.micro.cbm / uiucdcs!miller / 12:40 am  Mar 19, 1984 ****/

     Ever wonder what was lurking down in the deep dark corners of the
kernel/kernal/OS?  Do you get tired of seeing "KERNAL ROM" as the only
description for 8K of code in the "Programmer's Reference Guide"?  Have you
tried to get a copy of the book that John Wright described (a commented
listing) but your local Commodore dealer doesn't carry it?
     Well, fear no more!  I will be typing in a series of articles which will
provide you with a memory map of the c64 kernel.  It is not complete, but it's
better than nothing.  I have compiled this map from two different publications,
plus additions by me from my disassembler as I (slowly) trace through the code.
I'll have to break this up into a series, much as I did for the floating point
routines, because things are a bit busy for me at the moment.
     One word of warning, however.  Commodore has made a few changes from time
to time so your machine will probably deviate from these addresses slightly.
But it should get you started.
     That out of the way, here is part one of the c64 kernel memory map:

E000-FFFF KERNEL ROM MEMORY MAP:

E043  series evaluation
E08D  RND constants
E097  perform RND
E264  perform COS
E26B  perform SIN
E2B7  perform TAN
E2E0  trig function constants
E30D  perform ATN
E33E  ATN constants
E394  initialize RAM vectors
E3A2  zero page CHRGET
E3BF  initialize Basic
E45F  messages
E4AD  empty (for future expansions)
E500  IOBASE
E505  SCREEN
E50A  PLOT
E518  CINT
E531  normalize screen
E544  clear screen
E566  home cursor
E56C  set screen pointers
E5A0  set default I/O devices, VIC chip
E5B4  remove char from keyboard queue
E632  input from screen
E684  quote mark test
E691  set up screen print
E6B6  advance cursor
E6F7  retreat cursor
E701  back into previous line
E716  output to screen
E87C  go to next line
E891  perform <return>
E8A1  check line decrement
E8B3  check line increment
E8CB  set color code

As Donald Knuth said, any typos "may be explained by the fact that it has been
prepared with the help of a computer".
More later...

A. Ray Miller
Univ Illinois
/* ---------- */
/**** uiucdcs:net.micro.cbm / uiucdcs!miller /  8:06 pm  Mar 25, 1984 ****/

Here is part two of the c64 kernel memory map series.  Like last time, sub-
routines in capital letters are described in the "Programmer's Reference
Guide".  (But the only sure way to know exactly what they do is to look at the
code.)  Do not call them at these addresses, however!  Due to slight variations
between different versions, they may float around a tad.  Instead, use the jump
table addresses provided in the PRG.  This map is intended only to aid you in
disassembling and understanding the code.

E8DA  color code table
E8E2  code conversion
E8E7  scroll screen
E965  open space on screen
E9C8  move screen line
E9E0  synch color transfer
E9F0  set start of line
E9FF  clear screen line
EA13  print to screen
EA1C  store on screen
EA24  synch color to character
EA31  UDTIM  (IRQ comes here)
EA87  SCNKEY
EB59  set text mode
EB79  keyboard vectors
EB91  keyboard maps
EC44  graphics/text control
EC4F  set graphics mode
ECB9  VIC chip initialization table
ED09  TALK
ED0C  LISTEN
ED11  send control character
ED36  send to serial bus
EDB0  timeout on serial bus
EDB9  SECOND
EDBE  clear ATN
EDC7  TKSA
EDDD  CIOUT
EDEF  UNTLK
EDFE  UNLSN
EE13  ACPTR
EE85  clock line on
EE8E  clock line off
EEB3  delay 1 ms

To be continued.

A. Ray Miller
Univ Illinois
/* ---------- */
/**** uiucdcs:net.micro.cbm / uiucdcs!miller /  1:18 am  Apr  2, 1984 ****/

This is the third in the c64 kernel memory map series.  Next week, I will
finish it off.

EEBB  RS232 send (NMI)
EF06  new RS232 byte send
EF2E  error or quit
EF4A  compute bit count
EF59  RS232 receive (NMI)
EF7E  setup to receive
EFC5  receive parity error
EFCA  receive overrun error
EFCD  receive break error
EFD0  receive frame error
EFE1  file to RS232
F017  send to RS232 buffer
F04D  input from RS232 buffer
F086  get from RS232 buffer
F0A4  check serial bus idle
F0BD  messages
F12B  print if direct
F13E  GETIN
F157  CHRIN
F199  get from tape/serial bus/RS232
F1CA  CHROUT
F1DD  output to tape
F20E  CHKIN
F250  CHKOUT
F291  CLOSE
F30F  find file
F31F  set file values
F32F  CLALL
F333  CLRCHN
F34A  OPEN
F3D5  send SA
F409  open RS232
F49E  LOAD
F5AF  "SEARCHING"
F5BB  print file name
F5D2  "LOADING/VERIFYING"
F5DD  SAVE
F68F  "SAVING"
F69B  UDTIM
F6DD  RDTIM
F6E4  SETTIM
F6ED  STOP
F6FB  file error messages
F72C  find any tape header
F76A  write tape header
F7D0  get buffer address
F7D7  set buffer start/end pointers
F7EA  find specific header
F80D  bump tape pointer
F817  "PRESS PLAY"
F82E  check cassette status
F838  "PRESS RECORD"
F841  initiate tape read
F864  initiate tape write
F875  common tape read/write
F8D0  check tape stop
F8E2  set timing
F92C  read bits (IRQ)

A. Ray Miller
Univ Illinois
/* ---------- */
/**** uiucdcs:net.micro.cbm / uiucdcs!miller /  8:04 pm  Apr 10, 1984 ****/

This is the 4th and final note in the c64 kernel memory map series.  I hope you
have enjoyed it.  I've now done two series (floating point and memory map) plus
lots of little notes.  I plan to do some more series on other topics, but
you'll have to wait until summer semester for most of it as I'm just getting
too busy at the moment.

FA60  store characters
FD8E  reset pointer
FB97  new tape character setup
FBA6  toggle tape
FBC8  data write
FBCD  tape write (IRQ)
FC57  tape leader write (IRQ)
FC93  restore vectors
FCB8  set vector
FCCA  kill tape motor
FCD1  check read/write pointer
FCDB  bump read/write pointer
FCE2  cold start (RESET) comes here
FD02  check for auto-start cartridge
FD15  RESTOR
FD1A  VECTOR
FD30  table of vectors for RESTOR
FD50  RAMTAS
FD9B  IRQ vectors
FDA3  IOINIT
FDF9  SETNAM
FE00  SETLFS
FE07  READST
FE18  SETMSG
FE21  SETTMO
FE25  MEMTOP
FE34  MEMBOT
FE43  warm start (NMI) starts here...
FE47  ...and winds up here on default
FE66  BRK default eventually gets here
FEBC  restore and exit
FEC2  RS232 timing table
FF48  IRQ and BRK start here
FF5B  empty
FF81  jump table for kernel routines
FFFA  NMI vector
FFFC  RESET vector
FFFE  IRQ and BRK vector

A. Ray Miller
Univ Illinois
/* ---------- */