FERZAN@TREARN.BITNET (05/16/91)
Can anyone explain the memory overlay bit
in the CIAA chip ?
I didn't find any info in Amiga Hardware Manual and
Mapping The Amiga book ..
But I think this bit sets the ROM start address to 0
Really ?
-orhan-phil@adam.adelaide.edu.au (Phil Kernick) (05/16/91)
FERZAN@TREARN.BITNET writes: > Can anyone explain the memory overlay bit > in the CIAA chip ? > I didn't find any info in Amiga Hardware Manual and > Mapping The Amiga book .. > But I think this bit sets the ROM start address to 0 > Really ? It probably does. This is just sheer speculation, but I suspect that it is set when the machine is reset, and points the ROM at 0 so the processor will be able to pick up the initial PC from address 0 and SSP from address 4. It almost certainly resets after this and the ROM initialises all of the standard 68000 vectors and then starts the OS. Hope this helps, Phil. -- o| /// Phil Kernick EMail: phil@adam.adelaide.edu.au |o | /// Departmental Engineer Phone: +61 8 228 5914 | o| \\\/// Dept. of Psychology Fax: +61 8 224 0464 |o | \/// University of Adelaide Mail: GPO Box 498 Adelaide SA 5001 |
markv@kuhub.cc.ukans.edu (05/16/91)
In article <phil.674378842@adam.adelaide.edu.au>, phil@adam.adelaide.edu.au (Phil Kernick) writes: > FERZAN@TREARN.BITNET writes: > >> Can anyone explain the memory overlay bit >> in the CIAA chip ? >> But I think this bit sets the ROM start address to 0 >> Really ? > It probably does. This is just sheer speculation, but I suspect that it > is set when the machine is reset, and points the ROM at 0 so the > processor will be able to pick up the initial PC from address 0 and SSP > from address 4. > It almost certainly resets after this and the ROM initialises all of the > standard 68000 vectors and then starts the OS. Yes, the overlay bit maps the ROMs to 0. That's ALL it does. Now, you likely will crash long and hard after that, but you dont have to. The ROMs at 0 dont have a full exception table, since that is one of the first things that gets done, so any interrupts or exceptions will die hard (the OS turns off interrupts when it resets). But if you deal with the exception problem, and make sure your code isn't running out of the first 512 of RAM, then you can twiddle it to your hearts content. Of course there is no need to since the ROM is accessable normally. However, this trick can be used to look at the boot ROMs in a 3000 or 1000 (the 1000 requires other magic too, because of the WCS), since its the *real* ROM that gets mapped in, not the ROM image. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mark Gooderum Only... \ Good Cheer !!! Academic Computing Services /// \___________________________ University of Kansas /// /| __ _ Bix: mgooderum \\\ /// /__| |\/| | | _ /_\ makes it Bitnet: MARKV@UKANVAX \/\/ / | | | | |__| / \ possible... Internet: markv@kuhub.cc.ukans.edu ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
f90angu@fy.chalmers.se (Andreas Gunnarsson) (05/17/91)
In article <1991May16.103515.30814@kuhub.cc.ukans.edu> markv@kuhub.cc.ukans.edu writes: [...] > >Yes, the overlay bit maps the ROMs to 0. That's ALL it does. [...] >However, this trick can be used to look at the boot ROMs in >a 3000 or 1000 (the 1000 requires other magic too, because of the WCS), >since its the *real* ROM that gets mapped in, not the ROM image. > The overlay bit maps the ROM at $f80000 to 0. In the 500 (and I'm sure the other 256k ROM Amigas, though I haven't checked) $f80000-$fbffff comtains a copy of $fc0000-$ffffff. However, in the A1000 the boot ROM is located at $f80000. To look at the boot ROM in a 1000 you simply have to jump to the RESET instruction at the beginning of WCS ($fc0000). This will reset the computer, and after that the ROM will be visible at $f80000 and the WCS is RAM! Now just use your favorite monitor/debugger to (look at the boot ROM)/(change the WCS). Of course, if you change anything you may crash the computer because it's still running the kickstart from $fc0000. When you write something to the address range $f80000-$fbffff, the boot ROM will disappear and the WCS will become write protected. The boot ROM normally does this, but since you've told the computer to bypass it and jump directly to WCS, that instruction will not be executed. DISC LAMER: This works on _MY_ A1000. Don't yell at me if it doesn't work on your! ============================================================================== 73 es 88 de SM7TLS f90angu@fy.chalmers.se Andreas Gunnarsson ============================================================================== -- ============================================================================== 73 es 88 de SM7TLS f90angu@fy.chalmers.se Andreas Gunnarsson ==============================================================================