ViewVC Help
View File | Revision Log | Show Annotations | Revision Graph | Root Listing
root/cebix/BasiliskII/src/rom_patches.cpp
Revision: 1.17
Committed: 2000-09-22T17:17:21Z (24 years, 1 month ago) by gbeauche
Branch: MAIN
Changes since 1.16: +31 -10 lines
Log Message:
- changed type of ScratchMem from uint32 to uint8 *
- use of Host2MacAddr to glue the ScratchMem area
- added an experimental patch to fix a bug with Speedometer in real addressing mode
- added an experimental patch to fix a bug with the AppleShare extension in real addressing mode

File Contents

# User Rev Content
1 cebix 1.1 /*
2     * rom_patches.cpp - ROM patches
3     *
4 cebix 1.13 * Basilisk II (C) 1997-2000 Christian Bauer
5 cebix 1.1 *
6     * This program is free software; you can redistribute it and/or modify
7     * it under the terms of the GNU General Public License as published by
8     * the Free Software Foundation; either version 2 of the License, or
9     * (at your option) any later version.
10     *
11     * This program is distributed in the hope that it will be useful,
12     * but WITHOUT ANY WARRANTY; without even the implied warranty of
13     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14     * GNU General Public License for more details.
15     *
16     * You should have received a copy of the GNU General Public License
17     * along with this program; if not, write to the Free Software
18     * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19     */
20    
21     #include <string.h>
22    
23     #include "sysdeps.h"
24     #include "cpu_emulation.h"
25     #include "main.h"
26     #include "emul_op.h"
27     #include "macos_util.h"
28     #include "slot_rom.h"
29     #include "sony.h"
30     #include "disk.h"
31     #include "cdrom.h"
32     #include "video.h"
33 cebix 1.5 #include "extfs.h"
34 cebix 1.1 #include "prefs.h"
35     #include "rom_patches.h"
36    
37 cebix 1.9 #define DEBUG 0
38 cebix 1.1 #include "debug.h"
39    
40    
41     // Global variables
42 cebix 1.11 uint32 UniversalInfo; // ROM offset of UniversalInfo
43     uint32 PutScrapPatch; // Mac address of PutScrap() patch
44     uint32 ROMBreakpoint = 0; // ROM offset of breakpoint (0 = disabled, 0x2310 = CritError)
45     bool PrintROMInfo = false; // Flag: print ROM information in PatchROM()
46 cebix 1.1
47 jlachmann 1.16 static uint32 sony_offset; // ROM offset of .Sony driver
48     static uint32 serd_offset; // ROM offset of SERD resource (serial drivers)
49     static uint32 microseconds_offset; // ROM offset of Microseconds() replacement routine
50     static uint32 debugutil_offset; // ROM offset of DebugUtil() replacement routine
51 cebix 1.1
52     // Prototypes
53     uint16 ROMVersion;
54    
55    
56     /*
57 gbeauche 1.17 * Convenience functions for retrieving a particular 16-bit word from
58     * a 32-bit word value.
59     *
60     * gb-- probably put those elsewhere...
61     */
62    
63     #define HiWord(X) (((X) >> 16) & 0xffff)
64     #define LoWord(X) ((X) & 0xffff)
65    
66    
67     /*
68 cebix 1.1 * Search ROM for byte string, return ROM offset (or 0)
69     */
70    
71     static uint32 find_rom_data(uint32 start, uint32 end, const uint8 *data, uint32 data_len)
72     {
73     uint32 ofs = start;
74     while (ofs < end) {
75     if (!memcmp((void *)(ROMBaseHost + ofs), data, data_len))
76     return ofs;
77     ofs++;
78     }
79     return 0;
80     }
81    
82    
83     /*
84     * Search ROM resource by type/ID, return ROM offset of resource data
85     */
86    
87     static uint32 rsrc_ptr = 0;
88    
89     static uint32 find_rom_resource(uint32 s_type, int16 s_id, bool cont = false)
90     {
91     uint32 lp = ROMBaseMac + ReadMacInt32(ROMBaseMac + 0x1a);
92     uint32 x = ReadMacInt32(lp);
93    
94     if (!cont)
95     rsrc_ptr = x;
96 cebix 1.12 else
97     rsrc_ptr = ReadMacInt32(ROMBaseMac + rsrc_ptr + 8);
98 cebix 1.1
99     for (;;) {
100     lp = ROMBaseMac + rsrc_ptr;
101     uint32 data = ReadMacInt32(lp + 12);
102     uint32 type = ReadMacInt32(lp + 16);
103     int16 id = ReadMacInt16(lp + 20);
104    
105     if (type == s_type && id == s_id)
106     return data;
107    
108     rsrc_ptr = ReadMacInt32(lp + 8);
109     if (!rsrc_ptr)
110     break;
111     }
112     return 0;
113     }
114    
115    
116     /*
117     * Search offset of A-Trap routine in ROM
118     */
119    
120     static uint32 find_rom_trap(uint16 trap)
121     {
122     uint8 *bp = (uint8 *)(ROMBaseHost + ReadMacInt32(ROMBaseMac + 0x22));
123     uint16 rom_trap = 0xa800;
124     uint32 ofs = 0;
125    
126     again:
127     for (int i=0; i<0x400; i++) {
128     bool unimplemented = false;
129     uint8 b = *bp++;
130     if (b == 0x80) // Unimplemented trap
131     unimplemented = true;
132     else if (b == 0xff) { // Absolute address
133     ofs = (bp[0] << 24) | (bp[1] << 16) | (bp[2] << 8) | bp[3];
134     bp += 4;
135     } else if (b & 0x80) { // 1 byte offset
136     int16 add = (b & 0x7f) << 1;
137     if (!add)
138     return 0;
139     ofs += add;
140     } else { // 2 byte offset
141     int16 add = ((b << 8) | *bp++) << 1;
142     if (!add)
143     return 0;
144     ofs += add;
145     }
146     if (rom_trap == trap)
147     return unimplemented ? 0 : ofs;
148     rom_trap++;
149     }
150     rom_trap = 0xa000;
151     goto again;
152     }
153    
154    
155     /*
156 cebix 1.11 * Print ROM information to stream,
157     */
158    
159     static void list_rom_resources(void)
160     {
161     printf("ROM Resources:\n");
162     printf("Offset\t Type\tID\tSize\tName\n");
163     printf("------------------------------------------------\n");
164    
165     uint32 lp = ROMBaseMac + ReadMacInt32(ROMBaseMac + 0x1a);
166     uint32 rsrc_ptr = ReadMacInt32(lp);
167    
168     for (;;) {
169     lp = ROMBaseMac + rsrc_ptr;
170     uint32 data = ReadMacInt32(lp + 12);
171    
172     char name[32];
173     int name_len = ReadMacInt8(lp + 23), i;
174     for (i=0; i<name_len; i++)
175     name[i] = ReadMacInt8(lp + 24 + i);
176     name[i] = 0;
177    
178     printf("%08x %c%c%c%c\t%d\t%d\t%s\n", data, ReadMacInt8(lp + 16), ReadMacInt8(lp + 17), ReadMacInt8(lp + 18), ReadMacInt8(lp + 19), ReadMacInt16(lp + 20), ReadMacInt32(ROMBaseMac + data - 8), name);
179    
180     rsrc_ptr = ReadMacInt32(lp + 8);
181     if (!rsrc_ptr)
182     break;
183     }
184     printf("\n");
185     }
186    
187     // Mapping of Model IDs to Model names
188     struct mac_desc {
189     char *name;
190     int32 id;
191     };
192    
193     static mac_desc MacDesc[] = {
194     {"Classic" , 1},
195     {"Mac XL" , 2},
196     {"Mac 512KE" , 3},
197     {"Mac Plus" , 4},
198     {"Mac SE" , 5},
199     {"Mac II" , 6},
200     {"Mac IIx" , 7},
201     {"Mac IIcx" , 8},
202     {"Mac SE/030" , 9},
203     {"Mac Portable" , 10},
204     {"Mac IIci" , 11},
205     {"Mac IIfx" , 13},
206     {"Mac Classic" , 17},
207     {"Mac IIsi" , 18},
208     {"Mac LC" , 19},
209     {"Quadra 900" , 20},
210     {"PowerBook 170" , 21},
211     {"Quadra 700" , 22},
212     {"Classic II" , 23},
213     {"PowerBook 100" , 24},
214     {"PowerBook 140" , 25},
215     {"Quadra 950" , 26},
216     {"Mac LCIII/Performa 450", 27},
217     {"PowerBook Duo 210" , 29},
218     {"Centris 650" , 30},
219     {"PowerBook Duo 230" , 32},
220     {"PowerBook 180" , 33},
221     {"PowerBook 160" , 34},
222     {"Quadra 800" , 35},
223     {"Quadra 650" , 36},
224     {"Mac LCII" , 37},
225     {"PowerBook Duo 250" , 38},
226     {"Mac IIvi" , 44},
227     {"Mac IIvm/Performa 600", 45},
228     {"Mac IIvx" , 48},
229     {"Color Classic/Performa 250", 49},
230     {"PowerBook 165c" , 50},
231     {"Centris 610" , 52},
232     {"Quadra 610" , 53},
233     {"PowerBook 145" , 54},
234     {"Mac LC520" , 56},
235     {"Quadra/Centris 660AV" , 60},
236     {"Performa 46x" , 62},
237     {"PowerBook 180c" , 71},
238     {"PowerBook 520/520c/540/540c", 72},
239     {"PowerBook Duo 270c" , 77},
240     {"Quadra 840AV" , 78},
241     {"Performa 550" , 80},
242     {"PowerBook 165" , 84},
243     {"PowerBook 190" , 85},
244     {"Mac TV" , 88},
245     {"Mac LC475/Performa 47x", 89},
246     {"Mac LC575" , 92},
247     {"Quadra 605" , 94},
248     {"Quadra 630" , 98},
249     {"Mac LC580" , 99},
250     {"PowerBook Duo 280" , 102},
251     {"PowerBook Duo 280c" , 103},
252     {"PowerBook 150" , 115},
253     {"unknown", -1}
254     };
255    
256     static void print_universal_info(uint32 info)
257     {
258     uint8 id = ReadMacInt8(info + 18);
259     uint16 hwcfg = ReadMacInt16(info + 16);
260     uint16 rom85 = ReadMacInt16(info + 20);
261    
262     // Find model name
263     char *name = "unknown";
264     for (int i=0; MacDesc[i].id >= 0; i++)
265     if (MacDesc[i].id == id + 6) {
266     name = MacDesc[i].name;
267     break;
268     }
269    
270     printf("%08x %02x\t%04x\t%04x\t%s\n", info - ROMBaseMac, id, hwcfg, rom85, name);
271     }
272    
273     static void list_universal_infos(void)
274     {
275     uint32 ofs = 0x3000;
276     for (int i=0; i<0x2000; i+=2, ofs+=2)
277     if (ReadMacInt32(ROMBaseMac + ofs) == 0xdc000505) {
278     ofs -= 16;
279     uint32 q;
280     for (q=ofs; q > 0 && ReadMacInt32(ROMBaseMac + q) != ofs - q; q-=4) ;
281     if (q > 0) {
282     printf("Universal Table at %08x:\n", q);
283     printf("Offset\t ID\tHWCfg\tROM85\tModel\n");
284     printf("------------------------------------------------\n");
285 cebix 1.15 while ((ofs = ReadMacInt32(ROMBaseMac + q))) {
286 cebix 1.11 print_universal_info(ROMBaseMac + ofs + q);
287     q += 4;
288     }
289     }
290     break;
291     }
292     printf("\n");
293     }
294    
295     static void print_rom_info(void)
296     {
297     printf("\nROM Info:\n");
298     printf("Checksum : %08x\n", ReadMacInt32(ROMBaseMac));
299     printf("Version : %04x\n", ROMVersion);
300     printf("Sub Version : %04x\n", ReadMacInt16(ROMBaseMac + 18));
301     printf("Resource Map: %08x\n", ReadMacInt32(ROMBaseMac + 26));
302     printf("Trap Tables : %08x\n\n", ReadMacInt32(ROMBaseMac + 34));
303     if (ROMVersion == ROM_VERSION_32) {
304     list_rom_resources();
305     list_universal_infos();
306     }
307     }
308    
309    
310     /*
311 cebix 1.1 * Driver stubs
312     */
313    
314     static const uint8 sony_driver[] = { // Replacement for .Sony driver
315     // Driver header
316 cebix 1.4 SonyDriverFlags >> 8, SonyDriverFlags & 0xff, 0, 0, 0, 0, 0, 0,
317 cebix 1.1 0x00, 0x18, // Open() offset
318     0x00, 0x1c, // Prime() offset
319     0x00, 0x20, // Control() offset
320     0x00, 0x2c, // Status() offset
321     0x00, 0x52, // Close() offset
322     0x05, 0x2e, 0x53, 0x6f, 0x6e, 0x79, // ".Sony"
323    
324     // Open()
325     M68K_EMUL_OP_SONY_OPEN >> 8, M68K_EMUL_OP_SONY_OPEN & 0xff,
326     0x4e, 0x75, // rts
327    
328     // Prime()
329     M68K_EMUL_OP_SONY_PRIME >> 8, M68K_EMUL_OP_SONY_PRIME & 0xff,
330     0x60, 0x0e, // bra IOReturn
331    
332     // Control()
333     M68K_EMUL_OP_SONY_CONTROL >> 8, M68K_EMUL_OP_SONY_CONTROL & 0xff,
334     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
335     0x66, 0x04, // bne IOReturn
336     0x4e, 0x75, // rts
337    
338     // Status()
339     M68K_EMUL_OP_SONY_STATUS >> 8, M68K_EMUL_OP_SONY_STATUS & 0xff,
340    
341     // IOReturn
342     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
343     0x08, 0x01, 0x00, 0x09, // btst #9,d1
344     0x67, 0x0c, // beq 1
345     0x4a, 0x40, // tst.w d0
346     0x6f, 0x02, // ble 2
347     0x42, 0x40, // clr.w d0
348     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
349     0x4e, 0x75, // rts
350     0x4a, 0x40, //1 tst.w d0
351     0x6f, 0x04, // ble 3
352     0x42, 0x40, // clr.w d0
353     0x4e, 0x75, // rts
354     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(sp)
355     0x4e, 0x75, // rts
356    
357     // Close()
358     0x70, 0xe8, // moveq #-24,d0
359     0x4e, 0x75 // rts
360     };
361    
362     static const uint8 disk_driver[] = { // Generic disk driver
363     // Driver header
364 cebix 1.4 DiskDriverFlags >> 8, DiskDriverFlags & 0xff, 0, 0, 0, 0, 0, 0,
365 cebix 1.1 0x00, 0x18, // Open() offset
366     0x00, 0x1c, // Prime() offset
367     0x00, 0x20, // Control() offset
368     0x00, 0x2c, // Status() offset
369     0x00, 0x52, // Close() offset
370     0x05, 0x2e, 0x44, 0x69, 0x73, 0x6b, // ".Disk"
371    
372     // Open()
373     M68K_EMUL_OP_DISK_OPEN >> 8, M68K_EMUL_OP_DISK_OPEN & 0xff,
374     0x4e, 0x75, // rts
375    
376     // Prime()
377     M68K_EMUL_OP_DISK_PRIME >> 8, M68K_EMUL_OP_DISK_PRIME & 0xff,
378     0x60, 0x0e, // bra IOReturn
379    
380     // Control()
381     M68K_EMUL_OP_DISK_CONTROL >> 8, M68K_EMUL_OP_DISK_CONTROL & 0xff,
382     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
383     0x66, 0x04, // bne IOReturn
384     0x4e, 0x75, // rts
385    
386     // Status()
387     M68K_EMUL_OP_DISK_STATUS >> 8, M68K_EMUL_OP_DISK_STATUS & 0xff,
388    
389     // IOReturn
390     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
391     0x08, 0x01, 0x00, 0x09, // btst #9,d1
392     0x67, 0x0c, // beq 1
393     0x4a, 0x40, // tst.w d0
394     0x6f, 0x02, // ble 2
395     0x42, 0x40, // clr.w d0
396     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
397     0x4e, 0x75, // rts
398     0x4a, 0x40, //1 tst.w d0
399     0x6f, 0x04, // ble 3
400     0x42, 0x40, // clr.w d0
401     0x4e, 0x75, // rts
402     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(sp)
403     0x4e, 0x75, // rts
404    
405     // Close()
406     0x70, 0xe8, // moveq #-24,d0
407     0x4e, 0x75 // rts
408     };
409    
410     static const uint8 cdrom_driver[] = { // CD-ROM driver
411     // Driver header
412 cebix 1.4 CDROMDriverFlags >> 8, CDROMDriverFlags & 0xff, 0, 0, 0, 0, 0, 0,
413 cebix 1.1 0x00, 0x1c, // Open() offset
414     0x00, 0x20, // Prime() offset
415     0x00, 0x24, // Control() offset
416     0x00, 0x30, // Status() offset
417     0x00, 0x56, // Close() offset
418     0x08, 0x2e, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x43, 0x44, 0x00, // ".AppleCD"
419    
420     // Open()
421     M68K_EMUL_OP_CDROM_OPEN >> 8, M68K_EMUL_OP_CDROM_OPEN & 0xff,
422     0x4e, 0x75, // rts
423    
424     // Prime()
425     M68K_EMUL_OP_CDROM_PRIME >> 8, M68K_EMUL_OP_CDROM_PRIME & 0xff,
426     0x60, 0x0e, // bra IOReturn
427    
428     // Control()
429     M68K_EMUL_OP_CDROM_CONTROL >> 8, M68K_EMUL_OP_CDROM_CONTROL & 0xff,
430     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
431     0x66, 0x04, // bne IOReturn
432     0x4e, 0x75, // rts
433    
434     // Status()
435     M68K_EMUL_OP_CDROM_STATUS >> 8, M68K_EMUL_OP_CDROM_STATUS & 0xff,
436    
437     // IOReturn
438     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
439     0x08, 0x01, 0x00, 0x09, // btst #9,d1
440     0x67, 0x0c, // beq 1
441     0x4a, 0x40, // tst.w d0
442     0x6f, 0x02, // ble 2
443     0x42, 0x40, // clr.w d0
444     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
445     0x4e, 0x75, // rts
446     0x4a, 0x40, //1 tst.w d0
447     0x6f, 0x04, // ble 3
448     0x42, 0x40, // clr.w d0
449     0x4e, 0x75, // rts
450     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(sp)
451     0x4e, 0x75, // rts
452    
453     // Close()
454     0x70, 0xe8, // moveq #-24,d0
455     0x4e, 0x75 // rts
456     };
457    
458     static const uint8 ain_driver[] = { // .AIn driver header
459     // Driver header
460     0x4d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
461     0x00, 0x18, // Open() offset
462     0x00, 0x1e, // Prime() offset
463     0x00, 0x24, // Control() offset
464     0x00, 0x32, // Status() offset
465     0x00, 0x38, // Close() offset
466     0x04, 0x2e, 0x41, 0x49, 0x6e, 0x09, // ".AIn",9
467    
468     // Open()
469     0x70, 0x00, // moveq #0,d0
470     M68K_EMUL_OP_SERIAL_OPEN >> 8, M68K_EMUL_OP_SERIAL_OPEN & 0xff,
471     0x4e, 0x75, // rts
472    
473     // Prime()
474     0x70, 0x00, // moveq #0,d0
475     M68K_EMUL_OP_SERIAL_PRIME >> 8, M68K_EMUL_OP_SERIAL_PRIME & 0xff,
476     0x60, 0x1a, // bra IOReturn
477    
478     // Control()
479     0x70, 0x00, // moveq #0,d0
480     M68K_EMUL_OP_SERIAL_CONTROL >> 8, M68K_EMUL_OP_SERIAL_CONTROL & 0xff,
481     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
482     0x66, 0x0e, // bne IOReturn
483     0x4e, 0x75, // rts
484    
485     // Status()
486     0x70, 0x00, // moveq #0,d0
487     M68K_EMUL_OP_SERIAL_STATUS >> 8, M68K_EMUL_OP_SERIAL_STATUS & 0xff,
488     0x60, 0x06, // bra IOReturn
489    
490     // Close()
491     0x70, 0x00, // moveq #0,d0
492     M68K_EMUL_OP_SERIAL_CLOSE >> 8, M68K_EMUL_OP_SERIAL_CLOSE & 0xff,
493     0x4e, 0x75, // rts
494    
495     // IOReturn
496     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
497     0x08, 0x01, 0x00, 0x09, // btst #9,d1
498     0x67, 0x0c, // beq 1
499     0x4a, 0x40, // tst.w d0
500     0x6f, 0x02, // ble 2
501     0x42, 0x40, // clr.w d0
502     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
503     0x4e, 0x75, // rts
504     0x4a, 0x40, //1 tst.w d0
505     0x6f, 0x04, // ble 3
506     0x42, 0x40, // clr.w d0
507     0x4e, 0x75, // rts
508     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(a7)
509     0x4e, 0x75, // rts
510     };
511    
512     static const uint8 aout_driver[] = { // .AOut driver header
513     // Driver header
514     0x4e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
515     0x00, 0x1a, // Open() offset
516     0x00, 0x20, // Prime() offset
517     0x00, 0x26, // Control() offset
518     0x00, 0x34, // Status() offset
519     0x00, 0x3a, // Close() offset
520     0x05, 0x2e, 0x41, 0x4f, 0x75, 0x74, 0x09, 0x00, // ".AOut",9
521    
522     // Open()
523     0x70, 0x01, // moveq #1,d0
524     M68K_EMUL_OP_SERIAL_OPEN >> 8, M68K_EMUL_OP_SERIAL_OPEN & 0xff,
525     0x4e, 0x75, // rts
526    
527     // Prime()
528     0x70, 0x01, // moveq #1,d0
529     M68K_EMUL_OP_SERIAL_PRIME >> 8, M68K_EMUL_OP_SERIAL_PRIME & 0xff,
530     0x60, 0x1a, // bra IOReturn
531    
532     // Control()
533     0x70, 0x01, // moveq #1,d0
534     M68K_EMUL_OP_SERIAL_CONTROL >> 8, M68K_EMUL_OP_SERIAL_CONTROL & 0xff,
535     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
536     0x66, 0x0e, // bne IOReturn
537     0x4e, 0x75, // rts
538    
539     // Status()
540     0x70, 0x01, // moveq #1,d0
541     M68K_EMUL_OP_SERIAL_STATUS >> 8, M68K_EMUL_OP_SERIAL_STATUS & 0xff,
542     0x60, 0x06, // bra IOReturn
543    
544     // Close()
545     0x70, 0x01, // moveq #1,d0
546     M68K_EMUL_OP_SERIAL_CLOSE >> 8, M68K_EMUL_OP_SERIAL_CLOSE & 0xff,
547     0x4e, 0x75, // rts
548    
549     // IOReturn
550     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
551     0x08, 0x01, 0x00, 0x09, // btst #9,d1
552     0x67, 0x0c, // beq 1
553     0x4a, 0x40, // tst.w d0
554     0x6f, 0x02, // ble 2
555     0x42, 0x40, // clr.w d0
556     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
557     0x4e, 0x75, // rts
558     0x4a, 0x40, //1 tst.w d0
559     0x6f, 0x04, // ble 3
560     0x42, 0x40, // clr.w d0
561     0x4e, 0x75, // rts
562     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(a7)
563     0x4e, 0x75, // rts
564     };
565    
566     static const uint8 bin_driver[] = { // .BIn driver header
567     // Driver header
568     0x4d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
569     0x00, 0x18, // Open() offset
570     0x00, 0x1e, // Prime() offset
571     0x00, 0x24, // Control() offset
572     0x00, 0x32, // Status() offset
573     0x00, 0x38, // Close() offset
574     0x04, 0x2e, 0x42, 0x49, 0x6e, 0x09, // ".BIn",9
575    
576     // Open()
577     0x70, 0x02, // moveq #2,d0
578     M68K_EMUL_OP_SERIAL_OPEN >> 8, M68K_EMUL_OP_SERIAL_OPEN & 0xff,
579     0x4e, 0x75, // rts
580    
581     // Prime()
582     0x70, 0x02, // moveq #2,d0
583     M68K_EMUL_OP_SERIAL_PRIME >> 8, M68K_EMUL_OP_SERIAL_PRIME & 0xff,
584     0x60, 0x1a, // bra IOReturn
585    
586     // Control()
587     0x70, 0x02, // moveq #2,d0
588     M68K_EMUL_OP_SERIAL_CONTROL >> 8, M68K_EMUL_OP_SERIAL_CONTROL & 0xff,
589     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
590     0x66, 0x0e, // bne IOReturn
591     0x4e, 0x75, // rts
592    
593     // Status()
594     0x70, 0x02, // moveq #2,d0
595     M68K_EMUL_OP_SERIAL_STATUS >> 8, M68K_EMUL_OP_SERIAL_STATUS & 0xff,
596     0x60, 0x06, // bra IOReturn
597    
598     // Close()
599     0x70, 0x02, // moveq #2,d0
600     M68K_EMUL_OP_SERIAL_CLOSE >> 8, M68K_EMUL_OP_SERIAL_CLOSE & 0xff,
601     0x4e, 0x75, // rts
602    
603     // IOReturn
604     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
605     0x08, 0x01, 0x00, 0x09, // btst #9,d1
606     0x67, 0x0c, // beq 1
607     0x4a, 0x40, // tst.w d0
608     0x6f, 0x02, // ble 2
609     0x42, 0x40, // clr.w d0
610     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
611     0x4e, 0x75, // rts
612     0x4a, 0x40, //1 tst.w d0
613     0x6f, 0x04, // ble 3
614     0x42, 0x40, // clr.w d0
615     0x4e, 0x75, // rts
616     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(a7)
617     0x4e, 0x75, // rts
618     };
619    
620     static const uint8 bout_driver[] = { // .BOut driver header
621     // Driver header
622     0x4e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
623     0x00, 0x1a, // Open() offset
624     0x00, 0x20, // Prime() offset
625     0x00, 0x26, // Control() offset
626     0x00, 0x34, // Status() offset
627     0x00, 0x3a, // Close() offset
628     0x05, 0x2e, 0x42, 0x4f, 0x75, 0x74, 0x09, 0x00, // ".BOut",9
629    
630     // Open()
631     0x70, 0x03, // moveq #3,d0
632     M68K_EMUL_OP_SERIAL_OPEN >> 8, M68K_EMUL_OP_SERIAL_OPEN & 0xff,
633     0x4e, 0x75, // rts
634    
635     // Prime()
636     0x70, 0x03, // moveq #3,d0
637     M68K_EMUL_OP_SERIAL_PRIME >> 8, M68K_EMUL_OP_SERIAL_PRIME & 0xff,
638     0x60, 0x1a, // bra IOReturn
639    
640     // Control()
641     0x70, 0x03, // moveq #3,d0
642     M68K_EMUL_OP_SERIAL_CONTROL >> 8, M68K_EMUL_OP_SERIAL_CONTROL & 0xff,
643     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
644     0x66, 0x0e, // bne IOReturn
645     0x4e, 0x75, // rts
646    
647     // Status()
648     0x70, 0x03, // moveq #3,d0
649     M68K_EMUL_OP_SERIAL_STATUS >> 8, M68K_EMUL_OP_SERIAL_STATUS & 0xff,
650     0x60, 0x06, // bra IOReturn
651    
652     // Close()
653     0x70, 0x03, // moveq #3,d0
654     M68K_EMUL_OP_SERIAL_CLOSE >> 8, M68K_EMUL_OP_SERIAL_CLOSE & 0xff,
655     0x4e, 0x75, // rts
656    
657     // IOReturn
658     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
659     0x08, 0x01, 0x00, 0x09, // btst #9,d1
660     0x67, 0x0c, // beq 1
661     0x4a, 0x40, // tst.w d0
662     0x6f, 0x02, // ble 2
663     0x42, 0x40, // clr.w d0
664     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
665     0x4e, 0x75, // rts
666     0x4a, 0x40, //1 tst.w d0
667     0x6f, 0x04, // ble 3
668     0x42, 0x40, // clr.w d0
669     0x4e, 0x75, // rts
670     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(a7)
671     0x4e, 0x75, // rts
672     };
673    
674    
675     /*
676     * ADBOp() patch
677     */
678    
679     static const uint8 adbop_patch[] = { // Call ADBOp() completion procedure
680     // The completion procedure may call ADBOp() again!
681     0x40, 0xe7, // move sr,-(sp)
682     0x00, 0x7c, 0x07, 0x00, // ori #$0700,sr
683     M68K_EMUL_OP_ADBOP >> 8, M68K_EMUL_OP_ADBOP & 0xff,
684     0x48, 0xe7, 0x70, 0xf0, // movem.l d1-d3/a0-a3,-(sp)
685     0x26, 0x48, // move.l a0,a3
686     0x4a, 0xab, 0x00, 0x04, // tst.l 4(a3)
687     0x67, 0x00, 0x00, 0x18, // beq 1
688     0x20, 0x53, // move.l (a3),a0
689     0x22, 0x6b, 0x00, 0x04, // move.l 4(a3),a1
690     0x24, 0x6b, 0x00, 0x08, // move.l 8(a3),a2
691     0x26, 0x78, 0x0c, 0xf8, // move.l $cf8,a3
692     0x4e, 0x91, // jsr (a1)
693     0x70, 0x00, // moveq #0,d0
694     0x60, 0x00, 0x00, 0x04, // bra 2
695     0x70, 0xff, //1 moveq #-1,d0
696     0x4c, 0xdf, 0x0f, 0x0e, //2 movem.l (sp)+,d1-d3/a0-a3
697     0x46, 0xdf, // move (sp)+,sr
698     0x4e, 0x75 // rts
699     };
700    
701    
702     /*
703     * Install .Sony, disk and CD-ROM drivers
704     */
705    
706     void InstallDrivers(uint32 pb)
707     {
708 cebix 1.14 D(bug("InstallDrivers, pb %08x\n", pb));
709 cebix 1.1 M68kRegisters r;
710    
711     // Install Microseconds() replacement routine
712     r.a[0] = ROMBaseMac + microseconds_offset;
713     r.d[0] = 0xa093;
714     Execute68kTrap(0xa247, &r); // SetOSTrapAddress()
715    
716 jlachmann 1.16 // Install DebugUtil() replacement routine
717     r.a[0] = ROMBaseMac + debugutil_offset;
718     r.d[0] = 0xa08d;
719     Execute68kTrap(0xa247, &r); // SetOSTrapAddress()
720    
721 cebix 1.1 // Install disk driver
722     r.a[0] = ROMBaseMac + sony_offset + 0x100;
723     r.d[0] = (uint32)DiskRefNum;
724     Execute68kTrap(0xa43d, &r); // DrvrInstallRsrvMem()
725     r.a[0] = ReadMacInt32(ReadMacInt32(0x11c) + ~DiskRefNum * 4); // Get driver handle from Unit Table
726     Execute68kTrap(0xa029, &r); // HLock()
727     uint32 dce = ReadMacInt32(r.a[0]);
728     WriteMacInt32(dce + dCtlDriver, ROMBaseMac + sony_offset + 0x100);
729     WriteMacInt16(dce + dCtlFlags, DiskDriverFlags);
730    
731     // Open disk driver
732     WriteMacInt32(pb + ioNamePtr, ROMBaseMac + sony_offset + 0x112);
733     r.a[0] = pb;
734     Execute68kTrap(0xa000, &r); // Open()
735    
736     // Install CD-ROM driver unless nocdrom option given
737     if (!PrefsFindBool("nocdrom")) {
738    
739     // Install CD-ROM driver
740     r.a[0] = ROMBaseMac + sony_offset + 0x200;
741     r.d[0] = (uint32)CDROMRefNum;
742     Execute68kTrap(0xa43d, &r); // DrvrInstallRsrvMem()
743     r.a[0] = ReadMacInt32(ReadMacInt32(0x11c) + ~CDROMRefNum * 4); // Get driver handle from Unit Table
744     Execute68kTrap(0xa029, &r); // HLock()
745     dce = ReadMacInt32(r.a[0]);
746     WriteMacInt32(dce + dCtlDriver, ROMBaseMac + sony_offset + 0x200);
747     WriteMacInt16(dce + dCtlFlags, CDROMDriverFlags);
748    
749     // Open CD-ROM driver
750     WriteMacInt32(pb + ioNamePtr, ROMBaseMac + sony_offset + 0x212);
751     r.a[0] = pb;
752     Execute68kTrap(0xa000, &r); // Open()
753     }
754     }
755    
756    
757     /*
758     * Install serial drivers
759     */
760    
761     void InstallSERD(void)
762     {
763     D(bug("InstallSERD\n"));
764    
765     // All drivers are inside the SERD resource
766     M68kRegisters r;
767    
768     // Install .AIn driver
769     r.d[0] = (uint32)-6;
770     r.a[0] = ROMBaseMac + serd_offset + 0x100;
771     Execute68kTrap(0xa53d, &r); // DrvrInstallRsrvMem()
772     Execute68kTrap(0xa029, &r); // HLock()
773     uint32 drvr_ptr = ReadMacInt32(r.a[0]);
774     WriteMacInt32(drvr_ptr + dCtlDriver, ROMBaseMac + serd_offset + 0x100); // Pointer to driver header
775     WriteMacInt16(drvr_ptr + dCtlFlags, (ain_driver[0] << 8) + ain_driver[1]); // Driver flags
776     WriteMacInt16(drvr_ptr + dCtlQHdr + qFlags, 9); // Version number
777    
778     // Install .AOut driver
779     r.d[0] = (uint32)-7;
780     r.a[0] = ROMBaseMac + serd_offset + 0x200;
781     Execute68kTrap(0xa53d, &r); // DrvrInstallRsrvMem()
782     Execute68kTrap(0xa029, &r); // HLock()
783     drvr_ptr = ReadMacInt32(r.a[0]);
784     WriteMacInt32(drvr_ptr + dCtlDriver, ROMBaseMac + serd_offset + 0x200); // Pointer to driver header
785     WriteMacInt16(drvr_ptr + dCtlFlags, (aout_driver[0] << 8) + aout_driver[1]); // Driver flags
786     WriteMacInt16(drvr_ptr + dCtlQHdr + qFlags, 9); // Version number
787    
788     // Install .BIn driver
789     r.d[0] = (uint32)-8;
790     r.a[0] = ROMBaseMac + serd_offset + 0x300;
791     Execute68kTrap(0xa53d, &r); // DrvrInstallRsrvMem()
792     Execute68kTrap(0xa029, &r); // HLock()
793     drvr_ptr = ReadMacInt32(r.a[0]);
794     WriteMacInt32(drvr_ptr + dCtlDriver, ROMBaseMac + serd_offset + 0x300); // Pointer to driver header
795     WriteMacInt16(drvr_ptr + dCtlFlags, (bin_driver[0] << 8) + bin_driver[1]); // Driver flags
796     WriteMacInt16(drvr_ptr + dCtlQHdr + qFlags, 9); // Version number
797    
798     // Install .BOut driver
799     r.d[0] = (uint32)-9;
800     r.a[0] = ROMBaseMac + serd_offset + 0x400;
801     Execute68kTrap(0xa53d, &r); // DrvrInstallRsrvMem()
802     Execute68kTrap(0xa029, &r); // HLock()
803     drvr_ptr = ReadMacInt32(r.a[0]);
804     WriteMacInt32(drvr_ptr + dCtlDriver, ROMBaseMac + serd_offset + 0x400); // Pointer to driver header
805     WriteMacInt16(drvr_ptr + dCtlFlags, (bout_driver[0] << 8) + bout_driver[1]); // Driver flags
806     WriteMacInt16(drvr_ptr + dCtlQHdr + qFlags, 9); // Version number
807     }
808    
809    
810     /*
811     * Install patches after MacOS startup
812     */
813    
814     void PatchAfterStartup(void)
815     {
816 cebix 1.6 #if SUPPORTS_EXTFS
817 cebix 1.5 // Install external file system
818     InstallExtFS();
819 cebix 1.6 #endif
820 cebix 1.1 }
821    
822    
823     /*
824     * Check ROM version, returns false if ROM version is not supported
825     */
826    
827     bool CheckROM(void)
828     {
829     // Read version
830     ROMVersion = ntohs(*(uint16 *)(ROMBaseHost + 8));
831    
832 gbeauche 1.17 #if REAL_ADDRESSING || DIRECT_ADDRESSING
833     // Real and direct addressing modes require a 32-bit clean ROM
834 cebix 1.1 return ROMVersion == ROM_VERSION_32;
835     #else
836 cebix 1.6 // Virtual addressing mode works with 32-bit clean Mac II ROMs and Classic ROMs
837 cebix 1.1 return (ROMVersion == ROM_VERSION_CLASSIC) || (ROMVersion == ROM_VERSION_32);
838     #endif
839     }
840    
841    
842     /*
843     * Install ROM patches, returns false if ROM version is not supported
844     */
845    
846     // ROM patches for Mac Classic/SE ROMs (version $0276)
847     static bool patch_rom_classic(void)
848     {
849     uint16 *wp;
850     uint32 base;
851    
852     // Don't jump into debugger (VIA line)
853     wp = (uint16 *)(ROMBaseHost + 0x1c40);
854     *wp = htons(0x601e);
855    
856     // Don't complain about incorrect ROM checksum
857     wp = (uint16 *)(ROMBaseHost + 0x1c6c);
858     *wp = htons(0x7c00);
859    
860     // Don't initialize IWM
861     wp = (uint16 *)(ROMBaseHost + 0x50);
862     *wp++ = htons(M68K_NOP);
863     *wp = htons(M68K_NOP);
864    
865     // Skip startup sound
866     wp = (uint16 *)(ROMBaseHost + 0x6a);
867     *wp++ = htons(M68K_NOP);
868     *wp = htons(M68K_NOP);
869    
870     // Don't loop in ADB init
871     wp = (uint16 *)(ROMBaseHost + 0x3364);
872     *wp = htons(M68K_NOP);
873    
874     // Patch ClkNoMem
875     wp = (uint16 *)(ROMBaseHost + 0xa2c0);
876     *wp++ = htons(M68K_EMUL_OP_CLKNOMEM);
877     *wp = htons(0x4ed5); // jmp (a5)
878    
879     // Skip main memory test (not that it wouldn't pass, but it's faster that way)
880     wp = (uint16 *)(ROMBaseHost + 0x11e);
881     *wp++ = htons(M68K_NOP);
882     *wp = htons(M68K_NOP);
883    
884     // Install our own drivers
885     wp = (uint16 *)(ROMBaseHost + 0x3f82a);
886     *wp++ = htons(M68K_EMUL_OP_INSTALL_DRIVERS);
887     *wp++ = htons(M68K_NOP);
888     *wp++ = htons(M68K_NOP);
889     *wp = htons(M68K_NOP);
890    
891     #if 1
892     // Don't look for SCSI devices
893     wp = (uint16 *)(ROMBaseHost + 0xd5a);
894     *wp = htons(0x601e);
895     #endif
896    
897     // Replace .Sony driver
898     sony_offset = 0x34680;
899     D(bug("sony %08lx\n", sony_offset));
900     memcpy(ROMBaseHost + sony_offset, sony_driver, sizeof(sony_driver));
901    
902     // Install .Disk and .AppleCD drivers
903     memcpy(ROMBaseHost + sony_offset + 0x100, disk_driver, sizeof(disk_driver));
904     memcpy(ROMBaseHost + sony_offset + 0x200, cdrom_driver, sizeof(cdrom_driver));
905    
906     // Copy icons to ROM
907     SonyDiskIconAddr = ROMBaseMac + sony_offset + 0x400;
908     memcpy(ROMBaseHost + sony_offset + 0x400, SonyDiskIcon, sizeof(SonyDiskIcon));
909     SonyDriveIconAddr = ROMBaseMac + sony_offset + 0x600;
910     memcpy(ROMBaseHost + sony_offset + 0x600, SonyDriveIcon, sizeof(SonyDriveIcon));
911     DiskIconAddr = ROMBaseMac + sony_offset + 0x800;
912     memcpy(ROMBaseHost + sony_offset + 0x800, DiskIcon, sizeof(DiskIcon));
913     CDROMIconAddr = ROMBaseMac + sony_offset + 0xa00;
914     memcpy(ROMBaseHost + sony_offset + 0xa00, CDROMIcon, sizeof(CDROMIcon));
915    
916     // Install SERD patch and serial drivers
917     serd_offset = 0x31bae;
918     D(bug("serd %08lx\n", serd_offset));
919     wp = (uint16 *)(ROMBaseHost + serd_offset + 12);
920     *wp++ = htons(M68K_EMUL_OP_SERD);
921     *wp = htons(M68K_RTS);
922     memcpy(ROMBaseHost + serd_offset + 0x100, ain_driver, sizeof(ain_driver));
923     memcpy(ROMBaseHost + serd_offset + 0x200, aout_driver, sizeof(aout_driver));
924     memcpy(ROMBaseHost + serd_offset + 0x300, bin_driver, sizeof(bin_driver));
925     memcpy(ROMBaseHost + serd_offset + 0x400, bout_driver, sizeof(bout_driver));
926    
927     // Replace ADBOp()
928     memcpy(ROMBaseHost + 0x3880, adbop_patch, sizeof(adbop_patch));
929    
930     // Replace Time Manager
931     wp = (uint16 *)(ROMBaseHost + 0x1a95c);
932     *wp++ = htons(M68K_EMUL_OP_INSTIME);
933     *wp = htons(M68K_RTS);
934     wp = (uint16 *)(ROMBaseHost + 0x1a96a);
935     *wp++ = htons(0x40e7); // move sr,-(sp)
936     *wp++ = htons(0x007c); // ori #$0700,sr
937     *wp++ = htons(0x0700);
938     *wp++ = htons(M68K_EMUL_OP_RMVTIME);
939     *wp++ = htons(0x46df); // move (sp)+,sr
940     *wp = htons(M68K_RTS);
941     wp = (uint16 *)(ROMBaseHost + 0x1a984);
942     *wp++ = htons(0x40e7); // move sr,-(sp)
943     *wp++ = htons(0x007c); // ori #$0700,sr
944     *wp++ = htons(0x0700);
945     *wp++ = htons(M68K_EMUL_OP_PRIMETIME);
946     *wp++ = htons(0x46df); // move (sp)+,sr
947     *wp++ = htons(M68K_RTS);
948     microseconds_offset = (uint8 *)wp - ROMBaseHost;
949     *wp++ = htons(M68K_EMUL_OP_MICROSECONDS);
950 jlachmann 1.16 *wp++ = htons(M68K_RTS);
951    
952     // Replace DebugUtil
953     debugutil_offset = (uint8 *)wp - ROMBaseHost;
954     *wp++ = htons(M68K_EMUL_OP_DEBUGUTIL);
955 cebix 1.1 *wp = htons(M68K_RTS);
956    
957     // Replace SCSIDispatch()
958     wp = (uint16 *)(ROMBaseHost + 0x1a206);
959     *wp++ = htons(M68K_EMUL_OP_SCSI_DISPATCH);
960     *wp++ = htons(0x2e49); // move.l a1,a7
961     *wp = htons(M68K_JMP_A0);
962    
963     // Modify vCheckLoad() so we can patch resources
964     wp = (uint16 *)(ROMBaseHost + 0xe740);
965     *wp++ = htons(M68K_JMP);
966     *wp++ = htons((ROMBaseMac + sony_offset + 0x300) >> 16);
967     *wp = htons((ROMBaseMac + sony_offset + 0x300) & 0xffff);
968     wp = (uint16 *)(ROMBaseHost + sony_offset + 0x300);
969     *wp++ = htons(0x2f03); // move.l d3,-(sp) (save type)
970     *wp++ = htons(0x2078); // move.l $07f0,a0
971     *wp++ = htons(0x07f0);
972     *wp++ = htons(M68K_JSR_A0);
973     *wp++ = htons(0x221f); // move.l (sp)+,d1 (restore type)
974     *wp++ = htons(M68K_EMUL_OP_CHECKLOAD);
975     *wp = htons(M68K_RTS);
976    
977     // Install PutScrap() patch for clipboard data exchange (the patch is activated by EMUL_OP_INSTALL_DRIVERS)
978     PutScrapPatch = ROMBaseMac + sony_offset + 0xc00;
979     base = ROMBaseMac + 0x12794;
980     wp = (uint16 *)(ROMBaseHost + sony_offset + 0xc00);
981     *wp++ = htons(M68K_EMUL_OP_PUT_SCRAP);
982     *wp++ = htons(M68K_JMP);
983     *wp++ = htons(base >> 16);
984     *wp = htons(base & 0xffff);
985    
986     #if 0
987     // Boot from internal EDisk
988     wp = (uint16 *)(ROMBaseHost + 0x3f83c);
989     *wp = htons(M68K_NOP);
990     #endif
991    
992     // Patch VIA interrupt handler
993     wp = (uint16 *)(ROMBaseHost + 0x2b3a); // Level 1 handler
994     *wp++ = htons(0x5888); // addq.l #4,a0
995     *wp++ = htons(0x5888); // addq.l #4,a0
996     *wp++ = htons(M68K_NOP);
997     *wp++ = htons(M68K_NOP);
998     *wp++ = htons(M68K_NOP);
999     *wp++ = htons(M68K_NOP);
1000     *wp++ = htons(M68K_NOP);
1001     *wp++ = htons(M68K_NOP);
1002     *wp = htons(M68K_NOP);
1003    
1004     wp = (uint16 *)(ROMBaseHost + 0x2be8); // 60Hz handler (handles everything)
1005     *wp++ = htons(M68K_EMUL_OP_IRQ);
1006     *wp++ = htons(0x4a80); // tst.l d0
1007     *wp = htons(0x67f4); // beq 0x402be2
1008     return true;
1009     }
1010    
1011     // ROM patches for 32-bit clean Mac-II ROMs (version $067c)
1012     static bool patch_rom_32(void)
1013     {
1014 cebix 1.3 uint32 *lp;
1015 cebix 1.1 uint16 *wp;
1016     uint8 *bp;
1017     uint32 base;
1018    
1019     // Find UniversalInfo
1020     static const uint8 universal_dat[] = {0xdc, 0x00, 0x05, 0x05, 0x3f, 0xff, 0x01, 0x00};
1021     if ((base = find_rom_data(0x3400, 0x3c00, universal_dat, sizeof(universal_dat))) == 0) return false;
1022     UniversalInfo = base - 0x10;
1023     D(bug("universal %08lx\n", UniversalInfo));
1024    
1025     // Patch UniversalInfo (disable NuBus slots)
1026     bp = ROMBaseHost + UniversalInfo + ReadMacInt32(ROMBaseMac + UniversalInfo + 12); // nuBusInfoPtr
1027     bp[0] = 0x03;
1028     for (int i=1; i<16; i++)
1029     bp[i] = 0x08;
1030    
1031     // Set model ID from preferences
1032     bp = ROMBaseHost + UniversalInfo + 18; // productKind
1033     *bp = PrefsFindInt32("modelid");
1034    
1035     // Make FPU optional
1036     if (FPUType == 0) {
1037     bp = ROMBaseHost + UniversalInfo + 22; // defaultRSRCs
1038     *bp = 4; // FPU optional
1039     }
1040    
1041     // Install special reset opcode and jump (skip hardware detection and tests)
1042     wp = (uint16 *)(ROMBaseHost + 0x8c);
1043     *wp++ = htons(M68K_EMUL_OP_RESET);
1044     *wp++ = htons(M68K_JMP);
1045     *wp++ = htons((ROMBaseMac + 0xba) >> 16);
1046     *wp = htons((ROMBaseMac + 0xba) & 0xffff);
1047    
1048     // Don't GetHardwareInfo
1049     wp = (uint16 *)(ROMBaseHost + 0xc2);
1050     *wp++ = htons(M68K_NOP);
1051     *wp = htons(M68K_NOP);
1052    
1053     // Don't init VIAs
1054     wp = (uint16 *)(ROMBaseHost + 0xc6);
1055     *wp++ = htons(M68K_NOP);
1056     *wp++ = htons(M68K_NOP);
1057     *wp++ = htons(M68K_NOP);
1058     *wp++ = htons(M68K_NOP);
1059     *wp++ = htons(M68K_NOP);
1060     *wp++ = htons(M68K_NOP);
1061     *wp++ = htons(M68K_NOP);
1062     *wp++ = htons(M68K_NOP);
1063     *wp++ = htons(M68K_NOP);
1064     *wp++ = htons(M68K_NOP);
1065     *wp++ = htons(M68K_NOP);
1066     *wp++ = htons(M68K_NOP);
1067     *wp++ = htons(M68K_NOP);
1068     *wp++ = htons(M68K_NOP);
1069     *wp = htons(M68K_NOP);
1070    
1071     // Fake CPU type test
1072     wp = (uint16 *)(ROMBaseHost + 0x7c0);
1073     *wp++ = htons(0x7e00 + CPUType);
1074     *wp = htons(M68K_RTS);
1075    
1076     // Don't clear end of BootGlobs upto end of RAM (address xxxx0000)
1077     static const uint8 clear_globs_dat[] = {0x42, 0x9a, 0x36, 0x0a, 0x66, 0xfa};
1078     base = find_rom_data(0xa00, 0xb00, clear_globs_dat, sizeof(clear_globs_dat));
1079     D(bug("clear_globs %08lx\n", base));
1080     if (base) { // ROM15/20/22/23/26/27/32
1081     wp = (uint16 *)(ROMBaseHost + base + 2);
1082     *wp++ = htons(M68K_NOP);
1083     *wp = htons(M68K_NOP);
1084     }
1085    
1086     // Patch InitMMU (no MMU present, don't choke on unknown CPU types)
1087     if (ROMSize <= 0x80000) {
1088     static const uint8 init_mmu_dat[] = {0x0c, 0x47, 0x00, 0x03, 0x62, 0x00, 0xfe};
1089     if ((base = find_rom_data(0x4000, 0x50000, init_mmu_dat, sizeof(init_mmu_dat))) == 0) return false;
1090     } else {
1091     static const uint8 init_mmu_dat[] = {0x0c, 0x47, 0x00, 0x04, 0x62, 0x00, 0xfd};
1092     if ((base = find_rom_data(0x80000, 0x90000, init_mmu_dat, sizeof(init_mmu_dat))) == 0) return false;
1093     }
1094     D(bug("init_mmu %08lx\n", base));
1095     wp = (uint16 *)(ROMBaseHost + base);
1096     *wp++ = htons(M68K_NOP);
1097     *wp++ = htons(M68K_NOP);
1098     *wp++ = htons(M68K_NOP);
1099     *wp++ = htons(M68K_NOP);
1100     wp++;
1101     *wp++ = htons(0x7000); // moveq #0,d0
1102     *wp = htons(M68K_NOP);
1103    
1104     // Patch InitMMU (no RBV present)
1105     static const uint8 init_mmu2_dat[] = {0x08, 0x06, 0x00, 0x0d, 0x67};
1106     if (ROMSize <= 0x80000) {
1107     base = find_rom_data(0x4000, 0x50000, init_mmu2_dat, sizeof(init_mmu2_dat));
1108     } else {
1109     base = find_rom_data(0x80000, 0x90000, init_mmu2_dat, sizeof(init_mmu2_dat));
1110     }
1111     D(bug("init_mmu2 %08lx\n", base));
1112     if (base) { // ROM11/10/13/26
1113     bp = (uint8 *)(ROMBaseHost + base + 4);
1114     *bp = 0x60; // bra
1115     }
1116    
1117     // Patch InitMMU (don't init MMU)
1118     static const uint8 init_mmu3_dat[] = {0x0c, 0x2e, 0x00, 0x01, 0xff, 0xe6, 0x66, 0x0c, 0x4c, 0xed, 0x03, 0x87, 0xff, 0xe8};
1119     if (ROMSize <= 0x80000) {
1120     if ((base = find_rom_data(0x4000, 0x50000, init_mmu3_dat, sizeof(init_mmu3_dat))) == 0) return false;
1121     } else {
1122     if ((base = find_rom_data(0x80000, 0x90000, init_mmu3_dat, sizeof(init_mmu3_dat))) == 0) return false;
1123     }
1124     D(bug("init_mmu3 %08lx\n", base));
1125     wp = (uint16 *)(ROMBaseHost + base + 6);
1126     *wp = htons(M68K_NOP);
1127    
1128     // Replace XPRAM routines
1129     static const uint8 read_xpram_dat[] = {0x26, 0x4e, 0x41, 0xf9, 0x50, 0xf0, 0x00, 0x00, 0x08, 0x90, 0x00, 0x02};
1130     base = find_rom_data(0x40000, 0x50000, read_xpram_dat, sizeof(read_xpram_dat));
1131     D(bug("read_xpram %08lx\n", base));
1132     if (base) { // ROM10
1133     wp = (uint16 *)(ROMBaseHost + base);
1134     *wp++ = htons(M68K_EMUL_OP_READ_XPRAM);
1135     *wp = htons(0x4ed6); // jmp (a6)
1136     }
1137     static const uint8 read_xpram2_dat[] = {0x26, 0x4e, 0x08, 0x92, 0x00, 0x02, 0xea, 0x59, 0x02, 0x01, 0x00, 0x07, 0x00, 0x01, 0x00, 0xb8};
1138     base = find_rom_data(0x40000, 0x50000, read_xpram2_dat, sizeof(read_xpram2_dat));
1139     D(bug("read_xpram2 %08lx\n", base));
1140     if (base) { // ROM11
1141     wp = (uint16 *)(ROMBaseHost + base);
1142     *wp++ = htons(M68K_EMUL_OP_READ_XPRAM);
1143     *wp = htons(0x4ed6); // jmp (a6)
1144     }
1145     if (ROMSize > 0x80000) {
1146     static const uint8 read_xpram3_dat[] = {0x48, 0xe7, 0xe0, 0x60, 0x02, 0x01, 0x00, 0x70, 0x0c, 0x01, 0x00, 0x20};
1147     base = find_rom_data(0x80000, 0x90000, read_xpram3_dat, sizeof(read_xpram3_dat));
1148     D(bug("read_xpram3 %08lx\n", base));
1149     if (base) { // ROM15
1150     wp = (uint16 *)(ROMBaseHost + base);
1151     *wp++ = htons(M68K_EMUL_OP_READ_XPRAM2);
1152     *wp = htons(M68K_RTS);
1153     }
1154     }
1155    
1156     // Patch ClkNoMem
1157     base = find_rom_trap(0xa053);
1158     wp = (uint16 *)(ROMBaseHost + base);
1159     if (ntohs(*wp) == 0x4ed5) { // ROM23/26/27/32
1160     static const uint8 clk_no_mem_dat[] = {0x40, 0xc2, 0x00, 0x7c, 0x07, 0x00, 0x48, 0x42};
1161     if ((base = find_rom_data(0xb0000, 0xb8000, clk_no_mem_dat, sizeof(clk_no_mem_dat))) == 0) return false;
1162     }
1163     D(bug("clk_no_mem %08lx\n", base));
1164     wp = (uint16 *)(ROMBaseHost + base);
1165     *wp++ = htons(M68K_EMUL_OP_CLKNOMEM);
1166     *wp = htons(0x4ed5); // jmp (a5)
1167    
1168     // Patch BootGlobs
1169     wp = (uint16 *)(ROMBaseHost + 0x10e);
1170     *wp++ = htons(M68K_EMUL_OP_PATCH_BOOT_GLOBS);
1171     *wp = htons(M68K_NOP);
1172    
1173     // Don't init SCC
1174     static const uint8 init_scc_dat[] = {0x08, 0x38, 0x00, 0x01, 0x0d, 0xd1, 0x67, 0x04};
1175     if ((base = find_rom_data(0xa00, 0xa80, init_scc_dat, sizeof(init_scc_dat))) == 0) return false;
1176     D(bug("init_scc %08lx\n", base));
1177     wp = (uint16 *)(ROMBaseHost + base);
1178     *wp = htons(M68K_RTS);
1179    
1180     // Don't access 0x50f1a101
1181     wp = (uint16 *)(ROMBaseHost + 0x4232);
1182     if (ntohs(wp[1]) == 0x50f1 && ntohs(wp[2]) == 0xa101) { // ROM32
1183     *wp++ = htons(M68K_NOP);
1184     *wp++ = htons(M68K_NOP);
1185     *wp++ = htons(M68K_NOP);
1186     *wp++ = htons(M68K_NOP);
1187     *wp = htons(M68K_NOP);
1188     }
1189    
1190     // Don't init IWM
1191     wp = (uint16 *)(ROMBaseHost + 0x9c0);
1192     *wp = htons(M68K_RTS);
1193    
1194     // Don't init SCSI
1195     wp = (uint16 *)(ROMBaseHost + 0x9a0);
1196     *wp = htons(M68K_RTS);
1197    
1198     // Don't init ASC
1199     static const uint8 init_asc_dat[] = {0x26, 0x68, 0x00, 0x30, 0x12, 0x00, 0xeb, 0x01};
1200     base = find_rom_data(0x4000, 0x5000, init_asc_dat, sizeof(init_asc_dat));
1201     D(bug("init_asc %08lx\n", base));
1202     if (base) { // ROM15/22/23/26/27/32
1203     wp = (uint16 *)(ROMBaseHost + base);
1204     *wp = htons(0x4ed6); // jmp (a6)
1205     }
1206    
1207     // Don't EnableExtCache
1208     wp = (uint16 *)(ROMBaseHost + 0x190);
1209     *wp++ = htons(M68K_NOP);
1210     *wp = htons(M68K_NOP);
1211    
1212     // Don't DisableIntSources
1213     wp = (uint16 *)(ROMBaseHost + 0x9f4c);
1214     *wp = htons(M68K_RTS);
1215    
1216     // Fake CPU speed test (SetupTimeK)
1217 jlachmann 1.16 // *** increased jl : MacsBug uses TimeDBRA for kbd repeat timing
1218 cebix 1.1 wp = (uint16 *)(ROMBaseHost + 0x800);
1219     *wp++ = htons(0x31fc); // move.w #xxx,TimeDBRA
1220 jlachmann 1.16 *wp++ = htons(10000);
1221 cebix 1.1 *wp++ = htons(0x0d00);
1222     *wp++ = htons(0x31fc); // move.w #xxx,TimeSCCDBRA
1223 jlachmann 1.16 *wp++ = htons(10000);
1224 cebix 1.1 *wp++ = htons(0x0d02);
1225     *wp++ = htons(0x31fc); // move.w #xxx,TimeSCSIDBRA
1226 jlachmann 1.16 *wp++ = htons(10000);
1227 cebix 1.1 *wp++ = htons(0x0b24);
1228     *wp++ = htons(0x31fc); // move.w #xxx,TimeRAMDBRA
1229 jlachmann 1.16 *wp++ = htons(10000);
1230 cebix 1.1 *wp++ = htons(0x0cea);
1231     *wp = htons(M68K_RTS);
1232    
1233     #if REAL_ADDRESSING
1234     // Move system zone to start of Mac RAM
1235 gbeauche 1.17 wp = (uint16 *)(ROMBaseHost + 0x50a);
1236     *wp++ = htons(HiWord(RAMBaseMac + 0x2000));
1237     *wp++ = htons(LoWord(RAMBaseMac + 0x2000));
1238     *wp++ = htons(HiWord(RAMBaseMac + 0x3800));
1239     *wp = htons(LoWord(RAMBaseMac + 0x3800));
1240 cebix 1.1 #endif
1241    
1242     #if !ROM_IS_WRITE_PROTECTED
1243 gbeauche 1.17 #if defined(AMIGA) || defined(USE_SCRATCHMEM_SUBTERFUGE)
1244 cebix 1.1 // Set fake handle at 0x0000 to scratch memory area (so broken Mac programs won't write into Mac ROM)
1245 gbeauche 1.17 extern uint8 *ScratchMem;
1246     const uint32 ScratchMemBase = Host2MacAddr(ScratchMem);
1247 cebix 1.1 wp = (uint16 *)(ROMBaseHost + 0xccaa);
1248     *wp++ = htons(0x203c); // move.l #ScratchMem,d0
1249 gbeauche 1.17 *wp++ = htons(ScratchMemBase >> 16);
1250     *wp = htons(ScratchMemBase);
1251 cebix 1.1 #else
1252     #error System specific handling for writable ROM is required here
1253     #endif
1254     #endif
1255    
1256     #if REAL_ADDRESSING && defined(AMIGA)
1257     // Don't overwrite SysBase under AmigaOS
1258     wp = (uint16 *)(ROMBaseHost + 0xccb4);
1259     *wp++ = htons(M68K_NOP);
1260     *wp = htons(M68K_NOP);
1261     #endif
1262 gbeauche 1.17
1263     #if REAL_ADDRESSING && !defined(AMIGA)
1264     // gb-- Temporary hack to get rid of crashes in Speedometer
1265     wp = (uint16 *)(ROMBaseHost + 0xdba2);
1266     if (ntohs(*wp) == 0x662c) // bne.b #$2c
1267     *wp = htons(0x602c); // bra.b #$2c
1268     #endif
1269    
1270 cebix 1.1 // Don't write to VIA in InitTimeMgr
1271     wp = (uint16 *)(ROMBaseHost + 0xb0e2);
1272     *wp++ = htons(0x4cdf); // movem.l (sp)+,d0-d5/a0-a4
1273     *wp++ = htons(0x1f3f);
1274     *wp = htons(M68K_RTS);
1275    
1276     // Don't read ModelID from 0x5ffffffc
1277     static const uint8 model_id_dat[] = {0x20, 0x7c, 0x5f, 0xff, 0xff, 0xfc, 0x72, 0x07, 0xc2, 0x90};
1278     base = find_rom_data(0x40000, 0x50000, model_id_dat, sizeof(model_id_dat));
1279     D(bug("model_id %08lx\n", base));
1280     if (base) { // ROM20
1281     wp = (uint16 *)(ROMBaseHost + base + 8);
1282     *wp++ = htons(M68K_NOP);
1283     *wp++ = htons(M68K_NOP);
1284     *wp++ = htons(M68K_NOP);
1285     *wp = htons(M68K_NOP);
1286     }
1287    
1288     // Don't read ModelID from 0x5ffffffc
1289     static const uint8 model_id2_dat[] = {0x45, 0xf9, 0x5f, 0xff, 0xff, 0xfc, 0x20, 0x12};
1290     base = find_rom_data(0x4000, 0x5000, model_id2_dat, sizeof(model_id2_dat));
1291     D(bug("model_id2 %08lx\n", base));
1292     if (base) { // ROM27/32
1293     wp = (uint16 *)(ROMBaseHost + base + 6);
1294     *wp++ = htons(0x7000); // moveq #0,d0
1295     *wp++ = htons(0xb040); // cmp.w d0,d0
1296     *wp = htons(0x4ed6); // jmp (a6)
1297     }
1298    
1299     // Install slot ROM
1300     if (!InstallSlotROM())
1301     return false;
1302    
1303     // Don't probe NuBus slots
1304     static const uint8 nubus_dat[] = {0x45, 0xfa, 0x00, 0x0a, 0x42, 0xa7, 0x10, 0x11};
1305     base = find_rom_data(0x5000, 0x6000, nubus_dat, sizeof(nubus_dat));
1306     D(bug("nubus %08lx\n", base));
1307     if (base) { // ROM10/11
1308     wp = (uint16 *)(ROMBaseHost + base + 6);
1309     *wp++ = htons(M68K_NOP);
1310     *wp++ = htons(M68K_NOP);
1311     *wp = htons(M68K_NOP);
1312     }
1313    
1314     // Don't EnableOneSecInts
1315     static const uint8 lea_dat[] = {0x41, 0xf9};
1316     if ((base = find_rom_data(0x226, 0x22a, lea_dat, sizeof(lea_dat))) == 0) return false;
1317     D(bug("enable_one_sec_ints %08lx\n", base));
1318     wp = (uint16 *)(ROMBaseHost + base);
1319     *wp++ = htons(M68K_NOP);
1320     *wp++ = htons(M68K_NOP);
1321     *wp++ = htons(M68K_NOP);
1322     *wp++ = htons(M68K_NOP);
1323     *wp = htons(M68K_NOP);
1324    
1325     // Don't EnableParityPatch/Enable60HzInts
1326     if ((base = find_rom_data(0x230, 0x234, lea_dat, sizeof(lea_dat))) == 0) {
1327     wp = (uint16 *)(ROMBaseHost + 0x230);
1328     if (ntohs(*wp) == 0x6100) // ROM11
1329     base = 0x230;
1330     else
1331     return false;
1332     }
1333     D(bug("enable_60hz_ints %08lx\n", base));
1334     wp = (uint16 *)(ROMBaseHost + base);
1335     *wp++ = htons(M68K_NOP);
1336     *wp++ = htons(M68K_NOP);
1337     *wp++ = htons(M68K_NOP);
1338     *wp++ = htons(M68K_NOP);
1339     *wp = htons(M68K_NOP);
1340    
1341 cebix 1.8 // Compute boot stack pointer and fix logical/physical RAM size (CompBootStack) (must be done after InitMemMgr!)
1342     wp = (uint16 *)(ROMBaseHost + 0x490);
1343     *wp++ = htons(0x2038); // move.l $10c,d0
1344     *wp++ = htons(0x010c);
1345     *wp++ = htons(0xd0b8); // add.l $2a6,d0
1346     *wp++ = htons(0x02a6);
1347     *wp++ = htons(0xe288); // lsr.l #1,d0
1348     *wp++ = htons(0x0880); // bclr #0,d0
1349     *wp++ = htons(0x0000);
1350     *wp++ = htons(0x0440); // subi.w #$400,d0
1351     *wp++ = htons(0x0400);
1352     *wp++ = htons(0x2040); // move.l d0,a0
1353 cebix 1.1 *wp++ = htons(M68K_EMUL_OP_FIX_MEMSIZE);
1354 cebix 1.8 *wp++ = htons(M68K_RTS);
1355 cebix 1.1
1356     static const uint8 fix_memsize2_dat[] = {0x22, 0x30, 0x81, 0xe2, 0x0d, 0xdc, 0xff, 0xba, 0xd2, 0xb0, 0x81, 0xe2, 0x0d, 0xdc, 0xff, 0xec, 0x21, 0xc1, 0x1e, 0xf8};
1357     base = find_rom_data(0x4c000, 0x4c080, fix_memsize2_dat, sizeof(fix_memsize2_dat));
1358     D(bug("fix_memsize2 %08lx\n", base));
1359     if (base) { // ROM15/22/23/26/27/32
1360     wp = (uint16 *)(ROMBaseHost + base + 16);
1361     *wp++ = htons(M68K_NOP);
1362     *wp = htons(M68K_NOP);
1363     }
1364    
1365     // Don't open .Sound driver but install our own drivers
1366     wp = (uint16 *)(ROMBaseHost + 0x1142);
1367     *wp = htons(M68K_EMUL_OP_INSTALL_DRIVERS);
1368    
1369     // Don't access SonyVars
1370     wp = (uint16 *)(ROMBaseHost + 0x1144);
1371     *wp++ = htons(M68K_NOP);
1372     *wp++ = htons(M68K_NOP);
1373     *wp++ = htons(M68K_NOP);
1374     *wp++ = htons(M68K_NOP);
1375     wp += 2;
1376     *wp = htons(M68K_NOP);
1377    
1378     // Don't write to VIA in InitADB
1379     wp = (uint16 *)(ROMBaseHost + 0xa8a8);
1380     if (*wp == 0) { // ROM22/23/26/27/32
1381     wp = (uint16 *)(ROMBaseHost + 0xb2c6a);
1382     *wp++ = htons(M68K_NOP);
1383     *wp++ = htons(M68K_NOP);
1384     *wp = htons(M68K_NOP);
1385     wp = (uint16 *)(ROMBaseHost + 0xb2d2e);
1386     *wp++ = htons(M68K_NOP);
1387     *wp++ = htons(M68K_NOP);
1388     *wp++ = htons(M68K_NOP);
1389     *wp++ = htons(M68K_NOP);
1390     *wp++ = htons(M68K_NOP);
1391     *wp++ = htons(M68K_NOP);
1392     *wp++ = htons(M68K_NOP);
1393     *wp++ = htons(M68K_NOP);
1394     *wp++ = htons(M68K_NOP);
1395     *wp++ = htons(M68K_NOP);
1396     *wp++ = htons(M68K_NOP);
1397     *wp++ = htons(M68K_NOP);
1398     wp += 2;
1399     *wp++ = htons(M68K_NOP);
1400     *wp = htons(M68K_NOP);
1401     } else {
1402     *wp++ = htons(M68K_NOP);
1403     *wp++ = htons(M68K_NOP);
1404     *wp = htons(M68K_NOP);
1405     wp = (uint16 *)(ROMBaseHost + 0xa662);
1406     *wp++ = htons(M68K_NOP);
1407     *wp++ = htons(M68K_NOP);
1408     *wp++ = htons(M68K_NOP);
1409     *wp++ = htons(M68K_NOP);
1410     *wp++ = htons(M68K_NOP);
1411     wp += 2;
1412     *wp++ = htons(M68K_NOP);
1413     *wp = htons(M68K_NOP);
1414     }
1415    
1416     // Don't EnableSlotInts
1417     if ((base = find_rom_data(0x2ee, 0x2f2, lea_dat, sizeof(lea_dat))) == 0) return false;
1418     D(bug("enable_slot_ints %08lx\n", base));
1419     wp = (uint16 *)(ROMBaseHost + base);
1420     *wp++ = htons(M68K_NOP);
1421     *wp++ = htons(M68K_NOP);
1422     *wp++ = htons(M68K_NOP);
1423     *wp++ = htons(M68K_NOP);
1424     *wp = htons(M68K_NOP);
1425    
1426     // Don't mangle frame buffer base (GetDevBase)
1427     wp = (uint16 *)(ROMBaseHost + 0x5b78);
1428     *wp++ = htons(M68K_NOP);
1429     *wp++ = htons(M68K_NOP);
1430     *wp++ = htons(0x2401); // move.l d1,d2
1431     *wp = htons(0x605e); // bra 0x40805bde
1432    
1433     // Really don't mangle frame buffer base
1434     if (ROMSize > 0x80000) {
1435     static const uint8 frame_base_dat[] = {0x22, 0x78, 0x0d, 0xd8, 0xd3, 0xe9, 0x00, 0x08};
1436     base = find_rom_data(0x8c000, 0x8d000, frame_base_dat, sizeof(frame_base_dat));
1437     D(bug("frame_base %08lx\n", base));
1438     if (base) { // ROM22/23/26/27/32
1439     wp = (uint16 *)(ROMBaseHost + base);
1440     *wp++ = htons(0x2401); // move.l d1,d2
1441     *wp = htons(M68K_RTS);
1442     }
1443     }
1444    
1445     // Don't write to VIA2
1446     static const uint8 via2_dat[] = {0x20, 0x78, 0x0c, 0xec, 0x11, 0x7c, 0x00, 0x90};
1447     if ((base = find_rom_data(0xa000, 0xa400, via2_dat, sizeof(via2_dat))) == 0) return false;
1448     D(bug("via2 %08lx\n", base));
1449     wp = (uint16 *)(ROMBaseHost + base + 4);
1450     *wp = htons(M68K_RTS);
1451    
1452     // Don't write to VIA2, even on ROM20
1453     static const uint8 via2b_dat[] = {0x20, 0x78, 0x0c, 0xec, 0x11, 0x7c, 0x00, 0x90, 0x00, 0x13, 0x4e, 0x75};
1454     base = find_rom_data(0x40000, 0x44000, via2b_dat, sizeof(via2b_dat));
1455     D(bug("via2b %08lx\n", base));
1456     if (base) { // ROM19/20
1457     wp = (uint16 *)(ROMBaseHost + base + 4);
1458     *wp = htons(M68K_RTS);
1459     }
1460    
1461     // Don't use PTEST instruction on 68040/060
1462     if (ROMSize > 0x80000) {
1463    
1464     // BlockMove()
1465     static const uint8 ptest_dat[] = {0xa0, 0x8d, 0x0c, 0x81, 0x00, 0x00, 0x0c, 0x00, 0x6d, 0x06, 0x4e, 0x71, 0xf4, 0xf8};
1466     base = find_rom_data(0x87000, 0x87800, ptest_dat, sizeof(ptest_dat));
1467     D(bug("ptest %08lx\n", base));
1468     if (base) { // ROM15/22/23/26/27/32
1469     wp = (uint16 *)(ROMBaseHost + base + 8);
1470     *wp = htons(M68K_NOP);
1471     }
1472    
1473     // SANE
1474     static const uint8 ptest2_dat[] = {0x0c, 0x38, 0x00, 0x04, 0x01, 0x2f, 0x6d, 0x54, 0x48, 0xe7, 0xf8, 0x60};
1475     base = find_rom_data(0, ROMSize, ptest2_dat, sizeof(ptest2_dat));
1476     D(bug("ptest2 %08lx\n", base));
1477     if (base) { // ROM15/20/22/23/26/27/32
1478     wp = (uint16 *)(ROMBaseHost + base + 8);
1479     *wp++ = htons(M68K_NOP);
1480     *wp++ = htons(0xf4f8); // cpusha dc/ic
1481     *wp++ = htons(M68K_NOP);
1482     *wp++ = htons(0x7000); // moveq #0,d0
1483     *wp = htons(M68K_RTS);
1484     }
1485     }
1486    
1487 cebix 1.10 // Don't set MemoryDispatch() to unimplemented trap
1488     static const uint8 memdisp_dat[] = {0x30, 0x3c, 0xa8, 0x9f, 0xa7, 0x46, 0x30, 0x3c, 0xa0, 0x5c, 0xa2, 0x47};
1489     base = find_rom_data(0x4f100, 0x4f180, memdisp_dat, sizeof(memdisp_dat));
1490     D(bug("memdisp %08lx\n", base));
1491 cebix 1.12 if (base) { // ROM15/22/23/26/27/32
1492 cebix 1.10 wp = (uint16 *)(ROMBaseHost + base + 10);
1493     *wp = htons(M68K_NOP);
1494     }
1495    
1496 cebix 1.1 // Patch .EDisk driver (don't scan for EDisks in the area ROMBase..0xe00000)
1497 cebix 1.15 uint32 edisk_offset = find_rom_resource(FOURCC('D','R','V','R'), 51);
1498 cebix 1.1 if (edisk_offset) {
1499     static const uint8 edisk_dat[] = {0xd5, 0xfc, 0x00, 0x01, 0x00, 0x00, 0xb5, 0xfc, 0x00, 0xe0, 0x00, 0x00};
1500     base = find_rom_data(edisk_offset, edisk_offset + 0x10000, edisk_dat, sizeof(edisk_dat));
1501     D(bug("edisk %08lx\n", base));
1502     if (base) {
1503     wp = (uint16 *)(ROMBaseHost + base + 8);
1504     *wp++ = 0;
1505     *wp = 0;
1506     }
1507     }
1508    
1509     // Replace .Sony driver
1510 cebix 1.15 sony_offset = find_rom_resource(FOURCC('D','R','V','R'), 4);
1511 cebix 1.1 D(bug("sony %08lx\n", sony_offset));
1512     memcpy(ROMBaseHost + sony_offset, sony_driver, sizeof(sony_driver));
1513    
1514     // Install .Disk and .AppleCD drivers
1515     memcpy(ROMBaseHost + sony_offset + 0x100, disk_driver, sizeof(disk_driver));
1516     memcpy(ROMBaseHost + sony_offset + 0x200, cdrom_driver, sizeof(cdrom_driver));
1517    
1518     // Copy icons to ROM
1519     SonyDiskIconAddr = ROMBaseMac + sony_offset + 0x400;
1520     memcpy(ROMBaseHost + sony_offset + 0x400, SonyDiskIcon, sizeof(SonyDiskIcon));
1521     SonyDriveIconAddr = ROMBaseMac + sony_offset + 0x600;
1522     memcpy(ROMBaseHost + sony_offset + 0x600, SonyDriveIcon, sizeof(SonyDriveIcon));
1523     DiskIconAddr = ROMBaseMac + sony_offset + 0x800;
1524     memcpy(ROMBaseHost + sony_offset + 0x800, DiskIcon, sizeof(DiskIcon));
1525     CDROMIconAddr = ROMBaseMac + sony_offset + 0xa00;
1526     memcpy(ROMBaseHost + sony_offset + 0xa00, CDROMIcon, sizeof(CDROMIcon));
1527    
1528     // Install SERD patch and serial drivers
1529 cebix 1.15 serd_offset = find_rom_resource(FOURCC('S','E','R','D'), 0);
1530 cebix 1.1 D(bug("serd %08lx\n", serd_offset));
1531     wp = (uint16 *)(ROMBaseHost + serd_offset + 12);
1532     *wp++ = htons(M68K_EMUL_OP_SERD);
1533     *wp = htons(M68K_RTS);
1534     memcpy(ROMBaseHost + serd_offset + 0x100, ain_driver, sizeof(ain_driver));
1535     memcpy(ROMBaseHost + serd_offset + 0x200, aout_driver, sizeof(aout_driver));
1536     memcpy(ROMBaseHost + serd_offset + 0x300, bin_driver, sizeof(bin_driver));
1537     memcpy(ROMBaseHost + serd_offset + 0x400, bout_driver, sizeof(bout_driver));
1538    
1539     // Replace ADBOp()
1540     memcpy(ROMBaseHost + find_rom_trap(0xa07c), adbop_patch, sizeof(adbop_patch));
1541    
1542     // Replace Time Manager (the Microseconds patch is activated in InstallDrivers())
1543     wp = (uint16 *)(ROMBaseHost + find_rom_trap(0xa058));
1544     *wp++ = htons(M68K_EMUL_OP_INSTIME);
1545     *wp = htons(M68K_RTS);
1546     wp = (uint16 *)(ROMBaseHost + find_rom_trap(0xa059));
1547     *wp++ = htons(0x40e7); // move sr,-(sp)
1548     *wp++ = htons(0x007c); // ori #$0700,sr
1549     *wp++ = htons(0x0700);
1550     *wp++ = htons(M68K_EMUL_OP_RMVTIME);
1551     *wp++ = htons(0x46df); // move (sp)+,sr
1552     *wp = htons(M68K_RTS);
1553     wp = (uint16 *)(ROMBaseHost + find_rom_trap(0xa05a));
1554     *wp++ = htons(0x40e7); // move sr,-(sp)
1555     *wp++ = htons(0x007c); // ori #$0700,sr
1556     *wp++ = htons(0x0700);
1557     *wp++ = htons(M68K_EMUL_OP_PRIMETIME);
1558     *wp++ = htons(0x46df); // move (sp)+,sr
1559     *wp++ = htons(M68K_RTS);
1560     microseconds_offset = (uint8 *)wp - ROMBaseHost;
1561     *wp++ = htons(M68K_EMUL_OP_MICROSECONDS);
1562 jlachmann 1.16 *wp++ = htons(M68K_RTS);
1563    
1564     // Replace DebugUtil
1565     debugutil_offset = (uint8 *)wp - ROMBaseHost;
1566     *wp++ = htons(M68K_EMUL_OP_DEBUGUTIL);
1567 cebix 1.1 *wp = htons(M68K_RTS);
1568    
1569     // Replace SCSIDispatch()
1570     wp = (uint16 *)(ROMBaseHost + find_rom_trap(0xa815));
1571     *wp++ = htons(M68K_EMUL_OP_SCSI_DISPATCH);
1572     *wp++ = htons(0x2e49); // move.l a1,a7
1573     *wp = htons(M68K_JMP_A0);
1574    
1575     // Modify vCheckLoad() so we can patch resources
1576     wp = (uint16 *)(ROMBaseHost + 0x1b8f4);
1577     *wp++ = htons(M68K_JMP);
1578     *wp++ = htons((ROMBaseMac + sony_offset + 0x300) >> 16);
1579     *wp = htons((ROMBaseMac + sony_offset + 0x300) & 0xffff);
1580     wp = (uint16 *)(ROMBaseHost + sony_offset + 0x300);
1581     *wp++ = htons(0x2f03); // move.l d3,-(sp) (save type)
1582     *wp++ = htons(0x2078); // move.l $07f0,a0
1583     *wp++ = htons(0x07f0);
1584     *wp++ = htons(M68K_JSR_A0);
1585     *wp++ = htons(0x221f); // move.l (sp)+,d1 (restore type)
1586     *wp++ = htons(M68K_EMUL_OP_CHECKLOAD);
1587     *wp = htons(M68K_RTS);
1588    
1589     // Patch PowerOff()
1590     wp = (uint16 *)(ROMBaseHost + find_rom_trap(0xa05b)); // PowerOff()
1591     *wp = htons(M68K_EMUL_OP_SHUTDOWN);
1592    
1593     // Install PutScrap() patch for clipboard data exchange (the patch is activated by EMUL_OP_INSTALL_DRIVERS)
1594     PutScrapPatch = ROMBaseMac + sony_offset + 0xc00;
1595     base = ROMBaseMac + find_rom_trap(0xa9fe);
1596     wp = (uint16 *)(ROMBaseHost + sony_offset + 0xc00);
1597     *wp++ = htons(M68K_EMUL_OP_PUT_SCRAP);
1598     *wp++ = htons(M68K_JMP);
1599     *wp++ = htons(base >> 16);
1600     *wp = htons(base & 0xffff);
1601    
1602 cebix 1.7 #if EMULATED_68K
1603     // Replace BlockMove()
1604     wp = (uint16 *)(ROMBaseHost + find_rom_trap(0xa02e)); // BlockMove()
1605     *wp++ = htons(M68K_EMUL_OP_BLOCK_MOVE);
1606     *wp++ = htons(0x7000);
1607     *wp = htons(M68K_RTS);
1608     #endif
1609 cebix 1.12
1610     // Look for double PACK 4 resources
1611 cebix 1.15 if ((base = find_rom_resource(FOURCC('P','A','C','K'), 4)) == 0) return false;
1612     if ((base = find_rom_resource(FOURCC('P','A','C','K'), 4, true)) == 0 && FPUType == 0)
1613 cebix 1.12 printf("WARNING: This ROM seems to require an FPU\n");
1614 cebix 1.7
1615 cebix 1.1 // Patch VIA interrupt handler
1616     wp = (uint16 *)(ROMBaseHost + 0x9bc4); // Level 1 handler
1617     *wp++ = htons(0x7002); // moveq #2,d0 (always 60Hz interrupt)
1618     *wp++ = htons(M68K_NOP);
1619     *wp++ = htons(M68K_NOP);
1620     *wp++ = htons(M68K_NOP);
1621     *wp = htons(M68K_NOP);
1622    
1623     wp = (uint16 *)(ROMBaseHost + 0xa29a); // 60Hz handler (handles everything)
1624     *wp++ = htons(M68K_EMUL_OP_IRQ);
1625     *wp++ = htons(0x4a80); // tst.l d0
1626     *wp = htons(0x67f4); // beq 0x4080a294
1627     return true;
1628     }
1629    
1630     bool PatchROM(void)
1631     {
1632 cebix 1.11 // Print some information about the ROM
1633     if (PrintROMInfo)
1634     print_rom_info();
1635 cebix 1.1
1636     // Patch ROM depending on version
1637     switch (ROMVersion) {
1638     case ROM_VERSION_CLASSIC:
1639     if (!patch_rom_classic())
1640     return false;
1641     break;
1642     case ROM_VERSION_32:
1643     if (!patch_rom_32())
1644     return false;
1645     break;
1646     default:
1647     return false;
1648     }
1649    
1650     // Install breakpoint
1651 cebix 1.10 if (ROMBreakpoint) {
1652     uint16 *wp = (uint16 *)(ROMBaseHost + ROMBreakpoint);
1653     *wp = htons(M68K_EMUL_BREAK);
1654     }
1655 cebix 1.1
1656     // Clear caches as we loaded and patched code
1657     FlushCodeCache(ROMBaseHost, ROMSize);
1658     return true;
1659     }