ViewVC Help
View File | Revision Log | Show Annotations | Revision Graph | Root Listing
root/cebix/BasiliskII/src/rom_patches.cpp
Revision: 1.23
Committed: 2004-01-12T15:29:22Z (20 years, 10 months ago) by cebix
Branch: MAIN
CVS Tags: nigel-build-16, nigel-build-15
Changes since 1.22: +1 -1 lines
Log Message:
Happy New Year! :)

File Contents

# User Rev Content
1 cebix 1.1 /*
2     * rom_patches.cpp - ROM patches
3     *
4 cebix 1.23 * Basilisk II (C) 1997-2004 Christian Bauer
5 cebix 1.1 *
6     * This program is free software; you can redistribute it and/or modify
7     * it under the terms of the GNU General Public License as published by
8     * the Free Software Foundation; either version 2 of the License, or
9     * (at your option) any later version.
10     *
11     * This program is distributed in the hope that it will be useful,
12     * but WITHOUT ANY WARRANTY; without even the implied warranty of
13     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14     * GNU General Public License for more details.
15     *
16     * You should have received a copy of the GNU General Public License
17     * along with this program; if not, write to the Free Software
18     * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19     */
20    
21     #include <string.h>
22    
23     #include "sysdeps.h"
24     #include "cpu_emulation.h"
25     #include "main.h"
26     #include "emul_op.h"
27     #include "macos_util.h"
28     #include "slot_rom.h"
29     #include "sony.h"
30     #include "disk.h"
31     #include "cdrom.h"
32     #include "video.h"
33 cebix 1.5 #include "extfs.h"
34 cebix 1.1 #include "prefs.h"
35     #include "rom_patches.h"
36    
37 cebix 1.9 #define DEBUG 0
38 cebix 1.1 #include "debug.h"
39    
40    
41     // Global variables
42 cebix 1.11 uint32 UniversalInfo; // ROM offset of UniversalInfo
43     uint32 PutScrapPatch; // Mac address of PutScrap() patch
44     uint32 ROMBreakpoint = 0; // ROM offset of breakpoint (0 = disabled, 0x2310 = CritError)
45     bool PrintROMInfo = false; // Flag: print ROM information in PatchROM()
46 gbeauche 1.20 bool PatchHWBases = true; // Flag: patch hardware base addresses
47 cebix 1.1
48 jlachmann 1.16 static uint32 sony_offset; // ROM offset of .Sony driver
49     static uint32 serd_offset; // ROM offset of SERD resource (serial drivers)
50     static uint32 microseconds_offset; // ROM offset of Microseconds() replacement routine
51     static uint32 debugutil_offset; // ROM offset of DebugUtil() replacement routine
52 cebix 1.1
53     // Prototypes
54     uint16 ROMVersion;
55    
56     /*
57 gbeauche 1.20 * Macros used to extract one of the 16-bit words from a 32-bit word value
58 gbeauche 1.17 */
59    
60     #define HiWord(X) (((X) >> 16) & 0xffff)
61     #define LoWord(X) ((X) & 0xffff)
62    
63    
64     /*
65 cebix 1.1 * Search ROM for byte string, return ROM offset (or 0)
66     */
67    
68     static uint32 find_rom_data(uint32 start, uint32 end, const uint8 *data, uint32 data_len)
69     {
70     uint32 ofs = start;
71     while (ofs < end) {
72     if (!memcmp((void *)(ROMBaseHost + ofs), data, data_len))
73     return ofs;
74     ofs++;
75     }
76     return 0;
77     }
78    
79    
80     /*
81     * Search ROM resource by type/ID, return ROM offset of resource data
82     */
83    
84     static uint32 rsrc_ptr = 0;
85    
86     static uint32 find_rom_resource(uint32 s_type, int16 s_id, bool cont = false)
87     {
88     uint32 lp = ROMBaseMac + ReadMacInt32(ROMBaseMac + 0x1a);
89     uint32 x = ReadMacInt32(lp);
90    
91     if (!cont)
92     rsrc_ptr = x;
93 cebix 1.12 else
94     rsrc_ptr = ReadMacInt32(ROMBaseMac + rsrc_ptr + 8);
95 cebix 1.1
96     for (;;) {
97     lp = ROMBaseMac + rsrc_ptr;
98     uint32 data = ReadMacInt32(lp + 12);
99     uint32 type = ReadMacInt32(lp + 16);
100     int16 id = ReadMacInt16(lp + 20);
101    
102     if (type == s_type && id == s_id)
103     return data;
104    
105     rsrc_ptr = ReadMacInt32(lp + 8);
106     if (!rsrc_ptr)
107     break;
108     }
109     return 0;
110     }
111    
112    
113     /*
114     * Search offset of A-Trap routine in ROM
115     */
116    
117     static uint32 find_rom_trap(uint16 trap)
118     {
119     uint8 *bp = (uint8 *)(ROMBaseHost + ReadMacInt32(ROMBaseMac + 0x22));
120     uint16 rom_trap = 0xa800;
121     uint32 ofs = 0;
122    
123     again:
124     for (int i=0; i<0x400; i++) {
125     bool unimplemented = false;
126     uint8 b = *bp++;
127     if (b == 0x80) // Unimplemented trap
128     unimplemented = true;
129     else if (b == 0xff) { // Absolute address
130     ofs = (bp[0] << 24) | (bp[1] << 16) | (bp[2] << 8) | bp[3];
131     bp += 4;
132     } else if (b & 0x80) { // 1 byte offset
133     int16 add = (b & 0x7f) << 1;
134     if (!add)
135     return 0;
136     ofs += add;
137     } else { // 2 byte offset
138     int16 add = ((b << 8) | *bp++) << 1;
139     if (!add)
140     return 0;
141     ofs += add;
142     }
143     if (rom_trap == trap)
144     return unimplemented ? 0 : ofs;
145     rom_trap++;
146     }
147     rom_trap = 0xa000;
148     goto again;
149     }
150    
151    
152     /*
153 cebix 1.11 * Print ROM information to stream,
154     */
155    
156     static void list_rom_resources(void)
157     {
158     printf("ROM Resources:\n");
159     printf("Offset\t Type\tID\tSize\tName\n");
160     printf("------------------------------------------------\n");
161    
162     uint32 lp = ROMBaseMac + ReadMacInt32(ROMBaseMac + 0x1a);
163     uint32 rsrc_ptr = ReadMacInt32(lp);
164    
165     for (;;) {
166     lp = ROMBaseMac + rsrc_ptr;
167     uint32 data = ReadMacInt32(lp + 12);
168    
169     char name[32];
170     int name_len = ReadMacInt8(lp + 23), i;
171     for (i=0; i<name_len; i++)
172     name[i] = ReadMacInt8(lp + 24 + i);
173     name[i] = 0;
174    
175     printf("%08x %c%c%c%c\t%d\t%d\t%s\n", data, ReadMacInt8(lp + 16), ReadMacInt8(lp + 17), ReadMacInt8(lp + 18), ReadMacInt8(lp + 19), ReadMacInt16(lp + 20), ReadMacInt32(ROMBaseMac + data - 8), name);
176    
177     rsrc_ptr = ReadMacInt32(lp + 8);
178     if (!rsrc_ptr)
179     break;
180     }
181     printf("\n");
182     }
183    
184     // Mapping of Model IDs to Model names
185     struct mac_desc {
186     char *name;
187     int32 id;
188     };
189    
190     static mac_desc MacDesc[] = {
191     {"Classic" , 1},
192     {"Mac XL" , 2},
193     {"Mac 512KE" , 3},
194     {"Mac Plus" , 4},
195     {"Mac SE" , 5},
196     {"Mac II" , 6},
197     {"Mac IIx" , 7},
198     {"Mac IIcx" , 8},
199     {"Mac SE/030" , 9},
200     {"Mac Portable" , 10},
201     {"Mac IIci" , 11},
202     {"Mac IIfx" , 13},
203     {"Mac Classic" , 17},
204     {"Mac IIsi" , 18},
205     {"Mac LC" , 19},
206     {"Quadra 900" , 20},
207     {"PowerBook 170" , 21},
208     {"Quadra 700" , 22},
209     {"Classic II" , 23},
210     {"PowerBook 100" , 24},
211     {"PowerBook 140" , 25},
212     {"Quadra 950" , 26},
213     {"Mac LCIII/Performa 450", 27},
214     {"PowerBook Duo 210" , 29},
215     {"Centris 650" , 30},
216     {"PowerBook Duo 230" , 32},
217     {"PowerBook 180" , 33},
218     {"PowerBook 160" , 34},
219     {"Quadra 800" , 35},
220     {"Quadra 650" , 36},
221     {"Mac LCII" , 37},
222     {"PowerBook Duo 250" , 38},
223     {"Mac IIvi" , 44},
224     {"Mac IIvm/Performa 600", 45},
225     {"Mac IIvx" , 48},
226     {"Color Classic/Performa 250", 49},
227     {"PowerBook 165c" , 50},
228     {"Centris 610" , 52},
229     {"Quadra 610" , 53},
230     {"PowerBook 145" , 54},
231     {"Mac LC520" , 56},
232     {"Quadra/Centris 660AV" , 60},
233     {"Performa 46x" , 62},
234     {"PowerBook 180c" , 71},
235     {"PowerBook 520/520c/540/540c", 72},
236     {"PowerBook Duo 270c" , 77},
237     {"Quadra 840AV" , 78},
238     {"Performa 550" , 80},
239     {"PowerBook 165" , 84},
240     {"PowerBook 190" , 85},
241     {"Mac TV" , 88},
242     {"Mac LC475/Performa 47x", 89},
243     {"Mac LC575" , 92},
244     {"Quadra 605" , 94},
245     {"Quadra 630" , 98},
246     {"Mac LC580" , 99},
247     {"PowerBook Duo 280" , 102},
248     {"PowerBook Duo 280c" , 103},
249     {"PowerBook 150" , 115},
250     {"unknown", -1}
251     };
252    
253     static void print_universal_info(uint32 info)
254     {
255     uint8 id = ReadMacInt8(info + 18);
256     uint16 hwcfg = ReadMacInt16(info + 16);
257     uint16 rom85 = ReadMacInt16(info + 20);
258    
259     // Find model name
260     char *name = "unknown";
261     for (int i=0; MacDesc[i].id >= 0; i++)
262     if (MacDesc[i].id == id + 6) {
263     name = MacDesc[i].name;
264     break;
265     }
266    
267     printf("%08x %02x\t%04x\t%04x\t%s\n", info - ROMBaseMac, id, hwcfg, rom85, name);
268     }
269    
270     static void list_universal_infos(void)
271     {
272     uint32 ofs = 0x3000;
273     for (int i=0; i<0x2000; i+=2, ofs+=2)
274     if (ReadMacInt32(ROMBaseMac + ofs) == 0xdc000505) {
275     ofs -= 16;
276     uint32 q;
277     for (q=ofs; q > 0 && ReadMacInt32(ROMBaseMac + q) != ofs - q; q-=4) ;
278     if (q > 0) {
279     printf("Universal Table at %08x:\n", q);
280     printf("Offset\t ID\tHWCfg\tROM85\tModel\n");
281     printf("------------------------------------------------\n");
282 cebix 1.15 while ((ofs = ReadMacInt32(ROMBaseMac + q))) {
283 cebix 1.11 print_universal_info(ROMBaseMac + ofs + q);
284     q += 4;
285     }
286     }
287     break;
288     }
289     printf("\n");
290     }
291    
292     static void print_rom_info(void)
293     {
294     printf("\nROM Info:\n");
295     printf("Checksum : %08x\n", ReadMacInt32(ROMBaseMac));
296     printf("Version : %04x\n", ROMVersion);
297     printf("Sub Version : %04x\n", ReadMacInt16(ROMBaseMac + 18));
298     printf("Resource Map: %08x\n", ReadMacInt32(ROMBaseMac + 26));
299     printf("Trap Tables : %08x\n\n", ReadMacInt32(ROMBaseMac + 34));
300     if (ROMVersion == ROM_VERSION_32) {
301     list_rom_resources();
302     list_universal_infos();
303     }
304     }
305    
306    
307     /*
308 cebix 1.1 * Driver stubs
309     */
310    
311     static const uint8 sony_driver[] = { // Replacement for .Sony driver
312     // Driver header
313 cebix 1.4 SonyDriverFlags >> 8, SonyDriverFlags & 0xff, 0, 0, 0, 0, 0, 0,
314 cebix 1.1 0x00, 0x18, // Open() offset
315     0x00, 0x1c, // Prime() offset
316     0x00, 0x20, // Control() offset
317     0x00, 0x2c, // Status() offset
318     0x00, 0x52, // Close() offset
319     0x05, 0x2e, 0x53, 0x6f, 0x6e, 0x79, // ".Sony"
320    
321     // Open()
322     M68K_EMUL_OP_SONY_OPEN >> 8, M68K_EMUL_OP_SONY_OPEN & 0xff,
323     0x4e, 0x75, // rts
324    
325     // Prime()
326     M68K_EMUL_OP_SONY_PRIME >> 8, M68K_EMUL_OP_SONY_PRIME & 0xff,
327     0x60, 0x0e, // bra IOReturn
328    
329     // Control()
330     M68K_EMUL_OP_SONY_CONTROL >> 8, M68K_EMUL_OP_SONY_CONTROL & 0xff,
331     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
332     0x66, 0x04, // bne IOReturn
333     0x4e, 0x75, // rts
334    
335     // Status()
336     M68K_EMUL_OP_SONY_STATUS >> 8, M68K_EMUL_OP_SONY_STATUS & 0xff,
337    
338     // IOReturn
339     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
340     0x08, 0x01, 0x00, 0x09, // btst #9,d1
341     0x67, 0x0c, // beq 1
342     0x4a, 0x40, // tst.w d0
343     0x6f, 0x02, // ble 2
344     0x42, 0x40, // clr.w d0
345     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
346     0x4e, 0x75, // rts
347     0x4a, 0x40, //1 tst.w d0
348     0x6f, 0x04, // ble 3
349     0x42, 0x40, // clr.w d0
350     0x4e, 0x75, // rts
351     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(sp)
352     0x4e, 0x75, // rts
353    
354     // Close()
355     0x70, 0xe8, // moveq #-24,d0
356     0x4e, 0x75 // rts
357     };
358    
359     static const uint8 disk_driver[] = { // Generic disk driver
360     // Driver header
361 cebix 1.4 DiskDriverFlags >> 8, DiskDriverFlags & 0xff, 0, 0, 0, 0, 0, 0,
362 cebix 1.1 0x00, 0x18, // Open() offset
363     0x00, 0x1c, // Prime() offset
364     0x00, 0x20, // Control() offset
365     0x00, 0x2c, // Status() offset
366     0x00, 0x52, // Close() offset
367     0x05, 0x2e, 0x44, 0x69, 0x73, 0x6b, // ".Disk"
368    
369     // Open()
370     M68K_EMUL_OP_DISK_OPEN >> 8, M68K_EMUL_OP_DISK_OPEN & 0xff,
371     0x4e, 0x75, // rts
372    
373     // Prime()
374     M68K_EMUL_OP_DISK_PRIME >> 8, M68K_EMUL_OP_DISK_PRIME & 0xff,
375     0x60, 0x0e, // bra IOReturn
376    
377     // Control()
378     M68K_EMUL_OP_DISK_CONTROL >> 8, M68K_EMUL_OP_DISK_CONTROL & 0xff,
379     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
380     0x66, 0x04, // bne IOReturn
381     0x4e, 0x75, // rts
382    
383     // Status()
384     M68K_EMUL_OP_DISK_STATUS >> 8, M68K_EMUL_OP_DISK_STATUS & 0xff,
385    
386     // IOReturn
387     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
388     0x08, 0x01, 0x00, 0x09, // btst #9,d1
389     0x67, 0x0c, // beq 1
390     0x4a, 0x40, // tst.w d0
391     0x6f, 0x02, // ble 2
392     0x42, 0x40, // clr.w d0
393     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
394     0x4e, 0x75, // rts
395     0x4a, 0x40, //1 tst.w d0
396     0x6f, 0x04, // ble 3
397     0x42, 0x40, // clr.w d0
398     0x4e, 0x75, // rts
399     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(sp)
400     0x4e, 0x75, // rts
401    
402     // Close()
403     0x70, 0xe8, // moveq #-24,d0
404     0x4e, 0x75 // rts
405     };
406    
407     static const uint8 cdrom_driver[] = { // CD-ROM driver
408     // Driver header
409 cebix 1.4 CDROMDriverFlags >> 8, CDROMDriverFlags & 0xff, 0, 0, 0, 0, 0, 0,
410 cebix 1.1 0x00, 0x1c, // Open() offset
411     0x00, 0x20, // Prime() offset
412     0x00, 0x24, // Control() offset
413     0x00, 0x30, // Status() offset
414     0x00, 0x56, // Close() offset
415     0x08, 0x2e, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x43, 0x44, 0x00, // ".AppleCD"
416    
417     // Open()
418     M68K_EMUL_OP_CDROM_OPEN >> 8, M68K_EMUL_OP_CDROM_OPEN & 0xff,
419     0x4e, 0x75, // rts
420    
421     // Prime()
422     M68K_EMUL_OP_CDROM_PRIME >> 8, M68K_EMUL_OP_CDROM_PRIME & 0xff,
423     0x60, 0x0e, // bra IOReturn
424    
425     // Control()
426     M68K_EMUL_OP_CDROM_CONTROL >> 8, M68K_EMUL_OP_CDROM_CONTROL & 0xff,
427     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
428     0x66, 0x04, // bne IOReturn
429     0x4e, 0x75, // rts
430    
431     // Status()
432     M68K_EMUL_OP_CDROM_STATUS >> 8, M68K_EMUL_OP_CDROM_STATUS & 0xff,
433    
434     // IOReturn
435     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
436     0x08, 0x01, 0x00, 0x09, // btst #9,d1
437     0x67, 0x0c, // beq 1
438     0x4a, 0x40, // tst.w d0
439     0x6f, 0x02, // ble 2
440     0x42, 0x40, // clr.w d0
441     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
442     0x4e, 0x75, // rts
443     0x4a, 0x40, //1 tst.w d0
444     0x6f, 0x04, // ble 3
445     0x42, 0x40, // clr.w d0
446     0x4e, 0x75, // rts
447     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(sp)
448     0x4e, 0x75, // rts
449    
450     // Close()
451     0x70, 0xe8, // moveq #-24,d0
452     0x4e, 0x75 // rts
453     };
454    
455     static const uint8 ain_driver[] = { // .AIn driver header
456     // Driver header
457     0x4d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
458     0x00, 0x18, // Open() offset
459     0x00, 0x1e, // Prime() offset
460     0x00, 0x24, // Control() offset
461     0x00, 0x32, // Status() offset
462     0x00, 0x38, // Close() offset
463     0x04, 0x2e, 0x41, 0x49, 0x6e, 0x09, // ".AIn",9
464    
465     // Open()
466     0x70, 0x00, // moveq #0,d0
467     M68K_EMUL_OP_SERIAL_OPEN >> 8, M68K_EMUL_OP_SERIAL_OPEN & 0xff,
468     0x4e, 0x75, // rts
469    
470     // Prime()
471     0x70, 0x00, // moveq #0,d0
472     M68K_EMUL_OP_SERIAL_PRIME >> 8, M68K_EMUL_OP_SERIAL_PRIME & 0xff,
473     0x60, 0x1a, // bra IOReturn
474    
475     // Control()
476     0x70, 0x00, // moveq #0,d0
477     M68K_EMUL_OP_SERIAL_CONTROL >> 8, M68K_EMUL_OP_SERIAL_CONTROL & 0xff,
478     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
479     0x66, 0x0e, // bne IOReturn
480     0x4e, 0x75, // rts
481    
482     // Status()
483     0x70, 0x00, // moveq #0,d0
484     M68K_EMUL_OP_SERIAL_STATUS >> 8, M68K_EMUL_OP_SERIAL_STATUS & 0xff,
485     0x60, 0x06, // bra IOReturn
486    
487     // Close()
488     0x70, 0x00, // moveq #0,d0
489     M68K_EMUL_OP_SERIAL_CLOSE >> 8, M68K_EMUL_OP_SERIAL_CLOSE & 0xff,
490     0x4e, 0x75, // rts
491    
492     // IOReturn
493     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
494     0x08, 0x01, 0x00, 0x09, // btst #9,d1
495     0x67, 0x0c, // beq 1
496     0x4a, 0x40, // tst.w d0
497     0x6f, 0x02, // ble 2
498     0x42, 0x40, // clr.w d0
499     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
500     0x4e, 0x75, // rts
501     0x4a, 0x40, //1 tst.w d0
502     0x6f, 0x04, // ble 3
503     0x42, 0x40, // clr.w d0
504     0x4e, 0x75, // rts
505     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(a7)
506     0x4e, 0x75, // rts
507     };
508    
509     static const uint8 aout_driver[] = { // .AOut driver header
510     // Driver header
511     0x4e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
512     0x00, 0x1a, // Open() offset
513     0x00, 0x20, // Prime() offset
514     0x00, 0x26, // Control() offset
515     0x00, 0x34, // Status() offset
516     0x00, 0x3a, // Close() offset
517     0x05, 0x2e, 0x41, 0x4f, 0x75, 0x74, 0x09, 0x00, // ".AOut",9
518    
519     // Open()
520     0x70, 0x01, // moveq #1,d0
521     M68K_EMUL_OP_SERIAL_OPEN >> 8, M68K_EMUL_OP_SERIAL_OPEN & 0xff,
522     0x4e, 0x75, // rts
523    
524     // Prime()
525     0x70, 0x01, // moveq #1,d0
526     M68K_EMUL_OP_SERIAL_PRIME >> 8, M68K_EMUL_OP_SERIAL_PRIME & 0xff,
527     0x60, 0x1a, // bra IOReturn
528    
529     // Control()
530     0x70, 0x01, // moveq #1,d0
531     M68K_EMUL_OP_SERIAL_CONTROL >> 8, M68K_EMUL_OP_SERIAL_CONTROL & 0xff,
532     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
533     0x66, 0x0e, // bne IOReturn
534     0x4e, 0x75, // rts
535    
536     // Status()
537     0x70, 0x01, // moveq #1,d0
538     M68K_EMUL_OP_SERIAL_STATUS >> 8, M68K_EMUL_OP_SERIAL_STATUS & 0xff,
539     0x60, 0x06, // bra IOReturn
540    
541     // Close()
542     0x70, 0x01, // moveq #1,d0
543     M68K_EMUL_OP_SERIAL_CLOSE >> 8, M68K_EMUL_OP_SERIAL_CLOSE & 0xff,
544     0x4e, 0x75, // rts
545    
546     // IOReturn
547     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
548     0x08, 0x01, 0x00, 0x09, // btst #9,d1
549     0x67, 0x0c, // beq 1
550     0x4a, 0x40, // tst.w d0
551     0x6f, 0x02, // ble 2
552     0x42, 0x40, // clr.w d0
553     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
554     0x4e, 0x75, // rts
555     0x4a, 0x40, //1 tst.w d0
556     0x6f, 0x04, // ble 3
557     0x42, 0x40, // clr.w d0
558     0x4e, 0x75, // rts
559     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(a7)
560     0x4e, 0x75, // rts
561     };
562    
563     static const uint8 bin_driver[] = { // .BIn driver header
564     // Driver header
565     0x4d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
566     0x00, 0x18, // Open() offset
567     0x00, 0x1e, // Prime() offset
568     0x00, 0x24, // Control() offset
569     0x00, 0x32, // Status() offset
570     0x00, 0x38, // Close() offset
571     0x04, 0x2e, 0x42, 0x49, 0x6e, 0x09, // ".BIn",9
572    
573     // Open()
574     0x70, 0x02, // moveq #2,d0
575     M68K_EMUL_OP_SERIAL_OPEN >> 8, M68K_EMUL_OP_SERIAL_OPEN & 0xff,
576     0x4e, 0x75, // rts
577    
578     // Prime()
579     0x70, 0x02, // moveq #2,d0
580     M68K_EMUL_OP_SERIAL_PRIME >> 8, M68K_EMUL_OP_SERIAL_PRIME & 0xff,
581     0x60, 0x1a, // bra IOReturn
582    
583     // Control()
584     0x70, 0x02, // moveq #2,d0
585     M68K_EMUL_OP_SERIAL_CONTROL >> 8, M68K_EMUL_OP_SERIAL_CONTROL & 0xff,
586     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
587     0x66, 0x0e, // bne IOReturn
588     0x4e, 0x75, // rts
589    
590     // Status()
591     0x70, 0x02, // moveq #2,d0
592     M68K_EMUL_OP_SERIAL_STATUS >> 8, M68K_EMUL_OP_SERIAL_STATUS & 0xff,
593     0x60, 0x06, // bra IOReturn
594    
595     // Close()
596     0x70, 0x02, // moveq #2,d0
597     M68K_EMUL_OP_SERIAL_CLOSE >> 8, M68K_EMUL_OP_SERIAL_CLOSE & 0xff,
598     0x4e, 0x75, // rts
599    
600     // IOReturn
601     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
602     0x08, 0x01, 0x00, 0x09, // btst #9,d1
603     0x67, 0x0c, // beq 1
604     0x4a, 0x40, // tst.w d0
605     0x6f, 0x02, // ble 2
606     0x42, 0x40, // clr.w d0
607     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
608     0x4e, 0x75, // rts
609     0x4a, 0x40, //1 tst.w d0
610     0x6f, 0x04, // ble 3
611     0x42, 0x40, // clr.w d0
612     0x4e, 0x75, // rts
613     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(a7)
614     0x4e, 0x75, // rts
615     };
616    
617     static const uint8 bout_driver[] = { // .BOut driver header
618     // Driver header
619     0x4e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
620     0x00, 0x1a, // Open() offset
621     0x00, 0x20, // Prime() offset
622     0x00, 0x26, // Control() offset
623     0x00, 0x34, // Status() offset
624     0x00, 0x3a, // Close() offset
625     0x05, 0x2e, 0x42, 0x4f, 0x75, 0x74, 0x09, 0x00, // ".BOut",9
626    
627     // Open()
628     0x70, 0x03, // moveq #3,d0
629     M68K_EMUL_OP_SERIAL_OPEN >> 8, M68K_EMUL_OP_SERIAL_OPEN & 0xff,
630     0x4e, 0x75, // rts
631    
632     // Prime()
633     0x70, 0x03, // moveq #3,d0
634     M68K_EMUL_OP_SERIAL_PRIME >> 8, M68K_EMUL_OP_SERIAL_PRIME & 0xff,
635     0x60, 0x1a, // bra IOReturn
636    
637     // Control()
638     0x70, 0x03, // moveq #3,d0
639     M68K_EMUL_OP_SERIAL_CONTROL >> 8, M68K_EMUL_OP_SERIAL_CONTROL & 0xff,
640     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
641     0x66, 0x0e, // bne IOReturn
642     0x4e, 0x75, // rts
643    
644     // Status()
645     0x70, 0x03, // moveq #3,d0
646     M68K_EMUL_OP_SERIAL_STATUS >> 8, M68K_EMUL_OP_SERIAL_STATUS & 0xff,
647     0x60, 0x06, // bra IOReturn
648    
649     // Close()
650     0x70, 0x03, // moveq #3,d0
651     M68K_EMUL_OP_SERIAL_CLOSE >> 8, M68K_EMUL_OP_SERIAL_CLOSE & 0xff,
652     0x4e, 0x75, // rts
653    
654     // IOReturn
655     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
656     0x08, 0x01, 0x00, 0x09, // btst #9,d1
657     0x67, 0x0c, // beq 1
658     0x4a, 0x40, // tst.w d0
659     0x6f, 0x02, // ble 2
660     0x42, 0x40, // clr.w d0
661     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
662     0x4e, 0x75, // rts
663     0x4a, 0x40, //1 tst.w d0
664     0x6f, 0x04, // ble 3
665     0x42, 0x40, // clr.w d0
666     0x4e, 0x75, // rts
667     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(a7)
668     0x4e, 0x75, // rts
669     };
670    
671    
672     /*
673     * ADBOp() patch
674     */
675    
676     static const uint8 adbop_patch[] = { // Call ADBOp() completion procedure
677     // The completion procedure may call ADBOp() again!
678     0x40, 0xe7, // move sr,-(sp)
679     0x00, 0x7c, 0x07, 0x00, // ori #$0700,sr
680     M68K_EMUL_OP_ADBOP >> 8, M68K_EMUL_OP_ADBOP & 0xff,
681     0x48, 0xe7, 0x70, 0xf0, // movem.l d1-d3/a0-a3,-(sp)
682     0x26, 0x48, // move.l a0,a3
683     0x4a, 0xab, 0x00, 0x04, // tst.l 4(a3)
684     0x67, 0x00, 0x00, 0x18, // beq 1
685     0x20, 0x53, // move.l (a3),a0
686     0x22, 0x6b, 0x00, 0x04, // move.l 4(a3),a1
687     0x24, 0x6b, 0x00, 0x08, // move.l 8(a3),a2
688     0x26, 0x78, 0x0c, 0xf8, // move.l $cf8,a3
689     0x4e, 0x91, // jsr (a1)
690     0x70, 0x00, // moveq #0,d0
691     0x60, 0x00, 0x00, 0x04, // bra 2
692     0x70, 0xff, //1 moveq #-1,d0
693     0x4c, 0xdf, 0x0f, 0x0e, //2 movem.l (sp)+,d1-d3/a0-a3
694     0x46, 0xdf, // move (sp)+,sr
695     0x4e, 0x75 // rts
696     };
697    
698    
699     /*
700     * Install .Sony, disk and CD-ROM drivers
701     */
702    
703     void InstallDrivers(uint32 pb)
704     {
705 cebix 1.14 D(bug("InstallDrivers, pb %08x\n", pb));
706 cebix 1.1 M68kRegisters r;
707    
708     // Install Microseconds() replacement routine
709     r.a[0] = ROMBaseMac + microseconds_offset;
710     r.d[0] = 0xa093;
711     Execute68kTrap(0xa247, &r); // SetOSTrapAddress()
712    
713 jlachmann 1.16 // Install DebugUtil() replacement routine
714     r.a[0] = ROMBaseMac + debugutil_offset;
715     r.d[0] = 0xa08d;
716     Execute68kTrap(0xa247, &r); // SetOSTrapAddress()
717    
718 cebix 1.1 // Install disk driver
719     r.a[0] = ROMBaseMac + sony_offset + 0x100;
720     r.d[0] = (uint32)DiskRefNum;
721     Execute68kTrap(0xa43d, &r); // DrvrInstallRsrvMem()
722     r.a[0] = ReadMacInt32(ReadMacInt32(0x11c) + ~DiskRefNum * 4); // Get driver handle from Unit Table
723     Execute68kTrap(0xa029, &r); // HLock()
724     uint32 dce = ReadMacInt32(r.a[0]);
725     WriteMacInt32(dce + dCtlDriver, ROMBaseMac + sony_offset + 0x100);
726     WriteMacInt16(dce + dCtlFlags, DiskDriverFlags);
727    
728     // Open disk driver
729     WriteMacInt32(pb + ioNamePtr, ROMBaseMac + sony_offset + 0x112);
730     r.a[0] = pb;
731     Execute68kTrap(0xa000, &r); // Open()
732    
733     // Install CD-ROM driver unless nocdrom option given
734     if (!PrefsFindBool("nocdrom")) {
735    
736     // Install CD-ROM driver
737     r.a[0] = ROMBaseMac + sony_offset + 0x200;
738     r.d[0] = (uint32)CDROMRefNum;
739     Execute68kTrap(0xa43d, &r); // DrvrInstallRsrvMem()
740     r.a[0] = ReadMacInt32(ReadMacInt32(0x11c) + ~CDROMRefNum * 4); // Get driver handle from Unit Table
741     Execute68kTrap(0xa029, &r); // HLock()
742     dce = ReadMacInt32(r.a[0]);
743     WriteMacInt32(dce + dCtlDriver, ROMBaseMac + sony_offset + 0x200);
744     WriteMacInt16(dce + dCtlFlags, CDROMDriverFlags);
745    
746     // Open CD-ROM driver
747     WriteMacInt32(pb + ioNamePtr, ROMBaseMac + sony_offset + 0x212);
748     r.a[0] = pb;
749     Execute68kTrap(0xa000, &r); // Open()
750     }
751     }
752    
753    
754     /*
755     * Install serial drivers
756     */
757    
758     void InstallSERD(void)
759     {
760     D(bug("InstallSERD\n"));
761    
762     // All drivers are inside the SERD resource
763     M68kRegisters r;
764    
765     // Install .AIn driver
766     r.d[0] = (uint32)-6;
767     r.a[0] = ROMBaseMac + serd_offset + 0x100;
768     Execute68kTrap(0xa53d, &r); // DrvrInstallRsrvMem()
769     Execute68kTrap(0xa029, &r); // HLock()
770     uint32 drvr_ptr = ReadMacInt32(r.a[0]);
771     WriteMacInt32(drvr_ptr + dCtlDriver, ROMBaseMac + serd_offset + 0x100); // Pointer to driver header
772     WriteMacInt16(drvr_ptr + dCtlFlags, (ain_driver[0] << 8) + ain_driver[1]); // Driver flags
773     WriteMacInt16(drvr_ptr + dCtlQHdr + qFlags, 9); // Version number
774    
775     // Install .AOut driver
776     r.d[0] = (uint32)-7;
777     r.a[0] = ROMBaseMac + serd_offset + 0x200;
778     Execute68kTrap(0xa53d, &r); // DrvrInstallRsrvMem()
779     Execute68kTrap(0xa029, &r); // HLock()
780     drvr_ptr = ReadMacInt32(r.a[0]);
781     WriteMacInt32(drvr_ptr + dCtlDriver, ROMBaseMac + serd_offset + 0x200); // Pointer to driver header
782     WriteMacInt16(drvr_ptr + dCtlFlags, (aout_driver[0] << 8) + aout_driver[1]); // Driver flags
783     WriteMacInt16(drvr_ptr + dCtlQHdr + qFlags, 9); // Version number
784    
785     // Install .BIn driver
786     r.d[0] = (uint32)-8;
787     r.a[0] = ROMBaseMac + serd_offset + 0x300;
788     Execute68kTrap(0xa53d, &r); // DrvrInstallRsrvMem()
789     Execute68kTrap(0xa029, &r); // HLock()
790     drvr_ptr = ReadMacInt32(r.a[0]);
791     WriteMacInt32(drvr_ptr + dCtlDriver, ROMBaseMac + serd_offset + 0x300); // Pointer to driver header
792     WriteMacInt16(drvr_ptr + dCtlFlags, (bin_driver[0] << 8) + bin_driver[1]); // Driver flags
793     WriteMacInt16(drvr_ptr + dCtlQHdr + qFlags, 9); // Version number
794    
795     // Install .BOut driver
796     r.d[0] = (uint32)-9;
797     r.a[0] = ROMBaseMac + serd_offset + 0x400;
798     Execute68kTrap(0xa53d, &r); // DrvrInstallRsrvMem()
799     Execute68kTrap(0xa029, &r); // HLock()
800     drvr_ptr = ReadMacInt32(r.a[0]);
801     WriteMacInt32(drvr_ptr + dCtlDriver, ROMBaseMac + serd_offset + 0x400); // Pointer to driver header
802     WriteMacInt16(drvr_ptr + dCtlFlags, (bout_driver[0] << 8) + bout_driver[1]); // Driver flags
803     WriteMacInt16(drvr_ptr + dCtlQHdr + qFlags, 9); // Version number
804     }
805    
806    
807     /*
808     * Install patches after MacOS startup
809     */
810    
811     void PatchAfterStartup(void)
812     {
813 cebix 1.6 #if SUPPORTS_EXTFS
814 cebix 1.5 // Install external file system
815     InstallExtFS();
816 cebix 1.6 #endif
817 cebix 1.1 }
818    
819    
820     /*
821     * Check ROM version, returns false if ROM version is not supported
822     */
823    
824     bool CheckROM(void)
825     {
826     // Read version
827     ROMVersion = ntohs(*(uint16 *)(ROMBaseHost + 8));
828    
829 gbeauche 1.17 #if REAL_ADDRESSING || DIRECT_ADDRESSING
830     // Real and direct addressing modes require a 32-bit clean ROM
831 cebix 1.1 return ROMVersion == ROM_VERSION_32;
832     #else
833 cebix 1.6 // Virtual addressing mode works with 32-bit clean Mac II ROMs and Classic ROMs
834 cebix 1.1 return (ROMVersion == ROM_VERSION_CLASSIC) || (ROMVersion == ROM_VERSION_32);
835     #endif
836     }
837    
838    
839     /*
840     * Install ROM patches, returns false if ROM version is not supported
841     */
842    
843     // ROM patches for Mac Classic/SE ROMs (version $0276)
844     static bool patch_rom_classic(void)
845     {
846     uint16 *wp;
847     uint32 base;
848    
849     // Don't jump into debugger (VIA line)
850     wp = (uint16 *)(ROMBaseHost + 0x1c40);
851     *wp = htons(0x601e);
852    
853     // Don't complain about incorrect ROM checksum
854     wp = (uint16 *)(ROMBaseHost + 0x1c6c);
855     *wp = htons(0x7c00);
856    
857     // Don't initialize IWM
858     wp = (uint16 *)(ROMBaseHost + 0x50);
859     *wp++ = htons(M68K_NOP);
860     *wp = htons(M68K_NOP);
861    
862     // Skip startup sound
863     wp = (uint16 *)(ROMBaseHost + 0x6a);
864     *wp++ = htons(M68K_NOP);
865     *wp = htons(M68K_NOP);
866    
867     // Don't loop in ADB init
868     wp = (uint16 *)(ROMBaseHost + 0x3364);
869     *wp = htons(M68K_NOP);
870    
871     // Patch ClkNoMem
872     wp = (uint16 *)(ROMBaseHost + 0xa2c0);
873     *wp++ = htons(M68K_EMUL_OP_CLKNOMEM);
874     *wp = htons(0x4ed5); // jmp (a5)
875    
876     // Skip main memory test (not that it wouldn't pass, but it's faster that way)
877     wp = (uint16 *)(ROMBaseHost + 0x11e);
878     *wp++ = htons(M68K_NOP);
879     *wp = htons(M68K_NOP);
880    
881     // Install our own drivers
882     wp = (uint16 *)(ROMBaseHost + 0x3f82a);
883     *wp++ = htons(M68K_EMUL_OP_INSTALL_DRIVERS);
884     *wp++ = htons(M68K_NOP);
885     *wp++ = htons(M68K_NOP);
886     *wp = htons(M68K_NOP);
887    
888     #if 1
889     // Don't look for SCSI devices
890     wp = (uint16 *)(ROMBaseHost + 0xd5a);
891     *wp = htons(0x601e);
892     #endif
893    
894     // Replace .Sony driver
895     sony_offset = 0x34680;
896     D(bug("sony %08lx\n", sony_offset));
897     memcpy(ROMBaseHost + sony_offset, sony_driver, sizeof(sony_driver));
898    
899     // Install .Disk and .AppleCD drivers
900     memcpy(ROMBaseHost + sony_offset + 0x100, disk_driver, sizeof(disk_driver));
901     memcpy(ROMBaseHost + sony_offset + 0x200, cdrom_driver, sizeof(cdrom_driver));
902    
903     // Copy icons to ROM
904     SonyDiskIconAddr = ROMBaseMac + sony_offset + 0x400;
905     memcpy(ROMBaseHost + sony_offset + 0x400, SonyDiskIcon, sizeof(SonyDiskIcon));
906     SonyDriveIconAddr = ROMBaseMac + sony_offset + 0x600;
907     memcpy(ROMBaseHost + sony_offset + 0x600, SonyDriveIcon, sizeof(SonyDriveIcon));
908     DiskIconAddr = ROMBaseMac + sony_offset + 0x800;
909     memcpy(ROMBaseHost + sony_offset + 0x800, DiskIcon, sizeof(DiskIcon));
910     CDROMIconAddr = ROMBaseMac + sony_offset + 0xa00;
911     memcpy(ROMBaseHost + sony_offset + 0xa00, CDROMIcon, sizeof(CDROMIcon));
912    
913     // Install SERD patch and serial drivers
914     serd_offset = 0x31bae;
915     D(bug("serd %08lx\n", serd_offset));
916     wp = (uint16 *)(ROMBaseHost + serd_offset + 12);
917     *wp++ = htons(M68K_EMUL_OP_SERD);
918     *wp = htons(M68K_RTS);
919     memcpy(ROMBaseHost + serd_offset + 0x100, ain_driver, sizeof(ain_driver));
920     memcpy(ROMBaseHost + serd_offset + 0x200, aout_driver, sizeof(aout_driver));
921     memcpy(ROMBaseHost + serd_offset + 0x300, bin_driver, sizeof(bin_driver));
922     memcpy(ROMBaseHost + serd_offset + 0x400, bout_driver, sizeof(bout_driver));
923    
924     // Replace ADBOp()
925     memcpy(ROMBaseHost + 0x3880, adbop_patch, sizeof(adbop_patch));
926    
927     // Replace Time Manager
928     wp = (uint16 *)(ROMBaseHost + 0x1a95c);
929     *wp++ = htons(M68K_EMUL_OP_INSTIME);
930     *wp = htons(M68K_RTS);
931     wp = (uint16 *)(ROMBaseHost + 0x1a96a);
932     *wp++ = htons(0x40e7); // move sr,-(sp)
933     *wp++ = htons(0x007c); // ori #$0700,sr
934     *wp++ = htons(0x0700);
935     *wp++ = htons(M68K_EMUL_OP_RMVTIME);
936     *wp++ = htons(0x46df); // move (sp)+,sr
937     *wp = htons(M68K_RTS);
938     wp = (uint16 *)(ROMBaseHost + 0x1a984);
939     *wp++ = htons(0x40e7); // move sr,-(sp)
940     *wp++ = htons(0x007c); // ori #$0700,sr
941     *wp++ = htons(0x0700);
942     *wp++ = htons(M68K_EMUL_OP_PRIMETIME);
943     *wp++ = htons(0x46df); // move (sp)+,sr
944     *wp++ = htons(M68K_RTS);
945     microseconds_offset = (uint8 *)wp - ROMBaseHost;
946     *wp++ = htons(M68K_EMUL_OP_MICROSECONDS);
947 jlachmann 1.16 *wp++ = htons(M68K_RTS);
948    
949     // Replace DebugUtil
950     debugutil_offset = (uint8 *)wp - ROMBaseHost;
951     *wp++ = htons(M68K_EMUL_OP_DEBUGUTIL);
952 cebix 1.1 *wp = htons(M68K_RTS);
953    
954     // Replace SCSIDispatch()
955     wp = (uint16 *)(ROMBaseHost + 0x1a206);
956     *wp++ = htons(M68K_EMUL_OP_SCSI_DISPATCH);
957     *wp++ = htons(0x2e49); // move.l a1,a7
958     *wp = htons(M68K_JMP_A0);
959    
960     // Modify vCheckLoad() so we can patch resources
961     wp = (uint16 *)(ROMBaseHost + 0xe740);
962     *wp++ = htons(M68K_JMP);
963     *wp++ = htons((ROMBaseMac + sony_offset + 0x300) >> 16);
964     *wp = htons((ROMBaseMac + sony_offset + 0x300) & 0xffff);
965     wp = (uint16 *)(ROMBaseHost + sony_offset + 0x300);
966     *wp++ = htons(0x2f03); // move.l d3,-(sp) (save type)
967     *wp++ = htons(0x2078); // move.l $07f0,a0
968     *wp++ = htons(0x07f0);
969     *wp++ = htons(M68K_JSR_A0);
970     *wp++ = htons(0x221f); // move.l (sp)+,d1 (restore type)
971     *wp++ = htons(M68K_EMUL_OP_CHECKLOAD);
972     *wp = htons(M68K_RTS);
973    
974     // Install PutScrap() patch for clipboard data exchange (the patch is activated by EMUL_OP_INSTALL_DRIVERS)
975     PutScrapPatch = ROMBaseMac + sony_offset + 0xc00;
976     base = ROMBaseMac + 0x12794;
977     wp = (uint16 *)(ROMBaseHost + sony_offset + 0xc00);
978     *wp++ = htons(M68K_EMUL_OP_PUT_SCRAP);
979     *wp++ = htons(M68K_JMP);
980     *wp++ = htons(base >> 16);
981     *wp = htons(base & 0xffff);
982    
983     #if 0
984     // Boot from internal EDisk
985     wp = (uint16 *)(ROMBaseHost + 0x3f83c);
986     *wp = htons(M68K_NOP);
987     #endif
988    
989     // Patch VIA interrupt handler
990     wp = (uint16 *)(ROMBaseHost + 0x2b3a); // Level 1 handler
991     *wp++ = htons(0x5888); // addq.l #4,a0
992     *wp++ = htons(0x5888); // addq.l #4,a0
993     *wp++ = htons(M68K_NOP);
994     *wp++ = htons(M68K_NOP);
995     *wp++ = htons(M68K_NOP);
996     *wp++ = htons(M68K_NOP);
997     *wp++ = htons(M68K_NOP);
998     *wp++ = htons(M68K_NOP);
999     *wp = htons(M68K_NOP);
1000    
1001 cebix 1.22 wp = (uint16 *)(ROMBaseHost + 0x2be4); // 60Hz handler (handles everything)
1002     *wp++ = htons(M68K_NOP);
1003     *wp++ = htons(M68K_NOP);
1004 cebix 1.1 *wp++ = htons(M68K_EMUL_OP_IRQ);
1005     *wp++ = htons(0x4a80); // tst.l d0
1006     *wp = htons(0x67f4); // beq 0x402be2
1007     return true;
1008     }
1009    
1010     // ROM patches for 32-bit clean Mac-II ROMs (version $067c)
1011     static bool patch_rom_32(void)
1012     {
1013 cebix 1.3 uint32 *lp;
1014 cebix 1.1 uint16 *wp;
1015     uint8 *bp;
1016     uint32 base;
1017    
1018     // Find UniversalInfo
1019     static const uint8 universal_dat[] = {0xdc, 0x00, 0x05, 0x05, 0x3f, 0xff, 0x01, 0x00};
1020     if ((base = find_rom_data(0x3400, 0x3c00, universal_dat, sizeof(universal_dat))) == 0) return false;
1021     UniversalInfo = base - 0x10;
1022     D(bug("universal %08lx\n", UniversalInfo));
1023    
1024     // Patch UniversalInfo (disable NuBus slots)
1025     bp = ROMBaseHost + UniversalInfo + ReadMacInt32(ROMBaseMac + UniversalInfo + 12); // nuBusInfoPtr
1026     bp[0] = 0x03;
1027     for (int i=1; i<16; i++)
1028     bp[i] = 0x08;
1029    
1030     // Set model ID from preferences
1031     bp = ROMBaseHost + UniversalInfo + 18; // productKind
1032     *bp = PrefsFindInt32("modelid");
1033 gbeauche 1.20
1034     #if !ROM_IS_WRITE_PROTECTED
1035     #if defined(USE_SCRATCHMEM_SUBTERFUGE)
1036     // Set hardware base addresses to scratch memory area
1037     if (PatchHWBases) {
1038     extern uint8 *ScratchMem;
1039     const uint32 ScratchMemBase = Host2MacAddr(ScratchMem);
1040    
1041     D(bug("LMGlob\tOfs/4\tBase\n"));
1042     base = ROMBaseMac + UniversalInfo + ReadMacInt32(ROMBaseMac + UniversalInfo); // decoderInfoPtr
1043     wp = (uint16 *)(ROMBaseHost + 0x94a);
1044     while (*wp != 0xffff) {
1045     int16 ofs = ntohs(*wp++); // offset in decoderInfo (/4)
1046     int16 lmg = ntohs(*wp++); // address of LowMem global
1047     D(bug("0x%04x\t%d\t0x%08x\n", lmg, ofs, ReadMacInt32(base + ofs*4)));
1048    
1049     // Fake address only if this is not the ASC base
1050     if (lmg != 0xcc0)
1051     WriteMacInt32(base + ofs*4, ScratchMemBase);
1052     }
1053     }
1054     #else
1055     #error System specific handling for writable ROM is required here
1056     #endif
1057     #endif
1058 cebix 1.1
1059     // Make FPU optional
1060     if (FPUType == 0) {
1061     bp = ROMBaseHost + UniversalInfo + 22; // defaultRSRCs
1062     *bp = 4; // FPU optional
1063     }
1064    
1065     // Install special reset opcode and jump (skip hardware detection and tests)
1066     wp = (uint16 *)(ROMBaseHost + 0x8c);
1067     *wp++ = htons(M68K_EMUL_OP_RESET);
1068     *wp++ = htons(M68K_JMP);
1069     *wp++ = htons((ROMBaseMac + 0xba) >> 16);
1070     *wp = htons((ROMBaseMac + 0xba) & 0xffff);
1071    
1072     // Don't GetHardwareInfo
1073     wp = (uint16 *)(ROMBaseHost + 0xc2);
1074     *wp++ = htons(M68K_NOP);
1075     *wp = htons(M68K_NOP);
1076    
1077     // Don't init VIAs
1078     wp = (uint16 *)(ROMBaseHost + 0xc6);
1079     *wp++ = htons(M68K_NOP);
1080     *wp++ = htons(M68K_NOP);
1081     *wp++ = htons(M68K_NOP);
1082     *wp++ = htons(M68K_NOP);
1083     *wp++ = htons(M68K_NOP);
1084     *wp++ = htons(M68K_NOP);
1085     *wp++ = htons(M68K_NOP);
1086     *wp++ = htons(M68K_NOP);
1087     *wp++ = htons(M68K_NOP);
1088     *wp++ = htons(M68K_NOP);
1089     *wp++ = htons(M68K_NOP);
1090     *wp++ = htons(M68K_NOP);
1091     *wp++ = htons(M68K_NOP);
1092     *wp++ = htons(M68K_NOP);
1093     *wp = htons(M68K_NOP);
1094    
1095     // Fake CPU type test
1096     wp = (uint16 *)(ROMBaseHost + 0x7c0);
1097     *wp++ = htons(0x7e00 + CPUType);
1098     *wp = htons(M68K_RTS);
1099    
1100     // Don't clear end of BootGlobs upto end of RAM (address xxxx0000)
1101     static const uint8 clear_globs_dat[] = {0x42, 0x9a, 0x36, 0x0a, 0x66, 0xfa};
1102     base = find_rom_data(0xa00, 0xb00, clear_globs_dat, sizeof(clear_globs_dat));
1103     D(bug("clear_globs %08lx\n", base));
1104     if (base) { // ROM15/20/22/23/26/27/32
1105     wp = (uint16 *)(ROMBaseHost + base + 2);
1106     *wp++ = htons(M68K_NOP);
1107     *wp = htons(M68K_NOP);
1108     }
1109    
1110     // Patch InitMMU (no MMU present, don't choke on unknown CPU types)
1111     if (ROMSize <= 0x80000) {
1112     static const uint8 init_mmu_dat[] = {0x0c, 0x47, 0x00, 0x03, 0x62, 0x00, 0xfe};
1113     if ((base = find_rom_data(0x4000, 0x50000, init_mmu_dat, sizeof(init_mmu_dat))) == 0) return false;
1114     } else {
1115     static const uint8 init_mmu_dat[] = {0x0c, 0x47, 0x00, 0x04, 0x62, 0x00, 0xfd};
1116     if ((base = find_rom_data(0x80000, 0x90000, init_mmu_dat, sizeof(init_mmu_dat))) == 0) return false;
1117     }
1118     D(bug("init_mmu %08lx\n", base));
1119     wp = (uint16 *)(ROMBaseHost + base);
1120     *wp++ = htons(M68K_NOP);
1121     *wp++ = htons(M68K_NOP);
1122     *wp++ = htons(M68K_NOP);
1123     *wp++ = htons(M68K_NOP);
1124     wp++;
1125     *wp++ = htons(0x7000); // moveq #0,d0
1126     *wp = htons(M68K_NOP);
1127    
1128     // Patch InitMMU (no RBV present)
1129     static const uint8 init_mmu2_dat[] = {0x08, 0x06, 0x00, 0x0d, 0x67};
1130     if (ROMSize <= 0x80000) {
1131     base = find_rom_data(0x4000, 0x50000, init_mmu2_dat, sizeof(init_mmu2_dat));
1132     } else {
1133     base = find_rom_data(0x80000, 0x90000, init_mmu2_dat, sizeof(init_mmu2_dat));
1134     }
1135     D(bug("init_mmu2 %08lx\n", base));
1136     if (base) { // ROM11/10/13/26
1137     bp = (uint8 *)(ROMBaseHost + base + 4);
1138     *bp = 0x60; // bra
1139     }
1140    
1141     // Patch InitMMU (don't init MMU)
1142     static const uint8 init_mmu3_dat[] = {0x0c, 0x2e, 0x00, 0x01, 0xff, 0xe6, 0x66, 0x0c, 0x4c, 0xed, 0x03, 0x87, 0xff, 0xe8};
1143     if (ROMSize <= 0x80000) {
1144     if ((base = find_rom_data(0x4000, 0x50000, init_mmu3_dat, sizeof(init_mmu3_dat))) == 0) return false;
1145     } else {
1146     if ((base = find_rom_data(0x80000, 0x90000, init_mmu3_dat, sizeof(init_mmu3_dat))) == 0) return false;
1147     }
1148     D(bug("init_mmu3 %08lx\n", base));
1149     wp = (uint16 *)(ROMBaseHost + base + 6);
1150     *wp = htons(M68K_NOP);
1151    
1152     // Replace XPRAM routines
1153     static const uint8 read_xpram_dat[] = {0x26, 0x4e, 0x41, 0xf9, 0x50, 0xf0, 0x00, 0x00, 0x08, 0x90, 0x00, 0x02};
1154     base = find_rom_data(0x40000, 0x50000, read_xpram_dat, sizeof(read_xpram_dat));
1155     D(bug("read_xpram %08lx\n", base));
1156     if (base) { // ROM10
1157     wp = (uint16 *)(ROMBaseHost + base);
1158     *wp++ = htons(M68K_EMUL_OP_READ_XPRAM);
1159     *wp = htons(0x4ed6); // jmp (a6)
1160     }
1161     static const uint8 read_xpram2_dat[] = {0x26, 0x4e, 0x08, 0x92, 0x00, 0x02, 0xea, 0x59, 0x02, 0x01, 0x00, 0x07, 0x00, 0x01, 0x00, 0xb8};
1162     base = find_rom_data(0x40000, 0x50000, read_xpram2_dat, sizeof(read_xpram2_dat));
1163     D(bug("read_xpram2 %08lx\n", base));
1164     if (base) { // ROM11
1165     wp = (uint16 *)(ROMBaseHost + base);
1166     *wp++ = htons(M68K_EMUL_OP_READ_XPRAM);
1167     *wp = htons(0x4ed6); // jmp (a6)
1168     }
1169     if (ROMSize > 0x80000) {
1170     static const uint8 read_xpram3_dat[] = {0x48, 0xe7, 0xe0, 0x60, 0x02, 0x01, 0x00, 0x70, 0x0c, 0x01, 0x00, 0x20};
1171     base = find_rom_data(0x80000, 0x90000, read_xpram3_dat, sizeof(read_xpram3_dat));
1172     D(bug("read_xpram3 %08lx\n", base));
1173     if (base) { // ROM15
1174     wp = (uint16 *)(ROMBaseHost + base);
1175     *wp++ = htons(M68K_EMUL_OP_READ_XPRAM2);
1176     *wp = htons(M68K_RTS);
1177     }
1178     }
1179    
1180     // Patch ClkNoMem
1181     base = find_rom_trap(0xa053);
1182     wp = (uint16 *)(ROMBaseHost + base);
1183     if (ntohs(*wp) == 0x4ed5) { // ROM23/26/27/32
1184     static const uint8 clk_no_mem_dat[] = {0x40, 0xc2, 0x00, 0x7c, 0x07, 0x00, 0x48, 0x42};
1185     if ((base = find_rom_data(0xb0000, 0xb8000, clk_no_mem_dat, sizeof(clk_no_mem_dat))) == 0) return false;
1186     }
1187     D(bug("clk_no_mem %08lx\n", base));
1188     wp = (uint16 *)(ROMBaseHost + base);
1189     *wp++ = htons(M68K_EMUL_OP_CLKNOMEM);
1190     *wp = htons(0x4ed5); // jmp (a5)
1191    
1192     // Patch BootGlobs
1193     wp = (uint16 *)(ROMBaseHost + 0x10e);
1194     *wp++ = htons(M68K_EMUL_OP_PATCH_BOOT_GLOBS);
1195     *wp = htons(M68K_NOP);
1196    
1197     // Don't init SCC
1198     static const uint8 init_scc_dat[] = {0x08, 0x38, 0x00, 0x01, 0x0d, 0xd1, 0x67, 0x04};
1199     if ((base = find_rom_data(0xa00, 0xa80, init_scc_dat, sizeof(init_scc_dat))) == 0) return false;
1200     D(bug("init_scc %08lx\n", base));
1201     wp = (uint16 *)(ROMBaseHost + base);
1202     *wp = htons(M68K_RTS);
1203    
1204     // Don't access 0x50f1a101
1205     wp = (uint16 *)(ROMBaseHost + 0x4232);
1206     if (ntohs(wp[1]) == 0x50f1 && ntohs(wp[2]) == 0xa101) { // ROM32
1207     *wp++ = htons(M68K_NOP);
1208     *wp++ = htons(M68K_NOP);
1209     *wp++ = htons(M68K_NOP);
1210     *wp++ = htons(M68K_NOP);
1211     *wp = htons(M68K_NOP);
1212     }
1213    
1214     // Don't init IWM
1215     wp = (uint16 *)(ROMBaseHost + 0x9c0);
1216     *wp = htons(M68K_RTS);
1217    
1218     // Don't init SCSI
1219     wp = (uint16 *)(ROMBaseHost + 0x9a0);
1220     *wp = htons(M68K_RTS);
1221    
1222     // Don't init ASC
1223     static const uint8 init_asc_dat[] = {0x26, 0x68, 0x00, 0x30, 0x12, 0x00, 0xeb, 0x01};
1224     base = find_rom_data(0x4000, 0x5000, init_asc_dat, sizeof(init_asc_dat));
1225     D(bug("init_asc %08lx\n", base));
1226     if (base) { // ROM15/22/23/26/27/32
1227     wp = (uint16 *)(ROMBaseHost + base);
1228     *wp = htons(0x4ed6); // jmp (a6)
1229     }
1230    
1231     // Don't EnableExtCache
1232     wp = (uint16 *)(ROMBaseHost + 0x190);
1233     *wp++ = htons(M68K_NOP);
1234     *wp = htons(M68K_NOP);
1235    
1236     // Don't DisableIntSources
1237     wp = (uint16 *)(ROMBaseHost + 0x9f4c);
1238     *wp = htons(M68K_RTS);
1239    
1240     // Fake CPU speed test (SetupTimeK)
1241 jlachmann 1.16 // *** increased jl : MacsBug uses TimeDBRA for kbd repeat timing
1242 cebix 1.1 wp = (uint16 *)(ROMBaseHost + 0x800);
1243     *wp++ = htons(0x31fc); // move.w #xxx,TimeDBRA
1244 jlachmann 1.16 *wp++ = htons(10000);
1245 cebix 1.1 *wp++ = htons(0x0d00);
1246     *wp++ = htons(0x31fc); // move.w #xxx,TimeSCCDBRA
1247 jlachmann 1.16 *wp++ = htons(10000);
1248 cebix 1.1 *wp++ = htons(0x0d02);
1249     *wp++ = htons(0x31fc); // move.w #xxx,TimeSCSIDBRA
1250 jlachmann 1.16 *wp++ = htons(10000);
1251 cebix 1.1 *wp++ = htons(0x0b24);
1252     *wp++ = htons(0x31fc); // move.w #xxx,TimeRAMDBRA
1253 jlachmann 1.16 *wp++ = htons(10000);
1254 cebix 1.1 *wp++ = htons(0x0cea);
1255     *wp = htons(M68K_RTS);
1256    
1257     #if REAL_ADDRESSING
1258     // Move system zone to start of Mac RAM
1259 gbeauche 1.17 wp = (uint16 *)(ROMBaseHost + 0x50a);
1260     *wp++ = htons(HiWord(RAMBaseMac + 0x2000));
1261     *wp++ = htons(LoWord(RAMBaseMac + 0x2000));
1262     *wp++ = htons(HiWord(RAMBaseMac + 0x3800));
1263     *wp = htons(LoWord(RAMBaseMac + 0x3800));
1264 cebix 1.1 #endif
1265    
1266     #if !ROM_IS_WRITE_PROTECTED
1267 cebix 1.18 #if defined(USE_SCRATCHMEM_SUBTERFUGE)
1268 cebix 1.1 // Set fake handle at 0x0000 to scratch memory area (so broken Mac programs won't write into Mac ROM)
1269 gbeauche 1.17 extern uint8 *ScratchMem;
1270     const uint32 ScratchMemBase = Host2MacAddr(ScratchMem);
1271 cebix 1.1 wp = (uint16 *)(ROMBaseHost + 0xccaa);
1272     *wp++ = htons(0x203c); // move.l #ScratchMem,d0
1273 gbeauche 1.17 *wp++ = htons(ScratchMemBase >> 16);
1274     *wp = htons(ScratchMemBase);
1275 cebix 1.1 #else
1276     #error System specific handling for writable ROM is required here
1277     #endif
1278     #endif
1279    
1280     #if REAL_ADDRESSING && defined(AMIGA)
1281     // Don't overwrite SysBase under AmigaOS
1282     wp = (uint16 *)(ROMBaseHost + 0xccb4);
1283     *wp++ = htons(M68K_NOP);
1284     *wp = htons(M68K_NOP);
1285     #endif
1286 gbeauche 1.17
1287     #if REAL_ADDRESSING && !defined(AMIGA)
1288     // gb-- Temporary hack to get rid of crashes in Speedometer
1289     wp = (uint16 *)(ROMBaseHost + 0xdba2);
1290     if (ntohs(*wp) == 0x662c) // bne.b #$2c
1291     *wp = htons(0x602c); // bra.b #$2c
1292     #endif
1293    
1294 cebix 1.1 // Don't write to VIA in InitTimeMgr
1295     wp = (uint16 *)(ROMBaseHost + 0xb0e2);
1296     *wp++ = htons(0x4cdf); // movem.l (sp)+,d0-d5/a0-a4
1297     *wp++ = htons(0x1f3f);
1298     *wp = htons(M68K_RTS);
1299    
1300     // Don't read ModelID from 0x5ffffffc
1301     static const uint8 model_id_dat[] = {0x20, 0x7c, 0x5f, 0xff, 0xff, 0xfc, 0x72, 0x07, 0xc2, 0x90};
1302     base = find_rom_data(0x40000, 0x50000, model_id_dat, sizeof(model_id_dat));
1303     D(bug("model_id %08lx\n", base));
1304     if (base) { // ROM20
1305     wp = (uint16 *)(ROMBaseHost + base + 8);
1306     *wp++ = htons(M68K_NOP);
1307     *wp++ = htons(M68K_NOP);
1308     *wp++ = htons(M68K_NOP);
1309     *wp = htons(M68K_NOP);
1310     }
1311    
1312     // Don't read ModelID from 0x5ffffffc
1313     static const uint8 model_id2_dat[] = {0x45, 0xf9, 0x5f, 0xff, 0xff, 0xfc, 0x20, 0x12};
1314     base = find_rom_data(0x4000, 0x5000, model_id2_dat, sizeof(model_id2_dat));
1315     D(bug("model_id2 %08lx\n", base));
1316     if (base) { // ROM27/32
1317     wp = (uint16 *)(ROMBaseHost + base + 6);
1318     *wp++ = htons(0x7000); // moveq #0,d0
1319     *wp++ = htons(0xb040); // cmp.w d0,d0
1320     *wp = htons(0x4ed6); // jmp (a6)
1321     }
1322    
1323     // Install slot ROM
1324     if (!InstallSlotROM())
1325     return false;
1326    
1327     // Don't probe NuBus slots
1328     static const uint8 nubus_dat[] = {0x45, 0xfa, 0x00, 0x0a, 0x42, 0xa7, 0x10, 0x11};
1329     base = find_rom_data(0x5000, 0x6000, nubus_dat, sizeof(nubus_dat));
1330     D(bug("nubus %08lx\n", base));
1331     if (base) { // ROM10/11
1332     wp = (uint16 *)(ROMBaseHost + base + 6);
1333     *wp++ = htons(M68K_NOP);
1334     *wp++ = htons(M68K_NOP);
1335     *wp = htons(M68K_NOP);
1336     }
1337    
1338     // Don't EnableOneSecInts
1339     static const uint8 lea_dat[] = {0x41, 0xf9};
1340     if ((base = find_rom_data(0x226, 0x22a, lea_dat, sizeof(lea_dat))) == 0) return false;
1341     D(bug("enable_one_sec_ints %08lx\n", base));
1342     wp = (uint16 *)(ROMBaseHost + base);
1343     *wp++ = htons(M68K_NOP);
1344     *wp++ = htons(M68K_NOP);
1345     *wp++ = htons(M68K_NOP);
1346     *wp++ = htons(M68K_NOP);
1347     *wp = htons(M68K_NOP);
1348    
1349     // Don't EnableParityPatch/Enable60HzInts
1350     if ((base = find_rom_data(0x230, 0x234, lea_dat, sizeof(lea_dat))) == 0) {
1351     wp = (uint16 *)(ROMBaseHost + 0x230);
1352     if (ntohs(*wp) == 0x6100) // ROM11
1353     base = 0x230;
1354     else
1355     return false;
1356     }
1357     D(bug("enable_60hz_ints %08lx\n", base));
1358     wp = (uint16 *)(ROMBaseHost + base);
1359     *wp++ = htons(M68K_NOP);
1360     *wp++ = htons(M68K_NOP);
1361     *wp++ = htons(M68K_NOP);
1362     *wp++ = htons(M68K_NOP);
1363     *wp = htons(M68K_NOP);
1364    
1365 cebix 1.8 // Compute boot stack pointer and fix logical/physical RAM size (CompBootStack) (must be done after InitMemMgr!)
1366     wp = (uint16 *)(ROMBaseHost + 0x490);
1367     *wp++ = htons(0x2038); // move.l $10c,d0
1368     *wp++ = htons(0x010c);
1369     *wp++ = htons(0xd0b8); // add.l $2a6,d0
1370     *wp++ = htons(0x02a6);
1371     *wp++ = htons(0xe288); // lsr.l #1,d0
1372     *wp++ = htons(0x0880); // bclr #0,d0
1373     *wp++ = htons(0x0000);
1374     *wp++ = htons(0x0440); // subi.w #$400,d0
1375     *wp++ = htons(0x0400);
1376     *wp++ = htons(0x2040); // move.l d0,a0
1377 cebix 1.1 *wp++ = htons(M68K_EMUL_OP_FIX_MEMSIZE);
1378 cebix 1.8 *wp++ = htons(M68K_RTS);
1379 cebix 1.1
1380     static const uint8 fix_memsize2_dat[] = {0x22, 0x30, 0x81, 0xe2, 0x0d, 0xdc, 0xff, 0xba, 0xd2, 0xb0, 0x81, 0xe2, 0x0d, 0xdc, 0xff, 0xec, 0x21, 0xc1, 0x1e, 0xf8};
1381     base = find_rom_data(0x4c000, 0x4c080, fix_memsize2_dat, sizeof(fix_memsize2_dat));
1382     D(bug("fix_memsize2 %08lx\n", base));
1383     if (base) { // ROM15/22/23/26/27/32
1384     wp = (uint16 *)(ROMBaseHost + base + 16);
1385     *wp++ = htons(M68K_NOP);
1386     *wp = htons(M68K_NOP);
1387     }
1388    
1389     // Don't open .Sound driver but install our own drivers
1390     wp = (uint16 *)(ROMBaseHost + 0x1142);
1391     *wp = htons(M68K_EMUL_OP_INSTALL_DRIVERS);
1392    
1393     // Don't access SonyVars
1394     wp = (uint16 *)(ROMBaseHost + 0x1144);
1395     *wp++ = htons(M68K_NOP);
1396     *wp++ = htons(M68K_NOP);
1397     *wp++ = htons(M68K_NOP);
1398     *wp++ = htons(M68K_NOP);
1399     wp += 2;
1400     *wp = htons(M68K_NOP);
1401    
1402     // Don't write to VIA in InitADB
1403     wp = (uint16 *)(ROMBaseHost + 0xa8a8);
1404     if (*wp == 0) { // ROM22/23/26/27/32
1405     wp = (uint16 *)(ROMBaseHost + 0xb2c6a);
1406     *wp++ = htons(M68K_NOP);
1407     *wp++ = htons(M68K_NOP);
1408     *wp = htons(M68K_NOP);
1409     wp = (uint16 *)(ROMBaseHost + 0xb2d2e);
1410     *wp++ = htons(M68K_NOP);
1411     *wp++ = htons(M68K_NOP);
1412     *wp++ = htons(M68K_NOP);
1413     *wp++ = htons(M68K_NOP);
1414     *wp++ = htons(M68K_NOP);
1415     *wp++ = htons(M68K_NOP);
1416     *wp++ = htons(M68K_NOP);
1417     *wp++ = htons(M68K_NOP);
1418     *wp++ = htons(M68K_NOP);
1419     *wp++ = htons(M68K_NOP);
1420     *wp++ = htons(M68K_NOP);
1421     *wp++ = htons(M68K_NOP);
1422     wp += 2;
1423     *wp++ = htons(M68K_NOP);
1424     *wp = htons(M68K_NOP);
1425     } else {
1426     *wp++ = htons(M68K_NOP);
1427     *wp++ = htons(M68K_NOP);
1428     *wp = htons(M68K_NOP);
1429     wp = (uint16 *)(ROMBaseHost + 0xa662);
1430     *wp++ = htons(M68K_NOP);
1431     *wp++ = htons(M68K_NOP);
1432     *wp++ = htons(M68K_NOP);
1433     *wp++ = htons(M68K_NOP);
1434     *wp++ = htons(M68K_NOP);
1435     wp += 2;
1436     *wp++ = htons(M68K_NOP);
1437     *wp = htons(M68K_NOP);
1438     }
1439    
1440     // Don't EnableSlotInts
1441     if ((base = find_rom_data(0x2ee, 0x2f2, lea_dat, sizeof(lea_dat))) == 0) return false;
1442     D(bug("enable_slot_ints %08lx\n", base));
1443     wp = (uint16 *)(ROMBaseHost + base);
1444     *wp++ = htons(M68K_NOP);
1445     *wp++ = htons(M68K_NOP);
1446     *wp++ = htons(M68K_NOP);
1447     *wp++ = htons(M68K_NOP);
1448     *wp = htons(M68K_NOP);
1449    
1450     // Don't mangle frame buffer base (GetDevBase)
1451     wp = (uint16 *)(ROMBaseHost + 0x5b78);
1452     *wp++ = htons(M68K_NOP);
1453     *wp++ = htons(M68K_NOP);
1454     *wp++ = htons(0x2401); // move.l d1,d2
1455     *wp = htons(0x605e); // bra 0x40805bde
1456    
1457     // Really don't mangle frame buffer base
1458     if (ROMSize > 0x80000) {
1459     static const uint8 frame_base_dat[] = {0x22, 0x78, 0x0d, 0xd8, 0xd3, 0xe9, 0x00, 0x08};
1460     base = find_rom_data(0x8c000, 0x8d000, frame_base_dat, sizeof(frame_base_dat));
1461     D(bug("frame_base %08lx\n", base));
1462     if (base) { // ROM22/23/26/27/32
1463     wp = (uint16 *)(ROMBaseHost + base);
1464     *wp++ = htons(0x2401); // move.l d1,d2
1465     *wp = htons(M68K_RTS);
1466     }
1467     }
1468    
1469     // Don't write to VIA2
1470     static const uint8 via2_dat[] = {0x20, 0x78, 0x0c, 0xec, 0x11, 0x7c, 0x00, 0x90};
1471     if ((base = find_rom_data(0xa000, 0xa400, via2_dat, sizeof(via2_dat))) == 0) return false;
1472     D(bug("via2 %08lx\n", base));
1473     wp = (uint16 *)(ROMBaseHost + base + 4);
1474     *wp = htons(M68K_RTS);
1475    
1476     // Don't write to VIA2, even on ROM20
1477     static const uint8 via2b_dat[] = {0x20, 0x78, 0x0c, 0xec, 0x11, 0x7c, 0x00, 0x90, 0x00, 0x13, 0x4e, 0x75};
1478     base = find_rom_data(0x40000, 0x44000, via2b_dat, sizeof(via2b_dat));
1479     D(bug("via2b %08lx\n", base));
1480     if (base) { // ROM19/20
1481     wp = (uint16 *)(ROMBaseHost + base + 4);
1482     *wp = htons(M68K_RTS);
1483     }
1484    
1485     // Don't use PTEST instruction on 68040/060
1486     if (ROMSize > 0x80000) {
1487    
1488     // BlockMove()
1489 cebix 1.18 static const uint8 bmove_dat[] = {0x20, 0x5f, 0x22, 0x5f, 0x0c, 0x38, 0x00, 0x04, 0x01, 0x2f};
1490     base = find_rom_data(0x87000, 0x87800, bmove_dat, sizeof(bmove_dat));
1491     D(bug("block_move %08lx\n", base));
1492 cebix 1.1 if (base) { // ROM15/22/23/26/27/32
1493 cebix 1.18 wp = (uint16 *)(ROMBaseHost + base + 4);
1494     *wp++ = htons(M68K_EMUL_OP_BLOCK_MOVE);
1495     *wp++ = htons(0x7000);
1496     *wp = htons(M68K_RTS);
1497 cebix 1.1 }
1498    
1499     // SANE
1500     static const uint8 ptest2_dat[] = {0x0c, 0x38, 0x00, 0x04, 0x01, 0x2f, 0x6d, 0x54, 0x48, 0xe7, 0xf8, 0x60};
1501     base = find_rom_data(0, ROMSize, ptest2_dat, sizeof(ptest2_dat));
1502     D(bug("ptest2 %08lx\n", base));
1503     if (base) { // ROM15/20/22/23/26/27/32
1504     wp = (uint16 *)(ROMBaseHost + base + 8);
1505     *wp++ = htons(M68K_NOP);
1506     *wp++ = htons(0xf4f8); // cpusha dc/ic
1507     *wp++ = htons(M68K_NOP);
1508     *wp++ = htons(0x7000); // moveq #0,d0
1509     *wp = htons(M68K_RTS);
1510     }
1511     }
1512    
1513 cebix 1.10 // Don't set MemoryDispatch() to unimplemented trap
1514     static const uint8 memdisp_dat[] = {0x30, 0x3c, 0xa8, 0x9f, 0xa7, 0x46, 0x30, 0x3c, 0xa0, 0x5c, 0xa2, 0x47};
1515     base = find_rom_data(0x4f100, 0x4f180, memdisp_dat, sizeof(memdisp_dat));
1516     D(bug("memdisp %08lx\n", base));
1517 cebix 1.12 if (base) { // ROM15/22/23/26/27/32
1518 cebix 1.10 wp = (uint16 *)(ROMBaseHost + base + 10);
1519     *wp = htons(M68K_NOP);
1520     }
1521    
1522 cebix 1.1 // Patch .EDisk driver (don't scan for EDisks in the area ROMBase..0xe00000)
1523 cebix 1.15 uint32 edisk_offset = find_rom_resource(FOURCC('D','R','V','R'), 51);
1524 cebix 1.1 if (edisk_offset) {
1525     static const uint8 edisk_dat[] = {0xd5, 0xfc, 0x00, 0x01, 0x00, 0x00, 0xb5, 0xfc, 0x00, 0xe0, 0x00, 0x00};
1526     base = find_rom_data(edisk_offset, edisk_offset + 0x10000, edisk_dat, sizeof(edisk_dat));
1527     D(bug("edisk %08lx\n", base));
1528     if (base) {
1529     wp = (uint16 *)(ROMBaseHost + base + 8);
1530     *wp++ = 0;
1531     *wp = 0;
1532     }
1533     }
1534    
1535     // Replace .Sony driver
1536 cebix 1.15 sony_offset = find_rom_resource(FOURCC('D','R','V','R'), 4);
1537 cebix 1.1 D(bug("sony %08lx\n", sony_offset));
1538     memcpy(ROMBaseHost + sony_offset, sony_driver, sizeof(sony_driver));
1539    
1540     // Install .Disk and .AppleCD drivers
1541     memcpy(ROMBaseHost + sony_offset + 0x100, disk_driver, sizeof(disk_driver));
1542     memcpy(ROMBaseHost + sony_offset + 0x200, cdrom_driver, sizeof(cdrom_driver));
1543    
1544     // Copy icons to ROM
1545     SonyDiskIconAddr = ROMBaseMac + sony_offset + 0x400;
1546     memcpy(ROMBaseHost + sony_offset + 0x400, SonyDiskIcon, sizeof(SonyDiskIcon));
1547     SonyDriveIconAddr = ROMBaseMac + sony_offset + 0x600;
1548     memcpy(ROMBaseHost + sony_offset + 0x600, SonyDriveIcon, sizeof(SonyDriveIcon));
1549     DiskIconAddr = ROMBaseMac + sony_offset + 0x800;
1550     memcpy(ROMBaseHost + sony_offset + 0x800, DiskIcon, sizeof(DiskIcon));
1551     CDROMIconAddr = ROMBaseMac + sony_offset + 0xa00;
1552     memcpy(ROMBaseHost + sony_offset + 0xa00, CDROMIcon, sizeof(CDROMIcon));
1553    
1554     // Install SERD patch and serial drivers
1555 cebix 1.15 serd_offset = find_rom_resource(FOURCC('S','E','R','D'), 0);
1556 cebix 1.1 D(bug("serd %08lx\n", serd_offset));
1557     wp = (uint16 *)(ROMBaseHost + serd_offset + 12);
1558     *wp++ = htons(M68K_EMUL_OP_SERD);
1559     *wp = htons(M68K_RTS);
1560     memcpy(ROMBaseHost + serd_offset + 0x100, ain_driver, sizeof(ain_driver));
1561     memcpy(ROMBaseHost + serd_offset + 0x200, aout_driver, sizeof(aout_driver));
1562     memcpy(ROMBaseHost + serd_offset + 0x300, bin_driver, sizeof(bin_driver));
1563     memcpy(ROMBaseHost + serd_offset + 0x400, bout_driver, sizeof(bout_driver));
1564    
1565     // Replace ADBOp()
1566     memcpy(ROMBaseHost + find_rom_trap(0xa07c), adbop_patch, sizeof(adbop_patch));
1567    
1568     // Replace Time Manager (the Microseconds patch is activated in InstallDrivers())
1569     wp = (uint16 *)(ROMBaseHost + find_rom_trap(0xa058));
1570     *wp++ = htons(M68K_EMUL_OP_INSTIME);
1571     *wp = htons(M68K_RTS);
1572     wp = (uint16 *)(ROMBaseHost + find_rom_trap(0xa059));
1573     *wp++ = htons(0x40e7); // move sr,-(sp)
1574     *wp++ = htons(0x007c); // ori #$0700,sr
1575     *wp++ = htons(0x0700);
1576     *wp++ = htons(M68K_EMUL_OP_RMVTIME);
1577     *wp++ = htons(0x46df); // move (sp)+,sr
1578     *wp = htons(M68K_RTS);
1579     wp = (uint16 *)(ROMBaseHost + find_rom_trap(0xa05a));
1580     *wp++ = htons(0x40e7); // move sr,-(sp)
1581     *wp++ = htons(0x007c); // ori #$0700,sr
1582     *wp++ = htons(0x0700);
1583     *wp++ = htons(M68K_EMUL_OP_PRIMETIME);
1584     *wp++ = htons(0x46df); // move (sp)+,sr
1585     *wp++ = htons(M68K_RTS);
1586     microseconds_offset = (uint8 *)wp - ROMBaseHost;
1587     *wp++ = htons(M68K_EMUL_OP_MICROSECONDS);
1588 jlachmann 1.16 *wp++ = htons(M68K_RTS);
1589    
1590     // Replace DebugUtil
1591     debugutil_offset = (uint8 *)wp - ROMBaseHost;
1592     *wp++ = htons(M68K_EMUL_OP_DEBUGUTIL);
1593 cebix 1.1 *wp = htons(M68K_RTS);
1594    
1595     // Replace SCSIDispatch()
1596     wp = (uint16 *)(ROMBaseHost + find_rom_trap(0xa815));
1597     *wp++ = htons(M68K_EMUL_OP_SCSI_DISPATCH);
1598     *wp++ = htons(0x2e49); // move.l a1,a7
1599     *wp = htons(M68K_JMP_A0);
1600    
1601     // Modify vCheckLoad() so we can patch resources
1602     wp = (uint16 *)(ROMBaseHost + 0x1b8f4);
1603     *wp++ = htons(M68K_JMP);
1604     *wp++ = htons((ROMBaseMac + sony_offset + 0x300) >> 16);
1605     *wp = htons((ROMBaseMac + sony_offset + 0x300) & 0xffff);
1606     wp = (uint16 *)(ROMBaseHost + sony_offset + 0x300);
1607     *wp++ = htons(0x2f03); // move.l d3,-(sp) (save type)
1608     *wp++ = htons(0x2078); // move.l $07f0,a0
1609     *wp++ = htons(0x07f0);
1610     *wp++ = htons(M68K_JSR_A0);
1611     *wp++ = htons(0x221f); // move.l (sp)+,d1 (restore type)
1612     *wp++ = htons(M68K_EMUL_OP_CHECKLOAD);
1613     *wp = htons(M68K_RTS);
1614    
1615     // Patch PowerOff()
1616     wp = (uint16 *)(ROMBaseHost + find_rom_trap(0xa05b)); // PowerOff()
1617     *wp = htons(M68K_EMUL_OP_SHUTDOWN);
1618    
1619     // Install PutScrap() patch for clipboard data exchange (the patch is activated by EMUL_OP_INSTALL_DRIVERS)
1620     PutScrapPatch = ROMBaseMac + sony_offset + 0xc00;
1621     base = ROMBaseMac + find_rom_trap(0xa9fe);
1622     wp = (uint16 *)(ROMBaseHost + sony_offset + 0xc00);
1623     *wp++ = htons(M68K_EMUL_OP_PUT_SCRAP);
1624     *wp++ = htons(M68K_JMP);
1625     *wp++ = htons(base >> 16);
1626     *wp = htons(base & 0xffff);
1627 cebix 1.12
1628     // Look for double PACK 4 resources
1629 cebix 1.15 if ((base = find_rom_resource(FOURCC('P','A','C','K'), 4)) == 0) return false;
1630     if ((base = find_rom_resource(FOURCC('P','A','C','K'), 4, true)) == 0 && FPUType == 0)
1631 cebix 1.12 printf("WARNING: This ROM seems to require an FPU\n");
1632 cebix 1.7
1633 cebix 1.1 // Patch VIA interrupt handler
1634     wp = (uint16 *)(ROMBaseHost + 0x9bc4); // Level 1 handler
1635     *wp++ = htons(0x7002); // moveq #2,d0 (always 60Hz interrupt)
1636     *wp++ = htons(M68K_NOP);
1637     *wp++ = htons(M68K_NOP);
1638     *wp++ = htons(M68K_NOP);
1639     *wp = htons(M68K_NOP);
1640    
1641 cebix 1.22 wp = (uint16 *)(ROMBaseHost + 0xa296); // 60Hz handler (handles everything)
1642     *wp++ = htons(M68K_NOP);
1643     *wp++ = htons(M68K_NOP);
1644 cebix 1.1 *wp++ = htons(M68K_EMUL_OP_IRQ);
1645     *wp++ = htons(0x4a80); // tst.l d0
1646     *wp = htons(0x67f4); // beq 0x4080a294
1647     return true;
1648     }
1649    
1650     bool PatchROM(void)
1651     {
1652 cebix 1.11 // Print some information about the ROM
1653     if (PrintROMInfo)
1654     print_rom_info();
1655 cebix 1.1
1656     // Patch ROM depending on version
1657     switch (ROMVersion) {
1658     case ROM_VERSION_CLASSIC:
1659     if (!patch_rom_classic())
1660     return false;
1661     break;
1662     case ROM_VERSION_32:
1663     if (!patch_rom_32())
1664     return false;
1665     break;
1666     default:
1667     return false;
1668     }
1669    
1670     // Install breakpoint
1671 cebix 1.10 if (ROMBreakpoint) {
1672     uint16 *wp = (uint16 *)(ROMBaseHost + ROMBreakpoint);
1673     *wp = htons(M68K_EMUL_BREAK);
1674     }
1675 cebix 1.1
1676     // Clear caches as we loaded and patched code
1677     FlushCodeCache(ROMBaseHost, ROMSize);
1678     return true;
1679     }