 No.00264
couriersud Developer
Mar 19, 2008, 21:55
edited on: Mar 19, 2008, 23:43
|
On 0123u6 load is finished. Aftwerwards, game keeps resetting. Code at 3707 reads dongle. Following code around 3721 modifies 372e: It writes f3 there. Dongle read has to return e.g. 0x0d on read to E500 so that a 00 (NOP) is written to 372e so that the game can continue. |
|---|---|
|
No.01173
ShimaPong Tester
Jun 1, 2008, 18:12
|
Question > Dongle read has to return e.g. 0x0d on read to E500 so that a 00 (NOP) is written to 372e so that the game can continue. czeroize is based on M6502 CPU so that I think NOP is 0xEA. Is NOP = 0x00 correct in this case? Because of encrypted?? |
|
No.01178
ShimaPong Tester
Jun 2, 2008, 15:00
|
I understand. Sorry, my silly question. |
 No.05382
M.A.S.H. Senior Tester
Jan 4, 2010, 04:54
edited on: Jan 4, 2010, 04:55
|
I have compiled MAME 0.114u4 with the old M6502 files from 0.114u3 using the mingw-mame-20070617.exe and Zeroize works again. Then i used the M6502 files from 0.114u4 and edit the 6502 opcode file (cpu\m6502\t6502.c). In MAME 0.114u4 many new illegal opcodes were be added to t6502.c. I replaced and compared one by one with the t6502.c file from 0.114u3 and found out that the illegal 6510 opcode ISB is the problem! ISB is defined in src\emu\cpu\m6502\ill02.h: /* 6510 ******************************************************** * ISB increment and subtract with carry ***************************************************************/ #define ISB \ tmp = (UINT8)(tmp+1); \ SBC If you changed in MAME 0.136 src\emu\cpu\m6502\t6502.c the line 106 from OP(f3) { int tmp; RD_IDY_NP; WB_EA; ISB; WB_EA; } /* 7 ISB IDY */ to OP(f3) { ILL; } /* 2 ILL */ => then Zeroize works again :) |
|
No.05711
couriersud Developer
Feb 13, 2010, 12:01
|
fix zeroize protection simulation in lieu of proper dongle dump. [Bryan McPhail] |