ROMANTIC ROBOT present ~ GENIE ~ Multiface One DISASSEMBLER (c) Romantic Robot UK Ltd 1986 By C Lewis and D Gorski FOR THE ZX SPECTRUM (48K mode on ZX128) Genie is a Z80 programming aid exclusively for use with Multiface 1. It loads into the 8K RAM within MF1 leaving all Spectrum memory free for other software. Genie allows you to stop/start programs and examine their operation in minute detail. Whether writing your own programs or modifying the work of others, Genie offers instant access to: # Z80 Disassembler - including undocumented op-codes. # Find - Search for text, op-codes etc. # 'Front panel' display of Z80 CPU - Registers, Program counter, Interrupt status. # View memory as numbers or ASCII characters. # Hex or decimal output to screen or printer. Although some knowledge of Z80 machine code is needed to get the best from Genie, the power to examine any program is an invaluable learning aid. The Genie cassette contains a BASIC loader and an installation program. To load Genie, type RANDOMIZE USR 0 to clear RAM then type LOAD "" and play the tape. WAFADRIVE and KDOS - do NOT initialise either of these interfaces before installing Genie as they use too much Spectrum memory. When the installation menu appears, select Printer Line Feeds On or Off as appropriate (see later) and then press I to load Genie into MF1 Shadow RAM. Pressing SYMBOL SHIFT/A will reset the Spectrum ready to load the software you wish to examine. Once installed, Genie is summoned by pressing the MF1 button. A control key summary is shown the first time Genie is used after loading. Genie displays information in the top eight screen lines only. The menu or various prompts are shown in this window. The Menu: DIS TEXT NUM Z80 FIND RET An option is selected by pressing its initial letter. DIS: Full Z80 disassembler using standard Zilog mnemonics. Data bytes following RST 8 (Spectrum Error Restart) are decoded. Display shows: ADDRESS OP-CODES (hex) MNEMONIC e.g. 00000 F3 DI A number of Z80 op-codes were omitted from the official instruction set. Although these cannot be guaranteed to work on every Z80, some programs use them. Genie disassembles the extra op-codes, adding H or L as a suffix where appropriate: e.g. DD84 ADD A,IXH or CB37 SLL A TEXT: View memory contents as ASCII characters. Bytes <32 or >144 are shown as "." NUM: View memory contents as decimal or hex numbers. Z80: View contents of Z80 registers. FLAGS are shown in binary, other values in decimal or hex. The status of Maskable Interrupts (Disabled or Enabled) is shown as DI or EI to the left of the value in the (I)nterrupt register. The current Z80 Interrupt Mode can be inferred from the value in I register. If this is 63, MF1 assumes IM 1. Any other value is interpreted as IM 2. Press A to alter register contents. This works in much the same way as MF1 Tool with the addition of 'x' or 'y' after I (IX) and I (IY) for clarity. 'I' by itself is the interrupt register. 'M' stands for Maskable Interrupt. Input 0 to Disable Interrupts (DI) or 4 to Enable (EI). 'PC' (Program Counter) is a Z80 register which, normally, can't be directly accessed. However, when you use menu option R to restart program execution, the address on top of the Machine Stack will be transferred to PC. Putting an address on to the top of the stack will force the program to start executing at this new location: From the menu, press Z to find value of SP. Go back to the menu (SPACE) and press N for Number mode. Input SP value as Start Address then press A (Alter) and ENTER (default to current address). Input LO-BYTE of new PC value and press ENTER to move to next address. Input HI-BYTE of PC value. PC value has now been updated - press SPACE twice for the menu, then Z to check this. You can use this method to force the Spectrum back to BASIC from ANY program, but losing anything stored below RAMTOP. First set RAMTOP to, say, 25000 using Alter mode to Poke 23730,168 and 23731,97. Then put address 4535 (11B7 hex - NEW routine in ZX ROM) onto the top of the Machine Stack. Now, instead of returning to the program, menu option R will NEW the Spectrum, leaving memory above 25000 intact. Although Genie uses none of the Spectrum's RAM, MF1 paging inevitably places two addresses onto the Z80 Machine Stack. Bear this in mind if you need to examine the stack. In rare cases, where stack space is very small, MF1 stack usage could cause a 'crash' on return to program from Genie. If so, try pressing the button at another stage, e.g. in PAUSE mode or at a menu. It is, of course, possible for users to crash software by haphazard alteration of RAM or Registers! FIND: Search RAM (16384 to 65535) for occurences of a specified sequence of numbers. Input up to 24 bytes in hex or decimal, one after another. Press ENTER by itself to start searching. If the string is found the address of each match is displayed. Press H to toggle hex/dec, P to output the address to the printer, SPACE to abort or any other key to look for the next occurence. The numbers you input can represent many things, e.g. Z80 op-codes, an address or text. To search for a string of text, input the ASCII code of each character (see Spectrum manual). For example, to find the machine code instruction LD (5C3D),SP input (in hex) ED 73 3D 5C ENTER RET: Return to the program being examined. The program's screen will be restored and execution continued from the point that MF1 button was pressed (but see notes on altering PC register). Commands available in all or some modes: H - This key can be used at any time to toggle the display between Hex and Decimal. The border colour changes to show which base is in use: blue for decimal and cyan for hex. Decimal numbers are always shown with 3 or 5 digits, hex numbers with 2 or 4 digits. A - Alter Mode lets you Poke values into any of the Spectrum's 49152 RAM addresses. Printable ASCII characters (including ZX KEYWORDS) are shown to the right. In Z80 Mode, A lets you alter contents of Registers instead of RAM. P - Output to printer as well as screen. Input either an address for printing to start from, or ENTER to begin at the currently displayed address. The default End address is 65535. SPACE aborts printing. Printer errors or pressing BREAK will return you to the menu. C - Copies the top eight lines to the printer. S - Scroll continuously. Press any key to stop. G - Go back. The display jumps back 12, 24 or 48 addresses, according to the mode (D, N or T). This is a quick way to take another look at an area of memory you have scrolled past. NB - This key may restart a disassembly at an address part way through an instruction, in which case ignore the first few mnemonics. You can switch between Disassemble, Text and Numeric modes using keys D, T and N. Press SPACE to return to the menu or exit from an input prompt. Inputting Numbers: Pressing ENTER alone at a prompt for a start address gives a default value. When Genie is first summoned, the default is the value in the Program Counter (PC). Thereafter, it is the address most recently viewed. Hex digits can only be input in hex mode (cyan border). Press H to change base at an input prompt. Some Points to Note. -------------------- Your version of Multiface MUST have the Direct Jump facility (see MF1 manual) to run Genie. If it doesn't, contact Romantic Robot (01-625 9463) for details of upgrading. Ideally, the switch to disable MF1 should also be fitted. Genie occupies all of the MF1 8K shadow RAM. However, software transferred by Multiface will try to use the 8K RAM during reloading, corrupting Genie. You can do one of three things: 1) If switch is fitted, disable MF1 before loading a transferred program. 2) Only load original versions of programs when Genie is installed in shadow RAM. 3) Modify transferred programs to stop them using the 8K RAM during reloading. Although the necessary modification is slight, this method requires some knowledge of machine code. The trick is to make the loader think MF1 isn't connected but, since there are several versions of MF1 and a different loader is saved for microdrive, disc etc, we can only point you in the right direction! When a transferred program is reloaded, it checks if MF1 is present by trying to page in the MF1 ROM: IN A,(159) ; instruction to page in MF1 ROM. LD A,(00000) ; load A with contents of address 0. CP 243 ; 243 is first byte of SPECTRUM ROM. JP NZ,ADDRESS ; If it isn't 243, then MF1 is paged ; so jump to MF1 ROM. Removing the instruction IN A,(159) will prevent the MF1 ROM from being paged in and the loader will always find 243 in address 0. This means that it won't use the 8K RAM as a buffer and, therefore, won't corrupt Genie. This routine is found in the file saved out by Multiface with a 3 as the last character of the filename. Happy hacking...! To summon MF1 menu instead of Genie, hold down CAPS SHIFT with SPACE as you press the MF1 button. * THIS CORRUPTS GENIE and it will need to be re-installed for subsequent use. However, after returning to MF1 operation, pressing the button without CAPS SHIFT/SPACE will still attempt to run Genie, causing a crash. Prevent this by using MF1 Tool to Poke address 8195 (decimal) with 0 to cancel the Direct Jump vector. (See MF1 manual) Since Genie loads into Shadow RAM, typing NEW or RANDOMIZE USR 0 won't affect it. Neither will the ZX Reset button, unless this is pressed when Genie is actually in use. If MF1 fails to respond to the push button, the BASIC command OUT 31,0 will reinstate paging. Never press the button during disc or Interface 1 operations. Genie can be transferred to microdrive, disc etc. The machine code is 4923 bytes long starting at address 27000. E.g. to save to microdrive alter line 20 to: 20 CLEAR VAL "26999": LOAD *"m";SGN PI;"genie.c" CODE and type: CLEAR 26999: SAVE *"m";1;"run" LINE 20 SAVE *"m";1;"genie.c" CODE 27300,4923 WAFADRIVE and KDOS: Genie can ONLY be transferred to either of these media by using Multiface to make a copy of the program onto wafa or disc. Genie took several (painful!) months to write - PLEASE don't give copies of it to your friends. Printers and interfaces. ------------------------ As well as ZX printers (or compatibles), Genie can be used with any interface that recognizes the LLPRINT command, as long as it has software on ROM or that loads into the printer buffer. Printer output is sent via Stream #3. If your printer interface needs to be initialised (e.g. OPEN #3;"B" for I'face 1), this must be done BEFORE installing Genie, either before loading or by pressing E on Install menu to exit to BASIC. Select menu option Line Feeds ON if your interface or printer needs a CHR$ 10 after a Carriage Return (CHR$ 13). Select Line Feeds OFF for ZX printers and compatibles. Other interfaces may be used by writing your own driver routine in machine code. This should load into the printer buffer (23296) and will have the character to print passed to it in Register A via RST 16. Preserve registers IY and HL'. NB Spectrum 128 and +2 - To print via the built-in RS232 port, load Genie in 128K mode. After installing Genie, use the Symbol Shift/A option to reset the Spectrum. This will enter 48K mode in such a way that the RS232 can still be used from within Genie. If you reset the machine at any point, be sure to return to 48K mode by first entering 128K BASIC and typing PRINT USR 0. Don't use the SPECTRUM command or 48K BASIC option on 128 menu as these specifically disable the RS232 port. ---------------------------------------------------------------------- Chris Lewis - October 1986.