|
Spectrofon #11
23 февраля 1995 |
|
System - "New results on Z-80 or something of the undocumented commands processor architecture "ZX-Spectrum".
SYSTEM
Stanislav V. Efimov
New on Z-80,
or how to use undocumented features of the processor, as well
as something about computer architecture.
One who programs the assembly language, knows all
manual, the flags that are changing under the influence of these
instructions and, depending on the
experience and other conditions, thinks he knows everything
about the Z80. But I am sure that the information
I have outlined below, if not
would be for someone unexpected,
it will be interesting, and perhaps
useful.
Each of you studied the assembly of its own way: someone
reading various books of the "Russian" edition (of a great
number of books certainly can distinguish broadly
the famous three-volume "Inforkoma"), and someone with time,
and not reading any books were drawn
experience of the "western" programmers, endlessly looking at
MONSe endless texts of an infinite set of programs and
and flipping through various "Western" Encyclopedia of Z80 (it
went through a huge number of people who began to engage Z80
programming in the not too long-term "perestroika" of the
year). Over time, an increasing more books, one way or another
related to the Spectrum, but there is no no word on whether
what goes discussed below ...
There are plenty of nowhere
documentary features
Z80, which is not described or ZILOG
public documents. However, programs that use these
opportunities exist (and, of course, work.)
The overwhelming number of assembler instructions byte, ie,
consist of a single byte, in fact, the operation code and
operand: byte or word. Four bytes of the CB, DD, ED and FD -
this bytes that change the meaning of codes, following them.
There are 248 CB-instructions. However, the combination with
the CB30 to CB37 omitted from the official list.
These instructions are usually disassembles as mnemonics
SLLShift Left Logical, which shift the left operand and set the
0-th bit operand. For example, the instructions use the program
and Bouder Enduro Racer. And these programs
pretty much ...
Instructions, starting with
bytes of the DD and FD make use of registers IX and IY,
Look closely, as they
work:
2A nn LD HL, (nn)
DD 2A nn LD IX, (nn)
7E LD A, (HL)
DD 7E d LD A, (IX + d)
But these things are well known.
When you see the user guide
DD2Ann, it is perceived
You may, of course.
However, if the user uses the register H or L, then
byte prefix allows you to work
You with a high or low half of register IX or IY.
For example:
44 LD B, H
FD 44 LD B, IYh
These types of informal guidelines used by lots of programs.
Other types DD and FD statements that are not listed above can
only be used the utility of not greater than NOP.
Several consecutive DD or FD may try to print
MONSom (see results for yourself) ...
I have not seen the programs that would use the informal ED
instructions, such as ED6Bnn - "long" version 2Ann,
LD HL, (nn).
Now about the register R,
precisely that according to what law
it is modified ... Simply put, the register R - a
counter, which is updated
After each statement, and
DD, FD, ED and CB processor
"Perceived" as a separate
How! Ie How-to
these prefixes to increase R
2. But there is an interesting
feature: the "double" prefixes
such as DDCB and FDCB also increase R 2! LDI increases
R for two, LDIR 2 * BC (also
as LDDR).
Sequence LD R, A / LD A, R
A increases by 2, except the top bit (7 th): This bit R
register is not changed. This happens because the previously
used 16KBitnye chips, where the bits are grouped into a matrix
128x128, ie to access it need only 7 bits ... In
Many programs register R is used as the base for realization of
the random number generator.
The next few pages
will be valid only for vehicles with
"Separate field memory," ie,
The board, it looks like 8 pieces
K565RU6 'K565RU5 8 pieces (for example, schema version
MOSCOW-48). Well and, of course, the following will
true for the "brand" Spekruma
with 48k RAM.
If you have one of these machines,
You can see how the register R in the regeneration
memory. (The following program
will also be useful for those who want to define what "field
memory "in his car.)
Enter the program:
ORG # 7530
DI
XOR A
LD B, A
L1 XOR A
LD R, A
DEC HL
LD A, L
OR H
JR NZ, L1
DJNZ L1
EI
RET
Run this program. When it is run for (this happens in a few
minutes), look at the contents of "upper" 32k. Only the first
few bytes out of 256 and will contain
the information contained therein. The contents of these bytes
does not change, because they will have time to regenerate
during "Body loop" ...
ULA operates with memory in the range of # 4000 - # 7FFF,
processor "Upper" range of memory and
ROM is the range
# 0000 - # 3FFF, each of these components all memory works with
different rates and independently
from each other. Data bus and address of the Z80 and ULA are
connected by the resistance of small capacity, it gives a very
effective memory access.
Z80 If you want to read or write data to a "lower" 16k in
While ULA busy reading, the processor is suspended, and when
this process ends, ULA provides a access to the "bottom" 16K
directly through the resistance. It is extremely effective. When
You run a program in the "lower" 16k RAM or write-read
this memory, the processor slightly
"Freeze". This part of the
memory is slower than the upper
32k. It is therefore never
write a program such as I / O
in these "lower" 16k RAM (also
This applies to writing
routines associated with the playback of sounds through the
built-in speaker).
From the foregoing it follows that if you write such
routines on a machine with a "common
field of memory ", when your
program will start with "firm" Spectrum, in the case
sinhro-vvoda/vyvoda program
simply will not work, and in
case with the sounds of your music
will be "unpresentable. K
the same applies to reading port
FE, since the ULA "delivers"
its value. Every time
You're reading this port, ULA
temporarily stops the processor because the value of reading
this port is somewhat slower
than from other ports. Bring
Facts: Commonly IN A, (nn) processor running at 11T (bars), but
this time increases to 12.15T, if nn = FE (given, of course,
mean).
On the topic of reading non-existent
port, FF, on the issues
Synchronization screen interrupts the degree of
"interoperability" programs on different computers (ie, why one
program works on one of the Spectrum and
working on another ...), special effects, compatibility
different versions of the TR-DOS and
much else planned yet
one conversation. Since I was a bit moved away from the topic
this article, I keep ...
There is another, but not
the only "dark corner" of
enjoy the program Sabrewulf,
Ghosts'n Goblins, as well as protection
Speedlock. This is a mystery undocumented flags. Bits 3 and 5
Register flags F are not used.
It would seem that you can install them or reset using
only POP AF and PUSH AF. However,
empirically (ie by
educated bet), it was determined
that the value of these bits depends
from an 8-bit result of the last
instruction that affects
the usual flags register bits
F. (Whew, well, he said).
Example 1:
After ADD A, B bits 7,5 and 3
will be identical bit register A
(Bit 7 register F - the sign bit,
clear that he was also taken from
7-th bit of A).
Example 2:
Following the instructions CP x (where
x, of course, register, (HL) or
constant), the undocumented bits are bits are
argument.
Consider the instructions that operate on a 16-bit word. In
this case, the undocumented bits should be taken from older
8-bit result. Thus, S-flag is taken from 15-th bits of the
result.
For example a program that would use the undocumented
register bits F, far away no need to go. We take a very
old program Sabre Wulf '84.
Rhino in the program runs in
one, then the other side,
through the following sequence of instructions:
# AD86 DDCB067E BIT 7, (IX +6)
# AD8A F28FAD JP P, # AD8F
Does not that original!
Those who have encountered in practice with the system of
software protection, called Speedlock, drew
note that in order to
"Take steps" to continue the program must be most scrupulously
avoid all the traps, such as shown above. By the way, our
"native" system of its kind on the basis of the above, look
over modestly ...
In conclusion, it should also
say that the ROM for the 128-th
Spectrum uses AF for temporary storage of the address routines.
As is customary throughout the civilized world, I will give
a huge thanks to the author of excellent emulator ZX-SPECTUM
48/128 + Sammy + Interface I 'more ... more ... for
IBM PC, Z80 v2.01:
Hello 'thanx, Gerton A. Lunter!
Some moments his advice
outlined above.
As already mentioned, there is still
topics, which can talk to.
P.S.
This article should not be taken as truth in the last
Instance (Truth is
original "original" documents, which does not exist). Any false
information given is related to my possible confusion about the
interpretation of this issue. Any incomplete (!) The
information syazana islyuchitelno with my uncertainty about the
correct interpretation this issue, and not with a reluctance to
give such information for other reasons (if
otherwise specified), except for "obvious" things, where the
degree of "evidence" remains my conscience. Therefore, you can
send any additions, etc.
Any complaints concerning the content is essentially expressed
in incorrect form will not be accepted and not discussed.
The author does not enter into correspondence with
readers on any pretext,
however, the information you supply will be helpful in preparing
material of the following articles.
Sincerely, Fanatic Stas.
*
Other articles:
Similar articles:
В этот день... 29 April