/[cebix]/SheepShaver/src/rom_patches.cpp
ViewVC logotype

Contents of /SheepShaver/src/rom_patches.cpp

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.34 - (hide annotations)
Sat Jul 3 17:48:44 2004 UTC (8 years, 11 months ago) by gbeauche
Branch: MAIN
Changes since 1.33: +8 -2 lines 
More accurate Gestalt 'cput' values (G4, 750FX)
1 cebix 1.1 /*
2     * rom_patches.cpp - ROM patches
3     *
4 cebix 1.24 * SheepShaver (C) 1997-2004 Christian Bauer and Marc Hellwig
5 cebix 1.1 *
6     * This program is free software; you can redistribute it and/or modify
7     * it under the terms of the GNU General Public License as published by
8     * the Free Software Foundation; either version 2 of the License, or
9     * (at your option) any later version.
10     *
11     * This program is distributed in the hope that it will be useful,
12     * but WITHOUT ANY WARRANTY; without even the implied warranty of
13     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14     * GNU General Public License for more details.
15     *
16     * You should have received a copy of the GNU General Public License
17     * along with this program; if not, write to the Free Software
18     * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19     */
20    
21     /*
22     * TODO:
23     * IRQ_NEST must be handled atomically
24     * Don't use r1 in extra routines
25     */
26    
27     #include <string.h>
28    
29     #include "sysdeps.h"
30     #include "rom_patches.h"
31     #include "main.h"
32     #include "prefs.h"
33     #include "cpu_emulation.h"
34     #include "emul_op.h"
35     #include "xlowmem.h"
36     #include "sony.h"
37     #include "disk.h"
38     #include "cdrom.h"
39     #include "audio.h"
40     #include "audio_defs.h"
41     #include "serial.h"
42     #include "macos_util.h"
43 gbeauche 1.18 #include "thunks.h"
44 cebix 1.1
45     #define DEBUG 0
46     #include "debug.h"
47    
48    
49     // 68k breakpoint address
50     //#define M68K_BREAK_POINT 0x29e0 // BootMe
51     //#define M68K_BREAK_POINT 0x2a1e // Boot block code returned
52     //#define M68K_BREAK_POINT 0x3150 // CritError
53     //#define M68K_BREAK_POINT 0x187ce // Unimplemented trap
54    
55     // PowerPC breakpoint address
56     //#define POWERPC_BREAK_POINT 0x36e6c0 // 68k emulator start
57    
58     #define DISABLE_SCSI 1
59    
60    
61     // Other ROM addresses
62 gbeauche 1.17 const uint32 CHECK_LOAD_PATCH_SPACE = 0x2fcf00;
63     const uint32 PUT_SCRAP_PATCH_SPACE = 0x2fcf80;
64     const uint32 GET_SCRAP_PATCH_SPACE = 0x2fcfc0;
65 gbeauche 1.21 const uint32 ADDR_MAP_PATCH_SPACE = 0x2fd100;
66 cebix 1.1
67     // Global variables
68     int ROMType; // ROM type
69     static uint32 sony_offset; // Offset of .Sony driver resource
70    
71     // Prototypes
72     static bool patch_nanokernel_boot(void);
73     static bool patch_68k_emul(void);
74     static bool patch_nanokernel(void);
75     static bool patch_68k(void);
76    
77    
78 gbeauche 1.2 // Decode LZSS data
79     static void decode_lzss(const uint8 *src, uint8 *dest, int size)
80     {
81     char dict[0x1000];
82     int run_mask = 0, dict_idx = 0xfee;
83     for (;;) {
84     if (run_mask < 0x100) {
85     // Start new run
86     if (--size < 0)
87     break;
88     run_mask = *src++ | 0xff00;
89     }
90     bool bit = run_mask & 1;
91     run_mask >>= 1;
92     if (bit) {
93     // Verbatim copy
94     if (--size < 0)
95     break;
96     int c = *src++;
97     dict[dict_idx++] = c;
98     *dest++ = c;
99     dict_idx &= 0xfff;
100     } else {
101     // Copy from dictionary
102     if (--size < 0)
103     break;
104     int idx = *src++;
105     if (--size < 0)
106     break;
107     int cnt = *src++;
108     idx |= (cnt << 4) & 0xf00;
109     cnt = (cnt & 0x0f) + 3;
110     while (cnt--) {
111     char c = dict[idx++];
112     dict[dict_idx++] = c;
113     *dest++ = c;
114     idx &= 0xfff;
115     dict_idx &= 0xfff;
116     }
117     }
118     }
119     }
120    
121     // Decode parcels of ROM image (MacOS 9.X and even earlier)
122     void decode_parcels(const uint8 *src, uint8 *dest, int size)
123     {
124     uint32 parcel_offset = 0x14;
125     D(bug("Offset Type Name\n"));
126     while (parcel_offset != 0) {
127     const uint32 *parcel_data = (uint32 *)(src + parcel_offset);
128 gbeauche 1.3 uint32 next_offset = ntohl(parcel_data[0]);
129 gbeauche 1.2 uint32 parcel_type = ntohl(parcel_data[1]);
130     D(bug("%08x %c%c%c%c %s\n", parcel_offset,
131     (parcel_type >> 24) & 0xff, (parcel_type >> 16) & 0xff,
132     (parcel_type >> 8) & 0xff, parcel_type & 0xff, &parcel_data[6]));
133     if (parcel_type == FOURCC('r','o','m',' ')) {
134     uint32 lzss_offset = ntohl(parcel_data[2]);
135 gbeauche 1.16 uint32 lzss_size = ((uintptr)src + next_offset) - ((uintptr)parcel_data + lzss_offset);
136 gbeauche 1.2 decode_lzss((uint8 *)parcel_data + lzss_offset, dest, lzss_size);
137     }
138 gbeauche 1.3 parcel_offset = next_offset;
139 gbeauche 1.2 }
140     }
141    
142    
143     /*
144     * Decode ROM image, 4 MB plain images or NewWorld images
145     */
146    
147     bool DecodeROM(uint8 *data, uint32 size)
148     {
149     if (size == ROM_SIZE) {
150     // Plain ROM image
151     memcpy((void *)ROM_BASE, data, ROM_SIZE);
152     return true;
153     }
154     else if (strncmp((char *)data, "<CHRP-BOOT>", 11) == 0) {
155     // CHRP compressed ROM image
156     uint32 image_offset, image_size;
157     bool decode_info_ok = false;
158    
159     char *s = strstr((char *)data, "constant lzss-offset");
160     if (s != NULL) {
161     // Probably a plain LZSS compressed ROM image
162     if (sscanf(s - 7, "%06x", &image_offset) == 1) {
163     s = strstr((char *)data, "constant lzss-size");
164     if (s != NULL && (sscanf(s - 7, "%06x", &image_size) == 1))
165     decode_info_ok = true;
166     }
167     }
168     else {
169     // Probably a MacOS 9.2.x ROM image
170     s = strstr((char *)data, "constant parcels-offset");
171     if (s != NULL) {
172     if (sscanf(s - 7, "%06x", &image_offset) == 1) {
173     s = strstr((char *)data, "constant parcels-size");
174     if (s != NULL && (sscanf(s - 7, "%06x", &image_size) == 1))
175     decode_info_ok = true;
176     }
177     }
178     }
179    
180     // No valid information to decode the ROM found?
181     if (!decode_info_ok)
182     return false;
183    
184     // Check signature, this could be a parcels-based ROM image
185     uint32 rom_signature = ntohl(*(uint32 *)(data + image_offset));
186     if (rom_signature == FOURCC('p','r','c','l')) {
187     D(bug("Offset of parcels data: %08x\n", image_offset));
188     D(bug("Size of parcels data: %08x\n", image_size));
189     decode_parcels(data + image_offset, (uint8 *)ROM_BASE, image_size);
190     }
191     else {
192     D(bug("Offset of compressed data: %08x\n", image_offset));
193     D(bug("Size of compressed data: %08x\n", image_size));
194     decode_lzss(data + image_offset, (uint8 *)ROM_BASE, image_size);
195     }
196     return true;
197     }
198     return false;
199     }
200    
201    
202 cebix 1.1 /*
203     * Search ROM for byte string, return ROM offset (or 0)
204     */
205    
206     static uint32 find_rom_data(uint32 start, uint32 end, const uint8 *data, uint32 data_len)
207     {
208     uint32 ofs = start;
209     while (ofs < end) {
210     if (!memcmp((void *)(ROM_BASE + ofs), data, data_len))
211     return ofs;
212     ofs++;
213     }
214     return 0;
215     }
216    
217    
218     /*
219     * Search ROM resource by type/ID, return ROM offset of resource data
220     */
221    
222     static uint32 rsrc_ptr = 0;
223    
224     // id = 4711 means "find any ID"
225     static uint32 find_rom_resource(uint32 s_type, int16 s_id = 4711, bool cont = false)
226     {
227     uint32 *lp = (uint32 *)(ROM_BASE + 0x1a);
228     uint32 x = ntohl(*lp);
229     uint8 *bp = (uint8 *)(ROM_BASE + x + 5);
230     uint32 header_size = *bp;
231    
232     if (!cont)
233     rsrc_ptr = x;
234     else if (rsrc_ptr == 0)
235     return 0;
236    
237     for (;;) {
238     lp = (uint32 *)(ROM_BASE + rsrc_ptr);
239     rsrc_ptr = ntohl(*lp);
240     if (rsrc_ptr == 0)
241     break;
242    
243     rsrc_ptr += header_size;
244    
245     lp = (uint32 *)(ROM_BASE + rsrc_ptr + 4);
246     uint32 data = ntohl(*lp); lp++;
247     uint32 type = ntohl(*lp); lp++;
248     int16 id = ntohs(*(int16 *)lp);
249     if (type == s_type && (id == s_id || s_id == 4711))
250     return data;
251     }
252     return 0;
253     }
254    
255    
256     /*
257     * Search offset of A-Trap routine in ROM
258     */
259    
260     static uint32 find_rom_trap(uint16 trap)
261     {
262     uint32 *lp = (uint32 *)(ROM_BASE + 0x22);
263     lp = (uint32 *)(ROM_BASE + ntohl(*lp));
264    
265     if (trap > 0xa800)
266     return ntohl(lp[trap & 0x3ff]);
267     else
268     return ntohl(lp[(trap & 0xff) + 0x400]);
269     }
270    
271    
272     /*
273 gbeauche 1.20 * Return target of branch instruction specified at ADDR, or 0 if
274     * there is no such instruction
275     */
276    
277     static uint32 powerpc_branch_target(uintptr addr)
278     {
279     uint32 opcode = ntohl(*(uint32 *)addr);
280     uint32 primop = opcode >> 26;
281     uint32 target = 0;
282    
283     if (primop == 18) { // Branch
284     target = opcode & 0x3fffffc;
285     if (target & 0x2000000)
286     target |= 0xfc000000;
287     if ((opcode & 2) == 0)
288     target += addr;
289     }
290     else if (primop == 16) { // Branch Conditional
291     target = (int32)(int16)(opcode & 0xfffc);
292     if ((opcode & 2) == 0)
293     target += addr;
294     }
295     return target;
296     }
297    
298    
299     /*
300     * Search ROM for instruction branching to target address, return 0 if none found
301     */
302    
303     static uint32 find_rom_powerpc_branch(uint32 start, uint32 end, uint32 target)
304     {
305     for (uint32 addr = start; addr < end; addr += 4) {
306     if (powerpc_branch_target(ROM_BASE + addr) == ROM_BASE + target)
307     return addr;
308     }
309     return 0;
310     }
311    
312    
313     /*
314 gbeauche 1.21 * Check that requested ROM patch space is really available
315     */
316    
317     static bool check_rom_patch_space(uint32 base, uint32 size)
318     {
319     size = (size + 3) & -4;
320     for (int i = 0; i < size; i += 4) {
321     uint32 x = ntohl(*(uint32 *)(ROM_BASE + base + i));
322     if (x != 0x6b636b63 && x != 0)
323     return false;
324     }
325     return true;
326     }
327    
328    
329     /*
330 cebix 1.1 * List of audio sifters installed in ROM and System file
331     */
332    
333     struct sift_entry {
334     uint32 type;
335     int16 id;
336     };
337     static sift_entry sifter_list[32];
338     static int num_sifters;
339    
340     void AddSifter(uint32 type, int16 id)
341     {
342     if (FindSifter(type, id))
343     return;
344     D(bug(" adding sifter type %c%c%c%c (%08x), id %d\n", type >> 24, (type >> 16) & 0xff, (type >> 8) & 0xff, type & 0xff, type, id));
345     sifter_list[num_sifters].type = type;
346     sifter_list[num_sifters].id = id;
347     num_sifters++;
348     }
349    
350     bool FindSifter(uint32 type, int16 id)
351     {
352     for (int i=0; i<num_sifters; i++) {
353     if (sifter_list[i].type == type && sifter_list[i].id == id)
354     return true;
355     }
356     return false;
357     }
358    
359    
360     /*
361     * Driver stubs
362     */
363    
364     static const uint8 sony_driver[] = { // Replacement for .Sony driver
365     // Driver header
366     SonyDriverFlags >> 8, SonyDriverFlags & 0xff, 0, 0, 0, 0, 0, 0,
367     0x00, 0x18, // Open() offset
368     0x00, 0x1c, // Prime() offset
369     0x00, 0x20, // Control() offset
370     0x00, 0x2c, // Status() offset
371     0x00, 0x52, // Close() offset
372     0x05, 0x2e, 0x53, 0x6f, 0x6e, 0x79, // ".Sony"
373    
374     // Open()
375     M68K_EMUL_OP_SONY_OPEN >> 8, M68K_EMUL_OP_SONY_OPEN & 0xff,
376     0x4e, 0x75, // rts
377    
378     // Prime()
379     M68K_EMUL_OP_SONY_PRIME >> 8, M68K_EMUL_OP_SONY_PRIME & 0xff,
380     0x60, 0x0e, // bra IOReturn
381    
382     // Control()
383     M68K_EMUL_OP_SONY_CONTROL >> 8, M68K_EMUL_OP_SONY_CONTROL & 0xff,
384     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
385     0x66, 0x04, // bne IOReturn
386     0x4e, 0x75, // rts
387    
388     // Status()
389     M68K_EMUL_OP_SONY_STATUS >> 8, M68K_EMUL_OP_SONY_STATUS & 0xff,
390    
391     // IOReturn
392     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
393     0x08, 0x01, 0x00, 0x09, // btst #9,d1
394     0x67, 0x0c, // beq 1
395     0x4a, 0x40, // tst.w d0
396     0x6f, 0x02, // ble 2
397     0x42, 0x40, // clr.w d0
398     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
399     0x4e, 0x75, // rts
400     0x4a, 0x40, //1 tst.w d0
401     0x6f, 0x04, // ble 3
402     0x42, 0x40, // clr.w d0
403     0x4e, 0x75, // rts
404     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(sp)
405     0x4e, 0x75, // rts
406    
407     // Close()
408     0x70, 0xe8, // moveq #-24,d0
409     0x4e, 0x75 // rts
410     };
411    
412     static const uint8 disk_driver[] = { // Generic disk driver
413     // Driver header
414     DiskDriverFlags >> 8, DiskDriverFlags & 0xff, 0, 0, 0, 0, 0, 0,
415     0x00, 0x18, // Open() offset
416     0x00, 0x1c, // Prime() offset
417     0x00, 0x20, // Control() offset
418     0x00, 0x2c, // Status() offset
419     0x00, 0x52, // Close() offset
420     0x05, 0x2e, 0x44, 0x69, 0x73, 0x6b, // ".Disk"
421    
422     // Open()
423     M68K_EMUL_OP_DISK_OPEN >> 8, M68K_EMUL_OP_DISK_OPEN & 0xff,
424     0x4e, 0x75, // rts
425    
426     // Prime()
427     M68K_EMUL_OP_DISK_PRIME >> 8, M68K_EMUL_OP_DISK_PRIME & 0xff,
428     0x60, 0x0e, // bra IOReturn
429    
430     // Control()
431     M68K_EMUL_OP_DISK_CONTROL >> 8, M68K_EMUL_OP_DISK_CONTROL & 0xff,
432     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
433     0x66, 0x04, // bne IOReturn
434     0x4e, 0x75, // rts
435    
436     // Status()
437     M68K_EMUL_OP_DISK_STATUS >> 8, M68K_EMUL_OP_DISK_STATUS & 0xff,
438    
439     // IOReturn
440     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
441     0x08, 0x01, 0x00, 0x09, // btst #9,d1
442     0x67, 0x0c, // beq 1
443     0x4a, 0x40, // tst.w d0
444     0x6f, 0x02, // ble 2
445     0x42, 0x40, // clr.w d0
446     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
447     0x4e, 0x75, // rts
448     0x4a, 0x40, //1 tst.w d0
449     0x6f, 0x04, // ble 3
450     0x42, 0x40, // clr.w d0
451     0x4e, 0x75, // rts
452     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(sp)
453     0x4e, 0x75, // rts
454    
455     // Close()
456     0x70, 0xe8, // moveq #-24,d0
457     0x4e, 0x75 // rts
458     };
459    
460     static const uint8 cdrom_driver[] = { // CD-ROM driver
461     // Driver header
462     CDROMDriverFlags >> 8, CDROMDriverFlags & 0xff, 0, 0, 0, 0, 0, 0,
463     0x00, 0x1c, // Open() offset
464     0x00, 0x20, // Prime() offset
465     0x00, 0x24, // Control() offset
466     0x00, 0x30, // Status() offset
467     0x00, 0x56, // Close() offset
468     0x08, 0x2e, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x43, 0x44, 0x00, // ".AppleCD"
469    
470     // Open()
471     M68K_EMUL_OP_CDROM_OPEN >> 8, M68K_EMUL_OP_CDROM_OPEN & 0xff,
472     0x4e, 0x75, // rts
473    
474     // Prime()
475     M68K_EMUL_OP_CDROM_PRIME >> 8, M68K_EMUL_OP_CDROM_PRIME & 0xff,
476     0x60, 0x0e, // bra IOReturn
477    
478     // Control()
479     M68K_EMUL_OP_CDROM_CONTROL >> 8, M68K_EMUL_OP_CDROM_CONTROL & 0xff,
480     0x0c, 0x68, 0x00, 0x01, 0x00, 0x1a, // cmp.w #1,$1a(a0)
481     0x66, 0x04, // bne IOReturn
482     0x4e, 0x75, // rts
483    
484     // Status()
485     M68K_EMUL_OP_CDROM_STATUS >> 8, M68K_EMUL_OP_CDROM_STATUS & 0xff,
486    
487     // IOReturn
488     0x32, 0x28, 0x00, 0x06, // move.w 6(a0),d1
489     0x08, 0x01, 0x00, 0x09, // btst #9,d1
490     0x67, 0x0c, // beq 1
491     0x4a, 0x40, // tst.w d0
492     0x6f, 0x02, // ble 2
493     0x42, 0x40, // clr.w d0
494     0x31, 0x40, 0x00, 0x10, //2 move.w d0,$10(a0)
495     0x4e, 0x75, // rts
496     0x4a, 0x40, //1 tst.w d0
497     0x6f, 0x04, // ble 3
498     0x42, 0x40, // clr.w d0
499     0x4e, 0x75, // rts
500     0x2f, 0x38, 0x08, 0xfc, //3 move.l $8fc,-(sp)
501     0x4e, 0x75, // rts
502    
503     // Close()
504     0x70, 0xe8, // moveq #-24,d0
505     0x4e, 0x75 // rts
506     };
507    
508 gbeauche 1.18 static uint32 long_ptr;
509    
510     static void SetLongBase(uint32 addr)
511     {
512     long_ptr = addr;
513     }
514    
515     static void Long(uint32 value)
516     {
517     WriteMacInt32(long_ptr, value);
518     long_ptr += 4;
519     }
520    
521     static void gen_ain_driver(uintptr addr)
522     {
523     SetLongBase(addr);
524 cebix 1.1
525 gbeauche 1.18 // .AIn driver header
526     Long(0x4d000000); Long(0x00000000);
527     Long(0x00200040); Long(0x00600080);
528     Long(0x00a0042e); Long(0x41496e00);
529     Long(0x00000000); Long(0x00000000);
530     Long(0xaafe0700); Long(0x00000000);
531     Long(0x00000000); Long(0x00179822);
532     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_NOTHING));
533     Long(0x00000000); Long(0x00000000);
534     Long(0xaafe0700); Long(0x00000000);
535     Long(0x00000000); Long(0x00179822);
536     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_PRIME_IN));
537     Long(0x00000000); Long(0x00000000);
538     Long(0xaafe0700); Long(0x00000000);
539     Long(0x00000000); Long(0x00179822);
540     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_CONTROL));
541     Long(0x00000000); Long(0x00000000);
542     Long(0xaafe0700); Long(0x00000000);
543     Long(0x00000000); Long(0x00179822);
544     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_STATUS));
545     Long(0x00000000); Long(0x00000000);
546     Long(0xaafe0700); Long(0x00000000);
547     Long(0x00000000); Long(0x00179822);
548     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_NOTHING));
549     Long(0x00000000); Long(0x00000000);
550 cebix 1.1 };
551    
552 gbeauche 1.18 static void gen_aout_driver(uintptr addr)
553     {
554     SetLongBase(addr);
555    
556     // .AOut driver header
557     Long(0x4d000000); Long(0x00000000);
558     Long(0x00200040); Long(0x00600080);
559     Long(0x00a0052e); Long(0x414f7574);
560     Long(0x00000000); Long(0x00000000);
561     Long(0xaafe0700); Long(0x00000000);
562     Long(0x00000000); Long(0x00179822);
563     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_OPEN));
564     Long(0x00000000); Long(0x00000000);
565     Long(0xaafe0700); Long(0x00000000);
566     Long(0x00000000); Long(0x00179822);
567     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_PRIME_OUT));
568     Long(0x00000000); Long(0x00000000);
569     Long(0xaafe0700); Long(0x00000000);
570     Long(0x00000000); Long(0x00179822);
571     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_CONTROL));
572     Long(0x00000000); Long(0x00000000);
573     Long(0xaafe0700); Long(0x00000000);
574     Long(0x00000000); Long(0x00179822);
575     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_STATUS));
576     Long(0x00000000); Long(0x00000000);
577     Long(0xaafe0700); Long(0x00000000);
578     Long(0x00000000); Long(0x00179822);
579     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_CLOSE));
580     Long(0x00000000); Long(0x00000000);
581 cebix 1.1 };
582    
583 gbeauche 1.18 static void gen_bin_driver(uintptr addr)
584     {
585     SetLongBase(addr);
586    
587     // .BIn driver header
588     Long(0x4d000000); Long(0x00000000);
589     Long(0x00200040); Long(0x00600080);
590     Long(0x00a0042e); Long(0x42496e00);
591     Long(0x00000000); Long(0x00000000);
592     Long(0xaafe0700); Long(0x00000000);
593     Long(0x00000000); Long(0x00179822);
594     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_NOTHING));
595     Long(0x00000000); Long(0x00000000);
596     Long(0xaafe0700); Long(0x00000000);
597     Long(0x00000000); Long(0x00179822);
598     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_PRIME_IN));
599     Long(0x00000000); Long(0x00000000);
600     Long(0xaafe0700); Long(0x00000000);
601     Long(0x00000000); Long(0x00179822);
602     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_CONTROL));
603     Long(0x00000000); Long(0x00000000);
604     Long(0xaafe0700); Long(0x00000000);
605     Long(0x00000000); Long(0x00179822);
606     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_STATUS));
607     Long(0x00000000); Long(0x00000000);
608     Long(0xaafe0700); Long(0x00000000);
609     Long(0x00000000); Long(0x00179822);
610     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_NOTHING));
611     Long(0x00000000); Long(0x00000000);
612 cebix 1.1 };
613    
614 gbeauche 1.18 static void gen_bout_driver(uintptr addr)
615     {
616     SetLongBase(addr);
617    
618     // .BOut driver header
619     Long(0x4d000000); Long(0x00000000);
620     Long(0x00200040); Long(0x00600080);
621     Long(0x00a0052e); Long(0x424f7574);
622     Long(0x00000000); Long(0x00000000);
623     Long(0xaafe0700); Long(0x00000000);
624     Long(0x00000000); Long(0x00179822);
625     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_OPEN));
626     Long(0x00000000); Long(0x00000000);
627     Long(0xaafe0700); Long(0x00000000);
628     Long(0x00000000); Long(0x00179822);
629     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_PRIME_OUT));
630     Long(0x00000000); Long(0x00000000);
631     Long(0xaafe0700); Long(0x00000000);
632     Long(0x00000000); Long(0x00179822);
633     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_CONTROL));
634     Long(0x00000000); Long(0x00000000);
635     Long(0xaafe0700); Long(0x00000000);
636     Long(0x00000000); Long(0x00179822);
637     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_STATUS));
638     Long(0x00000000); Long(0x00000000);
639     Long(0xaafe0700); Long(0x00000000);
640     Long(0x00000000); Long(0x00179822);
641     Long(0x00010004); Long(NativeTVECT(NATIVE_SERIAL_CLOSE));
642     Long(0x00000000); Long(0x00000000);
643 cebix 1.1 };
644    
645     static const uint8 adbop_patch[] = { // Call ADBOp() completion procedure
646     // The completion procedure may call ADBOp() again!
647     0x40, 0xe7, // move sr,-(sp)
648     0x00, 0x7c, 0x07, 0x00, // ori #$0700,sr
649     M68K_EMUL_OP_ADBOP >> 8, M68K_EMUL_OP_ADBOP & 0xff,
650     0x48, 0xe7, 0x70, 0xf0, // movem.l d1-d3/a0-a3,-(sp)
651     0x26, 0x48, // move.l a0,a3
652     0x4a, 0xab, 0x00, 0x04, // tst.l 4(a3)
653     0x67, 0x00, 0x00, 0x18, // beq 1
654     0x20, 0x53, // move.l (a3),a0
655     0x22, 0x6b, 0x00, 0x04, // move.l 4(a3),a1
656     0x24, 0x6b, 0x00, 0x08, // move.l 8(a3),a2
657     0x26, 0x78, 0x0c, 0xf8, // move.l $cf8,a3
658     0x4e, 0x91, // jsr (a1)
659     0x70, 0x00, // moveq #0,d0
660     0x60, 0x00, 0x00, 0x04, // bra 2
661     0x70, 0xff, //1 moveq #-1,d0
662     0x4c, 0xdf, 0x0f, 0x0e, //2 movem.l (sp)+,d1-d3/a0-a3
663     0x46, 0xdf, // move (sp)+,sr
664     0x4e, 0x75 // rts
665     };
666    
667    
668     /*
669 gbeauche 1.9 * Copy PowerPC code to ROM image and reverse bytes if necessary
670     */
671    
672     static inline void memcpy_powerpc_code(void *dst, const void *src, size_t len)
673     {
674     #ifdef WORDS_BIGENDIAN
675     (void)memcpy(dst, src, len);
676     #else
677     uint32 *d = (uint32 *)dst;
678     uint32 *s = (uint32 *)src;
679     for (int i = 0; i < len/4; i++)
680     d[i] = htonl(s[i]);
681     #endif
682     }
683    
684    
685     /*
686 cebix 1.1 * Install ROM patches (RAMBase and KernelDataAddr must be set)
687     */
688    
689     bool PatchROM(void)
690     {
691     // Print ROM info
692     D(bug("Checksum: %08lx\n", ntohl(*(uint32 *)ROM_BASE)));
693     D(bug("Version: %04x\n", ntohs(*(uint16 *)(ROM_BASE + 8))));
694     D(bug("Sub Version: %04x\n", ntohs(*(uint16 *)(ROM_BASE + 18))));
695     D(bug("Nanokernel ID: %s\n", (char *)ROM_BASE + 0x30d064));
696     D(bug("Resource Map at %08lx\n", ntohl(*(uint32 *)(ROM_BASE + 26))));
697     D(bug("Trap Tables at %08lx\n\n", ntohl(*(uint32 *)(ROM_BASE + 34))));
698    
699     // Detect ROM type
700     if (!memcmp((void *)(ROM_BASE + 0x30d064), "Boot TNT", 8))
701     ROMType = ROMTYPE_TNT;
702     else if (!memcmp((void *)(ROM_BASE + 0x30d064), "Boot Alchemy", 12))
703     ROMType = ROMTYPE_ALCHEMY;
704     else if (!memcmp((void *)(ROM_BASE + 0x30d064), "Boot Zanzibar", 13))
705     ROMType = ROMTYPE_ZANZIBAR;
706     else if (!memcmp((void *)(ROM_BASE + 0x30d064), "Boot Gazelle", 12))
707     ROMType = ROMTYPE_GAZELLE;
708 gbeauche 1.11 else if (!memcmp((void *)(ROM_BASE + 0x30d064), "Boot Gossamer", 13))
709     ROMType = ROMTYPE_GOSSAMER;
710 cebix 1.1 else if (!memcmp((void *)(ROM_BASE + 0x30d064), "NewWorld", 8))
711     ROMType = ROMTYPE_NEWWORLD;
712     else
713     return false;
714    
715 gbeauche 1.14 // Check that other ROM addresses point to really free regions
716 gbeauche 1.21 if (!check_rom_patch_space(CHECK_LOAD_PATCH_SPACE, 0x40))
717 gbeauche 1.14 return false;
718 gbeauche 1.21 if (!check_rom_patch_space(PUT_SCRAP_PATCH_SPACE, 0x40))
719 gbeauche 1.14 return false;
720 gbeauche 1.21 if (!check_rom_patch_space(GET_SCRAP_PATCH_SPACE, 0x40))
721 gbeauche 1.14 return false;
722 gbeauche 1.21 if (!check_rom_patch_space(ADDR_MAP_PATCH_SPACE - 10 * 4, 0x100))
723 gbeauche 1.14 return false;
724    
725 cebix 1.1 // Apply patches
726     if (!patch_nanokernel_boot()) return false;
727     if (!patch_68k_emul()) return false;
728     if (!patch_nanokernel()) return false;
729     if (!patch_68k()) return false;
730    
731     #ifdef M68K_BREAK_POINT
732     // Install 68k breakpoint
733     uint16 *wp = (uint16 *)(ROM_BASE + M68K_BREAK_POINT);
734     *wp++ = htons(M68K_EMUL_BREAK);
735     *wp = htons(M68K_EMUL_RETURN);
736     #endif
737    
738     #ifdef POWERPC_BREAK_POINT
739     // Install PowerPC breakpoint
740     uint32 *lp = (uint32 *)(ROM_BASE + POWERPC_BREAK_POINT);
741     *lp = htonl(0);
742     #endif
743    
744     // Copy 68k emulator to 2MB boundary
745     memcpy((void *)(ROM_BASE + ROM_SIZE), (void *)(ROM_BASE + ROM_SIZE - 0x100000), 0x100000);
746     return true;
747     }
748    
749    
750     /*
751     * Nanokernel boot routine patches
752     */
753    
754     static bool patch_nanokernel_boot(void)
755     {
756     uint32 *lp;
757 gbeauche 1.20 uint32 base, loc;
758 cebix 1.1
759     // ROM boot structure patches
760     lp = (uint32 *)(ROM_BASE + 0x30d000);
761     lp[0x9c >> 2] = htonl(KernelDataAddr); // LA_InfoRecord
762     lp[0xa0 >> 2] = htonl(KernelDataAddr); // LA_KernelData
763     lp[0xa4 >> 2] = htonl(KernelDataAddr + 0x1000); // LA_EmulatorData
764     lp[0xa8 >> 2] = htonl(ROM_BASE + 0x480000); // LA_DispatchTable
765     lp[0xac >> 2] = htonl(ROM_BASE + 0x460000); // LA_EmulatorCode
766     lp[0x360 >> 2] = htonl(0); // Physical RAM base (? on NewWorld ROM, this contains -1)
767     lp[0xfd8 >> 2] = htonl(ROM_BASE + 0x2a); // 68k reset vector
768    
769     // Skip SR/BAT/SDR init
770 gbeauche 1.20 loc = 0x310000;
771 gbeauche 1.11 if (ROMType == ROMTYPE_GAZELLE || ROMType == ROMTYPE_GOSSAMER || ROMType == ROMTYPE_NEWWORLD) {
772 gbeauche 1.20 lp = (uint32 *)(ROM_BASE + loc);
773 cebix 1.1 *lp++ = htonl(POWERPC_NOP);
774     *lp = htonl(0x38000000);
775     }
776 gbeauche 1.20 static const uint8 sr_init_dat[] = {0x35, 0x4a, 0xff, 0xfc, 0x7d, 0x86, 0x50, 0x2e};
777     if ((base = find_rom_data(0x3101b0, 0x3105b0, sr_init_dat, sizeof(sr_init_dat))) == 0) return false;
778     D(bug("sr_init %08lx\n", base));
779     lp = (uint32 *)(ROM_BASE + loc + 8);
780     *lp = htonl(0x48000000 | ((base - loc - 8) & 0x3fffffc)); // b ROM_BASE+0x3101b0
781     lp = (uint32 *)(ROM_BASE + base);
782 cebix 1.1 *lp++ = htonl(0x80200000 + XLM_KERNEL_DATA); // lwz r1,(pointer to Kernel Data)
783     *lp++ = htonl(0x3da0dead); // lis r13,0xdead (start of kernel memory)
784     *lp++ = htonl(0x3dc00010); // lis r14,0x0010 (size of page table)
785     *lp = htonl(0x3de00010); // lis r15,0x0010 (size of kernel memory)
786    
787     // Don't read PVR
788 gbeauche 1.20 static const uint8 pvr_read_dat[] = {0x7d, 0x9f, 0x42, 0xa6};
789     if ((base = find_rom_data(0x3103b0, 0x3108b0, pvr_read_dat, sizeof(pvr_read_dat))) == 0) return false;
790     D(bug("pvr_read %08lx\n", base));
791     lp = (uint32 *)(ROM_BASE + base);
792 cebix 1.1 *lp = htonl(0x81800000 + XLM_PVR); // lwz r12,(theoretical PVR)
793    
794     // Set CPU specific data (even if ROM doesn't have support for that CPU)
795     if (ntohl(lp[6]) != 0x2c0c0001)
796     return false;
797     uint32 ofs = ntohl(lp[7]) & 0xffff;
798     D(bug("ofs %08lx\n", ofs));
799     lp[8] = htonl((ntohl(lp[8]) & 0xffff) | 0x48000000); // beq -> b
800 gbeauche 1.20 loc = (ntohl(lp[8]) & 0xffff) + (uint32)(lp+8) - ROM_BASE;
801 cebix 1.1 D(bug("loc %08lx\n", loc));
802     lp = (uint32 *)(ROM_BASE + ofs + 0x310000);
803     switch (PVR >> 16) {
804     case 1: // 601
805     lp[0] = htonl(0x1000); // Page size
806     lp[1] = htonl(0x8000); // Data cache size
807     lp[2] = htonl(0x8000); // Inst cache size
808     lp[3] = htonl(0x00200020); // Coherency block size/Reservation granule size
809     lp[4] = htonl(0x00010040); // Unified caches/Inst cache line size
810     lp[5] = htonl(0x00400020); // Data cache line size/Data cache block size touch
811     lp[6] = htonl(0x00200020); // Inst cache block size/Data cache block size
812     lp[7] = htonl(0x00080008); // Inst cache assoc/Data cache assoc
813     lp[8] = htonl(0x01000002); // TLB total size/TLB assoc
814     break;
815     case 3: // 603
816     lp[0] = htonl(0x1000); // Page size
817     lp[1] = htonl(0x2000); // Data cache size
818     lp[2] = htonl(0x2000); // Inst cache size
819     lp[3] = htonl(0x00200020); // Coherency block size/Reservation granule size
820     lp[4] = htonl(0x00000020); // Unified caches/Inst cache line size
821     lp[5] = htonl(0x00200020); // Data cache line size/Data cache block size touch
822     lp[6] = htonl(0x00200020); // Inst cache block size/Data cache block size
823     lp[7] = htonl(0x00020002); // Inst cache assoc/Data cache assoc
824     lp[8] = htonl(0x00400002); // TLB total size/TLB assoc
825     break;
826     case 4: // 604
827     lp[0] = htonl(0x1000); // Page size
828     lp[1] = htonl(0x4000); // Data cache size
829     lp[2] = htonl(0x4000); // Inst cache size
830     lp[3] = htonl(0x00200020); // Coherency block size/Reservation granule size
831     lp[4] = htonl(0x00000020); // Unified caches/Inst cache line size
832     lp[5] = htonl(0x00200020); // Data cache line size/Data cache block size touch
833     lp[6] = htonl(0x00200020); // Inst cache block size/Data cache block size
834     lp[7] = htonl(0x00040004); // Inst cache assoc/Data cache assoc
835     lp[8] = htonl(0x00800002); // TLB total size/TLB assoc
836     break;
837     // case 5: // 740?
838     case 6: // 603e
839     case 7: // 603ev
840     lp[0] = htonl(0x1000); // Page size
841     lp[1] = htonl(0x4000); // Data cache size
842     lp[2] = htonl(0x4000); // Inst cache size
843     lp[3] = htonl(0x00200020); // Coherency block size/Reservation granule size
844     lp[4] = htonl(0x00000020); // Unified caches/Inst cache line size
845     lp[5] = htonl(0x00200020); // Data cache line size/Data cache block size touch
846     lp[6] = htonl(0x00200020); // Inst cache block size/Data cache block size
847     lp[7] = htonl(0x00040004); // Inst cache assoc/Data cache assoc
848     lp[8] = htonl(0x00400002); // TLB total size/TLB assoc
849     break;
850 gbeauche 1.31 case 8: // 750, 750FX
851     case 0x7000:
852 cebix 1.1 lp[0] = htonl(0x1000); // Page size
853     lp[1] = htonl(0x8000); // Data cache size
854     lp[2] = htonl(0x8000); // Inst cache size
855     lp[3] = htonl(0x00200020); // Coherency block size/Reservation granule size
856     lp[4] = htonl(0x00000020); // Unified caches/Inst cache line size
857     lp[5] = htonl(0x00200020); // Data cache line size/Data cache block size touch
858     lp[6] = htonl(0x00200020); // Inst cache block size/Data cache block size
859     lp[7] = htonl(0x00080008); // Inst cache assoc/Data cache assoc
860     lp[8] = htonl(0x00800002); // TLB total size/TLB assoc
861     break;
862     case 9: // 604e
863     case 10: // 604ev5
864     lp[0] = htonl(0x1000); // Page size
865     lp[1] = htonl(0x8000); // Data cache size
866     lp[2] = htonl(0x8000); // Inst cache size
867     lp[3] = htonl(0x00200020); // Coherency block size/Reservation granule size
868     lp[4] = htonl(0x00000020); // Unified caches/Inst cache line size
869     lp[5] = htonl(0x00200020); // Data cache line size/Data cache block size touch
870     lp[6] = htonl(0x00200020); // Inst cache block size/Data cache block size
871     lp[7] = htonl(0x00040004); // Inst cache assoc/Data cache assoc
872     lp[8] = htonl(0x00800002); // TLB total size/TLB assoc
873     break;
874     // case 11: // X704?
875 gbeauche 1.31 case 12: // 7400, 7410, 7450, 7455, 7457
876 gbeauche 1.26 case 0x800c:
877 gbeauche 1.31 case 0x8000:
878     case 0x8001:
879     case 0x8002:
880 cebix 1.1 lp[0] = htonl(0x1000); // Page size
881     lp[1] = htonl(0x8000); // Data cache size
882     lp[2] = htonl(0x8000); // Inst cache size
883     lp[3] = htonl(0x00200020); // Coherency block size/Reservation granule size
884     lp[4] = htonl(0x00000020); // Unified caches/Inst cache line size
885     lp[5] = htonl(0x00200020); // Data cache line size/Data cache block size touch
886     lp[6] = htonl(0x00200020); // Inst cache block size/Data cache block size
887     lp[7] = htonl(0x00080008); // Inst cache assoc/Data cache assoc
888     lp[8] = htonl(0x00800002); // TLB total size/TLB assoc
889     break;
890     case 13: // ???
891     lp[0] = htonl(0x1000); // Page size
892     lp[1] = htonl(0x8000); // Data cache size
893     lp[2] = htonl(0x8000); // Inst cache size
894     lp[3] = htonl(0x00200020); // Coherency block size/Reservation granule size
895     lp[4] = htonl(0x00000020); // Unified caches/Inst cache line size
896     lp[5] = htonl(0x00200020); // Data cache line size/Data cache block size touch
897     lp[6] = htonl(0x00200020); // Inst cache block size/Data cache block size
898     lp[7] = htonl(0x00080008); // Inst cache assoc/Data cache assoc
899     lp[8] = htonl(0x01000004); // TLB total size/TLB assoc
900     break;
901     // case 50: // 821
902     // case 80: // 860
903     case 96: // ???
904     lp[0] = htonl(0x1000); // Page size
905     lp[1] = htonl(0x8000); // Data cache size
906     lp[2] = htonl(0x8000); // Inst cache size
907     lp[3] = htonl(0x00200020); // Coherency block size/Reservation granule size
908     lp[4] = htonl(0x00010020); // Unified caches/Inst cache line size
909     lp[5] = htonl(0x00200020); // Data cache line size/Data cache block size touch
910     lp[6] = htonl(0x00200020); // Inst cache block size/Data cache block size
911     lp[7] = htonl(0x00080008); // Inst cache assoc/Data cache assoc
912     lp[8] = htonl(0x00800004); // TLB total size/TLB assoc
913 gbeauche 1.25 break;
914 gbeauche 1.33 case 0x39: // 970
915     lp[0] = htonl(0x1000); // Page size
916     lp[1] = htonl(0x8000); // Data cache size
917     lp[2] = htonl(0x10000); // Inst cache size
918     lp[3] = htonl(0x00200020); // Coherency block size/Reservation granule size
919     lp[4] = htonl(0x00010020); // Unified caches/Inst cache line size
920     lp[5] = htonl(0x00200020); // Data cache line size/Data cache block size touch
921     lp[6] = htonl(0x00800080); // Inst cache block size/Data cache block size
922     lp[7] = htonl(0x00020002); // Inst cache assoc/Data cache assoc
923     lp[8] = htonl(0x02000004); // TLB total size/TLB assoc
924     break;
925 cebix 1.1 default:
926     printf("WARNING: Unknown CPU type\n");
927     break;
928     }
929    
930     // Don't set SPRG3, don't test MQ
931 gbeauche 1.20 static const uint8 sprg3_mq_dat[] = {0x7d, 0x13, 0x43, 0xa6, 0x3d, 0x00, 0x00, 0x04, 0x7d, 0x00, 0x03, 0xa6, 0x39, 0x00, 0x00, 0x00, 0x7d, 0x00, 0x02, 0xa6};
932     if ((base = find_rom_data(loc + 0x20, loc + 0x60, sprg3_mq_dat, sizeof(sprg3_mq_dat))) == 0) return false;
933     D(bug("sprg3/mq %08lx\n", base));
934     lp = (uint32 *)(ROM_BASE + base);
935     lp[0] = htonl(POWERPC_NOP);
936     lp[2] = htonl(POWERPC_NOP);
937     lp[4] = htonl(POWERPC_NOP);
938 cebix 1.1
939     // Don't read MSR
940 gbeauche 1.20 static const uint8 msr_dat[] = {0x7d, 0xc0, 0x00, 0xa6};
941     if ((base = find_rom_data(loc + 0x40, loc + 0x80, msr_dat, sizeof(msr_dat))) == 0) return false;
942     D(bug("msr %08lx\n", base));
943     lp = (uint32 *)(ROM_BASE + base);
944 cebix 1.1 *lp = htonl(0x39c00000); // li r14,0
945    
946     // Don't write to DEC
947     lp = (uint32 *)(ROM_BASE + loc + 0x70);
948     *lp++ = htonl(POWERPC_NOP);
949     loc = (ntohl(lp[0]) & 0xffff) + (uint32)lp - ROM_BASE;
950     D(bug("loc %08lx\n", loc));
951    
952     // Don't set SPRG3
953 gbeauche 1.20 static const uint8 sprg3_dat[] = {0x39, 0x21, 0x03, 0x60, 0x7d, 0x33, 0x43, 0xa6, 0x39, 0x01, 0x04, 0x20};
954     if ((base = find_rom_data(0x310000, 0x314000, sprg3_dat, sizeof(sprg3_dat))) == 0) return false;
955     D(bug("sprg3 %08lx\n", base + 4));
956     lp = (uint32 *)(ROM_BASE + base + 4);
957 cebix 1.1 *lp = htonl(POWERPC_NOP);
958    
959     // Don't read PVR
960 gbeauche 1.20 static const uint8 pvr_read2_dat[] = {0x7e, 0xff, 0x42, 0xa6, 0x56, 0xf7, 0x84, 0x3e};
961     if ((base = find_rom_data(0x310000, 0x320000, pvr_read2_dat, sizeof(pvr_read2_dat))) == 0) return false;
962     D(bug("pvr_read2 %08lx\n", base));
963     lp = (uint32 *)(ROM_BASE + base);
964 cebix 1.1 *lp = htonl(0x82e00000 + XLM_PVR); // lwz r23,(theoretical PVR)
965 gbeauche 1.20 if ((base = find_rom_data(base + 4, 0x320000, pvr_read2_dat, sizeof(pvr_read2_dat))) != 0) {
966     D(bug("pvr_read2 %08lx\n", base));
967     lp = (uint32 *)(ROM_BASE + base);
968 cebix 1.1 *lp = htonl(0x82e00000 + XLM_PVR); // lwz r23,(theoretical PVR)
969 gbeauche 1.20 }
970     static const uint8 pvr_read3_dat[] = {0x7e, 0x5f, 0x42, 0xa6, 0x56, 0x52, 0x84, 0x3e};
971     if ((base = find_rom_data(0x310000, 0x320000, pvr_read3_dat, sizeof(pvr_read3_dat))) != 0) {
972     D(bug("pvr_read3 %08lx\n", base));
973     lp = (uint32 *)(ROM_BASE + base);
974 cebix 1.1 *lp = htonl(0x82400000 + XLM_PVR); // lwz r18,(theoretical PVR)
975 gbeauche 1.20 }
976     static const uint8 pvr_read4_dat[] = {0x7d, 0x3f, 0x42, 0xa6, 0x55, 0x29, 0x84, 0x3e};
977     if ((base = find_rom_data(0x310000, 0x320000, pvr_read4_dat, sizeof(pvr_read4_dat))) != 0) {
978     D(bug("pvr_read4 %08lx\n", base));
979     lp = (uint32 *)(ROM_BASE + base);
980 gbeauche 1.4 *lp = htonl(0x81200000 + XLM_PVR); // lzw r9,(theoritical PVR)
981 gbeauche 1.20 }
982 cebix 1.1
983     // Don't read SDR1
984 gbeauche 1.20 static const uint8 sdr1_read_dat[] = {0x7d, 0x19, 0x02, 0xa6, 0x55, 0x16, 0x81, 0xde};
985     if ((base = find_rom_data(0x310000, 0x320000, sdr1_read_dat, sizeof(sdr1_read_dat))) == 0) return false;
986     D(bug("sdr1_read %08lx\n", base));
987     lp = (uint32 *)(ROM_BASE + base);
988 cebix 1.1 *lp++ = htonl(0x3d00dead); // lis r8,0xdead (pointer to page table)
989     *lp++ = htonl(0x3ec0001f); // lis r22,0x001f (size of page table)
990     *lp = htonl(POWERPC_NOP);
991    
992 gbeauche 1.20 // Don't clear page table, don't invalidate TLB
993     static const uint8 pgtb_clear_dat[] = {0x36, 0xd6, 0xff, 0xfc, 0x7e, 0xe8, 0xb1, 0x2e, 0x41, 0x81, 0xff, 0xf8};
994     if ((base = find_rom_data(0x310000, 0x320000, pgtb_clear_dat, sizeof(pgtb_clear_dat))) == 0) return false;
995     D(bug("pgtb_clear %08lx\n", base + 4));
996     lp = (uint32 *)(ROM_BASE + base + 4);
997 cebix 1.1 *lp = htonl(POWERPC_NOP);
998 gbeauche 1.20 D(bug("tblie %08lx\n", base + 12));
999     lp = (uint32 *)(ROM_BASE + base + 12);
1000 cebix 1.1 *lp = htonl(POWERPC_NOP);
1001    
1002     // Don't create RAM descriptor table
1003 gbeauche 1.20 static const uint8 desc_create_dat[] = {0x97, 0xfd, 0x00, 0x04, 0x3b, 0xff, 0x10, 0x00, 0x4b, 0xff, 0xff, 0xdc};
1004     if ((base = find_rom_data(0x310000, 0x320000, desc_create_dat, sizeof(desc_create_dat))) == 0) return false;
1005     D(bug("desc_create %08lx\n", base))
1006     lp = (uint32 *)(ROM_BASE + base);
1007 cebix 1.1 *lp = htonl(POWERPC_NOP);
1008    
1009     // Don't load SRs and BATs
1010 gbeauche 1.20 static const uint8 sr_load[] = {0x7c, 0x00, 0x04, 0xac, 0x83, 0x9d, 0x00, 0x00, 0x93, 0x81, 0x05, 0xe8};
1011     if ((loc = find_rom_data(0x310000, 0x320000, sr_load, sizeof(sr_load))) == 0) return false;
1012     static const uint8 sr_load_caller[] = {0x3e, 0xd6, 0xff, 0xff, 0x41, 0x81, 0xff, 0xdc, 0xb2, 0xc8, 0x00, 0x02};
1013     if ((base = find_rom_data(0x310000, 0x320000, sr_load_caller, sizeof(sr_load_caller))) == 0) return false;
1014     if ((base = find_rom_powerpc_branch(base + 12, 0x320000, loc)) == 0) return false;
1015     D(bug("sr_load %08lx, called from %08lx\n", loc, base));
1016     lp = (uint32 *)(ROM_BASE + base);
1017 cebix 1.1 *lp = htonl(POWERPC_NOP);
1018    
1019     // Don't mess with SRs
1020 gbeauche 1.20 static const uint8 sr_load2_dat[] = {0x83, 0xa1, 0x05, 0xe8, 0x57, 0x7c, 0x3e, 0x78, 0x7f, 0xbd, 0xe0, 0x2e};
1021     if ((base = find_rom_data(0x310000, 0x320000, sr_load2_dat, sizeof(sr_load2_dat))) == 0) return false;
1022     D(bug("sr_load2 %08lx\n", base));
1023     lp = (uint32 *)(ROM_BASE + base);
1024 cebix 1.1 *lp = htonl(POWERPC_BLR);
1025    
1026     // Don't check performance monitor
1027 gbeauche 1.20 static const uint8 pm_check_dat[] = {0x7e, 0x58, 0xeb, 0xa6, 0x7e, 0x53, 0x90, 0xf8, 0x7e, 0x78, 0xea, 0xa6};
1028     if ((base = find_rom_data(0x310000, 0x320000, pm_check_dat, sizeof(pm_check_dat))) == 0) return false;
1029     D(bug("pm_check %08lx\n", base));
1030     lp = (uint32 *)(ROM_BASE + base);
1031    
1032     static const int spr_check_list[] = {
1033     952 /* mmcr0 */, 953 /* pmc1 */, 954 /* pmc2 */, 955 /* sia */,
1034     956 /* mmcr1 */, 957 /* pmc3 */, 958 /* pmc4 */, 959 /* sda */
1035     };
1036    
1037     for (int i = 0; i < sizeof(spr_check_list)/sizeof(spr_check_list[0]); i++) {
1038     int spr = spr_check_list[i];
1039     uint32 mtspr = 0x7e4003a6 | ((spr & 0x1f) << 16) | ((spr & 0x3e0) << 6);
1040     uint32 mfspr = 0x7e6002a6 | ((spr & 0x1f) << 16) | ((spr & 0x3e0) << 6);
1041     for (int ofs = 0; ofs < 64; ofs++) {
1042     if (ntohl(lp[ofs]) == mtspr) {
1043     if (ntohl(lp[ofs + 2]) != mfspr)
1044     return false;
1045     D(bug(" SPR%d %08lx\n", spr, base + 4*ofs));
1046     lp[ofs] = htonl(POWERPC_NOP);
1047     lp[ofs + 2] = htonl(POWERPC_NOP);
1048     }
1049     }
1050     }
1051 cebix 1.1
1052     // Jump to 68k emulator
1053 gbeauche 1.20 static const uint8 jump68k_dat[] = {0x7d, 0x92, 0x43, 0xa6, 0x7d, 0x5a, 0x03, 0xa6, 0x7d, 0x7b, 0x03, 0xa6};
1054     if ((loc = find_rom_data(0x310000, 0x320000, jump68k_dat, sizeof(jump68k_dat))) == 0) return false;
1055     static const uint8 jump68k_caller_dat[] = {0x85, 0x13, 0x00, 0x08, 0x56, 0xbf, 0x50, 0x3e, 0x63, 0xff, 0x0c, 0x00};
1056     if ((base = find_rom_data(0x310000, 0x320000, jump68k_caller_dat, sizeof(jump68k_caller_dat))) == 0) return false;
1057     if ((base = find_rom_powerpc_branch(base + 12, 0x320000, loc)) == 0) return false;
1058     D(bug("jump68k %08lx, called from %08lx\n", loc, base));
1059     lp = (uint32 *)(ROM_BASE + base);
1060 cebix 1.1 *lp++ = htonl(0x80610634); // lwz r3,0x0634(r1) (pointer to Emulator Data)
1061     *lp++ = htonl(0x8081119c); // lwz r4,0x119c(r1) (pointer to opcode table)
1062     *lp++ = htonl(0x80011184); // lwz r0,0x1184(r1) (pointer to emulator init routine)
1063     *lp++ = htonl(0x7c0903a6); // mtctr r0
1064     *lp = htonl(POWERPC_BCTR);
1065     return true;
1066     }
1067    
1068    
1069     /*
1070     * 68k emulator patches
1071     */
1072    
1073     static bool patch_68k_emul(void)
1074     {
1075     uint32 *lp;
1076 gbeauche 1.29 uint32 base, loc;
1077 cebix 1.1
1078     // Overwrite twi instructions
1079 gbeauche 1.20 static const uint8 twi_dat[] = {0x0f, 0xff, 0x00, 0x00, 0x0f, 0xff, 0x00, 0x01, 0x0f, 0xff, 0x00, 0x02};
1080     if ((base = find_rom_data(0x36e600, 0x36ea00, twi_dat, sizeof(twi_dat))) == 0) return false;
1081     D(bug("twi %08lx\n", base));
1082 cebix 1.1 lp = (uint32 *)(ROM_BASE + base);
1083     *lp++ = htonl(0x48000000 + 0x36f900 - base); // b 0x36f900 (Emulator start)
1084     *lp++ = htonl(0x48000000 + 0x36fa00 - base - 4); // b 0x36fa00 (Mixed mode)
1085     *lp++ = htonl(0x48000000 + 0x36fb00 - base - 8); // b 0x36fb00 (Reset/FC1E opcode)
1086     *lp++ = htonl(0x48000000 + 0x36fc00 - base - 12); // FE0A opcode
1087     *lp++ = htonl(POWERPC_ILLEGAL); // Interrupt
1088     *lp++ = htonl(POWERPC_ILLEGAL); // ?
1089     *lp++ = htonl(POWERPC_ILLEGAL);
1090     *lp++ = htonl(POWERPC_ILLEGAL);
1091     *lp++ = htonl(POWERPC_ILLEGAL);
1092     *lp++ = htonl(POWERPC_ILLEGAL);
1093     *lp++ = htonl(POWERPC_ILLEGAL);
1094     *lp++ = htonl(POWERPC_ILLEGAL);
1095     *lp++ = htonl(POWERPC_ILLEGAL);
1096     *lp++ = htonl(POWERPC_ILLEGAL);
1097     *lp++ = htonl(POWERPC_ILLEGAL);
1098     *lp = htonl(POWERPC_ILLEGAL);
1099    
1100     #if EMULATED_PPC
1101 gbeauche 1.7 // Install EMUL_RETURN, EXEC_RETURN, EXEC_NATIVE and EMUL_OP opcodes
1102 cebix 1.1 lp = (uint32 *)(ROM_BASE + 0x380000 + (M68K_EMUL_RETURN << 3));
1103     *lp++ = htonl(POWERPC_EMUL_OP);
1104     *lp++ = htonl(0x4bf66e80); // b 0x366084
1105     *lp++ = htonl(POWERPC_EMUL_OP | 1);
1106     *lp++ = htonl(0x4bf66e78); // b 0x366084
1107 gbeauche 1.7 *lp++ = htonl(POWERPC_EMUL_OP | 2);
1108     *lp++ = htonl(0x4bf66e70); // b 0x366084
1109 cebix 1.1 for (int i=0; i<OP_MAX; i++) {
1110 gbeauche 1.7 *lp++ = htonl(POWERPC_EMUL_OP | (i + 3));
1111     *lp++ = htonl(0x4bf66e68 - i*8); // b 0x366084
1112 cebix 1.1 }
1113     #else
1114     // Install EMUL_RETURN, EXEC_RETURN and EMUL_OP opcodes
1115     lp = (uint32 *)(ROM_BASE + 0x380000 + (M68K_EMUL_RETURN << 3));
1116     *lp++ = htonl(0x80000000 + XLM_EMUL_RETURN_PROC); // lwz r0,XLM_EMUL_RETURN_PROC
1117     *lp++ = htonl(0x4bf705fc); // b 0x36f800
1118     *lp++ = htonl(0x80000000 + XLM_EXEC_RETURN_PROC); // lwz r0,XLM_EXEC_RETURN_PROC
1119     *lp++ = htonl(0x4bf705f4); // b 0x36f800
1120 gbeauche 1.7 *lp++ = htonl(0x00dead00); // Let SheepShaver crash, since
1121     *lp++ = htonl(0x00beef00); // no native opcode is available
1122 cebix 1.1 for (int i=0; i<OP_MAX; i++) {
1123     *lp++ = htonl(0x38a00000 + i); // li r5,OP_*
1124 gbeauche 1.7 *lp++ = htonl(0x4bf705ec - i*8); // b 0x36f808
1125 cebix 1.1 }
1126    
1127     // Extra routines for EMUL_RETURN/EXEC_RETURN/EMUL_OP
1128     lp = (uint32 *)(ROM_BASE + 0x36f800);
1129     *lp++ = htonl(0x7c0803a6); // mtlr r0
1130     *lp++ = htonl(0x4e800020); // blr
1131    
1132     *lp++ = htonl(0x80000000 + XLM_EMUL_OP_PROC); // lwz r0,XLM_EMUL_OP_PROC
1133     *lp++ = htonl(0x7c0803a6); // mtlr r0
1134     *lp = htonl(0x4e800020); // blr
1135     #endif
1136    
1137     // Extra routine for 68k emulator start
1138     lp = (uint32 *)(ROM_BASE + 0x36f900);
1139     *lp++ = htonl(0x7c2903a6); // mtctr r1
1140     *lp++ = htonl(0x80200000 + XLM_IRQ_NEST); // lwz r1,XLM_IRQ_NEST
1141     *lp++ = htonl(0x38210001); // addi r1,r1,1
1142     *lp++ = htonl(0x90200000 + XLM_IRQ_NEST); // stw r1,XLM_IRQ_NEST
1143     *lp++ = htonl(0x80200000 + XLM_KERNEL_DATA);// lwz r1,XLM_KERNEL_DATA
1144     *lp++ = htonl(0x90c10018); // stw r6,0x18(r1)
1145     *lp++ = htonl(0x7cc902a6); // mfctr r6
1146     *lp++ = htonl(0x90c10004); // stw r6,$0004(r1)
1147     *lp++ = htonl(0x80c1065c); // lwz r6,$065c(r1)
1148     *lp++ = htonl(0x90e6013c); // stw r7,$013c(r6)
1149     *lp++ = htonl(0x91060144); // stw r8,$0144(r6)
1150     *lp++ = htonl(0x9126014c); // stw r9,$014c(r6)
1151     *lp++ = htonl(0x91460154); // stw r10,$0154(r6)
1152     *lp++ = htonl(0x9166015c); // stw r11,$015c(r6)
1153     *lp++ = htonl(0x91860164); // stw r12,$0164(r6)
1154     *lp++ = htonl(0x91a6016c); // stw r13,$016c(r6)
1155     *lp++ = htonl(0x7da00026); // mfcr r13
1156     *lp++ = htonl(0x80e10660); // lwz r7,$0660(r1)
1157     *lp++ = htonl(0x7d8802a6); // mflr r12
1158     *lp++ = htonl(0x50e74001); // rlwimi. r7,r7,8,$80000000
1159     *lp++ = htonl(0x814105f0); // lwz r10,0x05f0(r1)
1160     *lp++ = htonl(0x7d4803a6); // mtlr r10
1161     *lp++ = htonl(0x7d8a6378); // mr r10,r12
1162     *lp++ = htonl(0x3d600002); // lis r11,0x0002
1163     *lp++ = htonl(0x616bf072); // ori r11,r11,0xf072 (MSR)
1164     *lp++ = htonl(0x50e7deb4); // rlwimi r7,r7,27,$00000020
1165     *lp = htonl(0x4e800020); // blr
1166    
1167     // Extra routine for Mixed Mode
1168     lp = (uint32 *)(ROM_BASE + 0x36fa00);
1169     *lp++ = htonl(0x7c2903a6); // mtctr r1
1170     *lp++ = htonl(0x80200000 + XLM_IRQ_NEST); // lwz r1,XLM_IRQ_NEST
1171     *lp++ = htonl(0x38210001); // addi r1,r1,1
1172     *lp++ = htonl(0x90200000 + XLM_IRQ_NEST); // stw r1,XLM_IRQ_NEST
1173     *lp++ = htonl(0x80200000 + XLM_KERNEL_DATA);// lwz r1,XLM_KERNEL_DATA
1174     *lp++ = htonl(0x90c10018); // stw r6,0x18(r1)
1175     *lp++ = htonl(0x7cc902a6); // mfctr r6
1176     *lp++ = htonl(0x90c10004); // stw r6,$0004(r1)
1177     *lp++ = htonl(0x80c1065c); // lwz r6,$065c(r1)
1178     *lp++ = htonl(0x90e6013c); // stw r7,$013c(r6)
1179     *lp++ = htonl(0x91060144); // stw r8,$0144(r6)
1180     *lp++ = htonl(0x9126014c); // stw r9,$014c(r6)
1181     *lp++ = htonl(0x91460154); // stw r10,$0154(r6)
1182     *lp++ = htonl(0x9166015c); // stw r11,$015c(r6)
1183     *lp++ = htonl(0x91860164); // stw r12,$0164(r6)
1184     *lp++ = htonl(0x91a6016c); // stw r13,$016c(r6)
1185     *lp++ = htonl(0x7da00026); // mfcr r13
1186     *lp++ = htonl(0x80e10660); // lwz r7,$0660(r1)
1187     *lp++ = htonl(0x7d8802a6); // mflr r12
1188     *lp++ = htonl(0x50e74001); // rlwimi. r7,r7,8,$80000000
1189     *lp++ = htonl(0x814105f4); // lwz r10,0x05f4(r1)
1190     *lp++ = htonl(0x7d4803a6); // mtlr r10
1191     *lp++ = htonl(0x7d8a6378); // mr r10,r12
1192     *lp++ = htonl(0x3d600002); // lis r11,0x0002
1193     *lp++ = htonl(0x616bf072); // ori r11,r11,0xf072 (MSR)
1194     *lp++ = htonl(0x50e7deb4); // rlwimi r7,r7,27,$00000020
1195     *lp = htonl(0x4e800020); // blr
1196    
1197     // Extra routine for Reset/FC1E opcode
1198 gbeauche 1.4 lp = (uint32 *)(ROM_BASE + 0x36fb00);
1199 cebix 1.1 *lp++ = htonl(0x7c2903a6); // mtctr r1
1200     *lp++ = htonl(0x80200000 + XLM_IRQ_NEST); // lwz r1,XLM_IRQ_NEST
1201     *lp++ = htonl(0x38210001); // addi r1,r1,1
1202     *lp++ = htonl(0x90200000 + XLM_IRQ_NEST); // stw r1,XLM_IRQ_NEST
1203     *lp++ = htonl(0x80200000 + XLM_KERNEL_DATA);// lwz r1,XLM_KERNEL_DATA
1204     *lp++ = htonl(0x90c10018); // stw r6,0x18(r1)
1205     *lp++ = htonl(0x7cc902a6); // mfctr r6
1206     *lp++ = htonl(0x90c10004); // stw r6,$0004(r1)
1207     *lp++ = htonl(0x80c1065c); // lwz r6,$065c(r1)
1208     *lp++ = htonl(0x90e6013c); // stw r7,$013c(r6)
1209     *lp++ = htonl(0x91060144); // stw r8,$0144(r6)
1210     *lp++ = htonl(0x9126014c); // stw r9,$014c(r6)
1211     *lp++ = htonl(0x91460154); // stw r10,$0154(r6)
1212     *lp++ = htonl(0x9166015c); // stw r11,$015c(r6)
1213     *lp++ = htonl(0x91860164); // stw r12,$0164(r6)
1214     *lp++ = htonl(0x91a6016c); // stw r13,$016c(r6)
1215     *lp++ = htonl(0x7da00026); // mfcr r13
1216     *lp++ = htonl(0x80e10660); // lwz r7,$0660(r1)
1217     *lp++ = htonl(0x7d8802a6); // mflr r12
1218     *lp++ = htonl(0x50e74001); // rlwimi. r7,r7,8,$80000000
1219 gbeauche 1.4 *lp++ = htonl(0x814105f8); // lwz r10,0x05f8(r1)
1220 cebix 1.1 *lp++ = htonl(0x7d4803a6); // mtlr r10
1221     *lp++ = htonl(0x7d8a6378); // mr r10,r12
1222     *lp++ = htonl(0x3d600002); // lis r11,0x0002
1223     *lp++ = htonl(0x616bf072); // ori r11,r11,0xf072 (MSR)
1224     *lp++ = htonl(0x50e7deb4); // rlwimi r7,r7,27,$00000020
1225     *lp = htonl(0x4e800020); // blr
1226    
1227     // Extra routine for FE0A opcode (QuickDraw 3D needs this)
1228     lp = (uint32 *)(ROM_BASE + 0x36fc00);
1229     *lp++ = htonl(0x7c2903a6); // mtctr r1
1230     *lp++ = htonl(0x80200000 + XLM_IRQ_NEST); // lwz r1,XLM_IRQ_NEST
1231     *lp++ = htonl(0x38210001); // addi r1,r1,1
1232     *lp++ = htonl(0x90200000 + XLM_IRQ_NEST); // stw r1,XLM_IRQ_NEST
1233     *lp++ = htonl(0x80200000 + XLM_KERNEL_DATA);// lwz r1,XLM_KERNEL_DATA
1234     *lp++ = htonl(0x90c10018); // stw r6,0x18(r1)
1235     *lp++ = htonl(0x7cc902a6); // mfctr r6
1236     *lp++ = htonl(0x90c10004); // stw r6,$0004(r1)
1237     *lp++ = htonl(0x80c1065c); // lwz r6,$065c(r1)
1238     *lp++ = htonl(0x90e6013c); // stw r7,$013c(r6)
1239     *lp++ = htonl(0x91060144); // stw r8,$0144(r6)
1240     *lp++ = htonl(0x9126014c); // stw r9,$014c(r6)
1241     *lp++ = htonl(0x91460154); // stw r10,$0154(r6)
1242     *lp++ = htonl(0x9166015c); // stw r11,$015c(r6)
1243     *lp++ = htonl(0x91860164); // stw r12,$0164(r6)
1244     *lp++ = htonl(0x91a6016c); // stw r13,$016c(r6)
1245     *lp++ = htonl(0x7da00026); // mfcr r13
1246     *lp++ = htonl(0x80e10660); // lwz r7,$0660(r1)
1247     *lp++ = htonl(0x7d8802a6); // mflr r12
1248     *lp++ = htonl(0x50e74001); // rlwimi. r7,r7,8,$80000000
1249 gbeauche 1.4 *lp++ = htonl(0x814105fc); // lwz r10,0x05fc(r1)
1250 cebix 1.1 *lp++ = htonl(0x7d4803a6); // mtlr r10
1251     *lp++ = htonl(0x7d8a6378); // mr r10,r12
1252     *lp++ = htonl(0x3d600002); // lis r11,0x0002
1253     *lp++ = htonl(0x616bf072); // ori r11,r11,0xf072 (MSR)
1254     *lp++ = htonl(0x50e7deb4); // rlwimi r7,r7,27,$00000020
1255     *lp = htonl(0x4e800020); // blr
1256    
1257     // Patch DR emulator to jump to right address when an interrupt occurs
1258     lp = (uint32 *)(ROM_BASE + 0x370000);
1259     while (lp < (uint32 *)(ROM_BASE + 0x380000)) {
1260     if (ntohl(*lp) == 0x4ca80020) // bclr 5,8
1261     goto dr_found;
1262     lp++;
1263     }
1264     D(bug("DR emulator patch location not found\n"));
1265     return false;
1266     dr_found:
1267     lp++;
1268 gbeauche 1.29 loc = (uint32)lp - ROM_BASE;
1269     if ((base = powerpc_branch_target(ROM_BASE + loc)) == 0) base = ROM_BASE + loc;
1270     static const uint8 dr_ret_dat[] = {0x80, 0xbf, 0x08, 0x14, 0x53, 0x19, 0x4d, 0xac, 0x7c, 0xa8, 0x03, 0xa6};
1271     if ((base = find_rom_data(base - ROM_BASE, 0x380000, dr_ret_dat, sizeof(dr_ret_dat))) == 0) return false;
1272     D(bug("dr_ret %08lx\n", base));
1273     if (base != loc) {
1274     // OldWorld ROMs contain an absolute branch
1275     D(bug(" patching absolute branch at %08x\n", (uint32)lp - ROM_BASE));
1276     *lp = htonl(0x48000000 + 0xf000 - (((uint32)lp - ROM_BASE) & 0xffff)); // b DR_CACHE_BASE+0x1f000
1277     lp = (uint32 *)(ROM_BASE + 0x37f000);
1278     *lp++ = htonl(0x3c000000 + ((ROM_BASE + base) >> 16)); // lis r0,xxx
1279     *lp++ = htonl(0x60000000 + ((ROM_BASE + base) & 0xffff)); // ori r0,r0,xxx
1280     *lp++ = htonl(0x7c0803a6); // mtlr r0
1281     *lp = htonl(POWERPC_BLR); // blr
1282     }
1283 cebix 1.1 return true;
1284     }
1285    
1286    
1287     /*
1288     * Nanokernel patches
1289     */
1290    
1291     static bool patch_nanokernel(void)
1292     {
1293     uint32 *lp;
1294 gbeauche 1.20 uint32 base, loc;
1295 cebix 1.1
1296     // Patch Mixed Mode trap
1297 gbeauche 1.20 static const uint8 virt2phys_dat[] = {0x7d, 0x1b, 0x43, 0x78, 0x3b, 0xa1, 0x03, 0x20};
1298     if ((base = find_rom_data(0x313000, 0x314000, virt2phys_dat, sizeof(virt2phys_dat))) == 0) return false;
1299     D(bug("virt2phys %08lx\n", base + 8));
1300     lp = (uint32 *)(ROM_BASE + base + 8); // Don't translate virtual->physical
1301     lp[0] = htonl(0x7f7fdb78); // mr r31,r27
1302     lp[2] = htonl(POWERPC_NOP);
1303    
1304     static const uint8 ppc_excp_tbl_dat[] = {0x39, 0x01, 0x04, 0x20, 0x7d, 0x13, 0x43, 0xa6};
1305     if ((base = find_rom_data(0x313000, 0x314000, ppc_excp_tbl_dat, sizeof(ppc_excp_tbl_dat))) == 0) return false;
1306     D(bug("ppc_excp_tbl %08lx\n", base));
1307     lp = (uint32 *)(ROM_BASE + base); // Don't activate PPC exception table
1308 cebix 1.1 *lp++ = htonl(0x39000000 + MODE_NATIVE); // li r8,MODE_NATIVE
1309 gbeauche 1.20 *lp = htonl(0x91000000 + XLM_RUN_MODE); // stw r8,XLM_RUN_MODE
1310 cebix 1.1
1311 gbeauche 1.20 static const uint8 save_fpu_dat[] = {0x7d, 0x00, 0x00, 0xa6, 0x61, 0x08, 0x20, 0x00, 0x7d, 0x00, 0x01, 0x24};
1312     if ((base = find_rom_data(0x310000, 0x314000, save_fpu_dat, sizeof(save_fpu_dat))) == 0) return false;
1313     D(bug("save_fpu %08lx\n", base));
1314     lp = (uint32 *)(ROM_BASE + base); // Don't modify MSR to turn on FPU
1315     if (ntohl(lp[4]) != 0x556b04e2) return false;
1316     loc = ROM_BASE + base;
1317     #if 1
1318     // FIXME: is that really intended?
1319 cebix 1.1 *lp++ = htonl(POWERPC_NOP);
1320     lp++;
1321     *lp++ = htonl(POWERPC_NOP);
1322     lp++;
1323     *lp = htonl(POWERPC_NOP);
1324 gbeauche 1.20 #else
1325     lp[0] = htonl(POWERPC_NOP);
1326     lp[1] = htonl(POWERPC_NOP);
1327     lp[2] = htonl(POWERPC_NOP);
1328     lp[3] = htonl(POWERPC_NOP);
1329     #endif
1330 cebix 1.1
1331 gbeauche 1.20 static const uint8 save_fpu_caller_dat[] = {0x93, 0xa6, 0x01, 0xec, 0x93, 0xc6, 0x01, 0xf4, 0x93, 0xe6, 0x01, 0xfc, 0x40};
1332     if ((base = find_rom_data(0x310000, 0x314000, save_fpu_caller_dat, sizeof(save_fpu_caller_dat))) == 0) return false;
1333     D(bug("save_fpu_caller %08lx\n", base + 12));
1334     if (powerpc_branch_target(ROM_BASE + base + 12) != loc) return false;
1335     lp = (uint32 *)(ROM_BASE + base + 12); // Always save FPU state
1336 cebix 1.1 *lp = htonl(0x48000000 | (ntohl(*lp) & 0xffff)); // bl 0x00312e88
1337    
1338 gbeauche 1.20 static const uint8 mdec_dat[] = {0x7f, 0xf6, 0x02, 0xa6, 0x2c, 0x08, 0x00, 0x00, 0x93, 0xe1, 0x06, 0x68, 0x7d, 0x16, 0x03, 0xa6};
1339     if ((base = find_rom_data(0x310000, 0x314000, mdec_dat, sizeof(mdec_dat))) == 0) return false;
1340     D(bug("mdec %08lx\n", base));
1341     lp = (uint32 *)(ROM_BASE + base); // Don't modify DEC
1342     lp[0] = htonl(0x3be00000); // li r31,0
1343 cebix 1.1 #if 1
1344 gbeauche 1.20 lp[3] = htonl(POWERPC_NOP);
1345     lp[4] = htonl(POWERPC_NOP);
1346 cebix 1.1 #else
1347 gbeauche 1.20 lp[3] = htonl(0x39000040); // li r8,0x40
1348     lp[4] = htonl(0x990600e4); // stb r8,0xe4(r6)
1349 cebix 1.1 #endif
1350    
1351 gbeauche 1.20 static const uint8 restore_fpu_caller_dat[] = {0x81, 0x06, 0x00, 0xf4, 0x81, 0x46, 0x00, 0xfc, 0x7d, 0x09, 0x03, 0xa6, 0x40};
1352     if ((base = find_rom_data(0x310000, 0x314000, restore_fpu_caller_dat, sizeof(restore_fpu_caller_dat))) == 0) return false;
1353     D(bug("restore_fpu_caller %08lx\n", base + 12));
1354     lp = (uint32 *)(ROM_BASE + base + 12); // Always restore FPU state
1355 cebix 1.1 *lp = htonl(0x48000000 | (ntohl(*lp) & 0xffff)); // bl 0x00312ddc
1356    
1357 gbeauche 1.20 static const uint8 m68k_excp_tbl_dat[] = {0x81, 0x21, 0x06, 0x58, 0x39, 0x01, 0x03, 0x60, 0x7d, 0x13, 0x43, 0xa6};
1358     if ((base = find_rom_data(0x310000, 0x314000, m68k_excp_tbl_dat, sizeof(m68k_excp_tbl_dat))) == 0) return false;
1359     D(bug("m68k_excp %08lx\n", base + 4));
1360     lp = (uint32 *)(ROM_BASE + base + 4); // Don't activate 68k exception table
1361 cebix 1.1 *lp++ = htonl(0x39000000 + MODE_68K); // li r8,MODE_68K
1362     *lp = htonl(0x91000000 + XLM_RUN_MODE); // stw r8,XLM_RUN_MODE
1363    
1364     // Patch 68k emulator trap routine
1365 gbeauche 1.20 static const uint8 restore_fpu_caller2_dat[] = {0x81, 0x86, 0x00, 0x8c, 0x80, 0x66, 0x00, 0x94, 0x80, 0x86, 0x00, 0x9c, 0x40};
1366     if ((base = find_rom_data(0x310000, 0x314000, restore_fpu_caller2_dat, sizeof(restore_fpu_caller2_dat))) == 0) return false;
1367     D(bug("restore_fpu_caller2 %08lx\n", base + 12));
1368     loc = powerpc_branch_target(ROM_BASE + base + 12) - ROM_BASE;
1369     lp = (uint32 *)(ROM_BASE + base + 12); // Always restore FPU state
1370 cebix 1.1 *lp = htonl(0x48000000 | (ntohl(*lp) & 0xffff)); // bl 0x00312dd4
1371    
1372 gbeauche 1.20 static const uint8 restore_fpu_dat[] = {0x55, 0x68, 0x04, 0xa5, 0x4c, 0x82, 0x00, 0x20, 0x81, 0x06, 0x00, 0xe4};
1373     if ((base = find_rom_data(0x310000, 0x314000, restore_fpu_dat, sizeof(restore_fpu_dat))) == 0) return false;
1374     D(bug("restore_fpu %08lx\n", base));
1375     if (base != loc) return false;
1376     lp = (uint32 *)(ROM_BASE + base + 4); // Don't modify MSR to turn on FPU
1377 cebix 1.1 *lp++ = htonl(POWERPC_NOP);
1378     lp += 2;
1379     *lp++ = htonl(POWERPC_NOP);
1380     lp++;
1381     *lp++ = htonl(POWERPC_NOP);
1382     *lp++ = htonl(POWERPC_NOP);
1383     *lp = htonl(POWERPC_NOP);
1384    
1385     // Patch trap return routine
1386 gbeauche 1.20 static const uint8 trap_return_dat[] = {0x80, 0xc1, 0x00, 0x18, 0x80, 0x21, 0x00, 0x04, 0x4c, 0x00, 0x00, 0x64};
1387     if ((base = find_rom_data(0x312000, 0x320000, trap_return_dat, sizeof(trap_return_dat))) == 0) return false;
1388     D(bug("trap_return %08lx\n", base + 8));
1389     lp = (uint32 *)(ROM_BASE + base + 8); // Replace rfi
1390     *lp = htonl(POWERPC_BCTR);
1391    
1392     while (ntohl(*lp) != 0x7d5a03a6) lp--;
1393 cebix 1.1 *lp++ = htonl(0x7d4903a6); // mtctr r10
1394     *lp++ = htonl(0x7daff120); // mtcr r13
1395 gbeauche 1.20 *lp = htonl(0x48000000 + ((0x318000 - ((uint32)lp - ROM_BASE)) & 0x03fffffc)); // b ROM_BASE+0x318000
1396     uint32 npc = (uint32)(lp + 1) - ROM_BASE;
1397 cebix 1.1
1398     lp = (uint32 *)(ROM_BASE + 0x318000);
1399     *lp++ = htonl(0x81400000 + XLM_IRQ_NEST); // lwz r10,XLM_IRQ_NEST
1400     *lp++ = htonl(0x394affff); // subi r10,r10,1
1401     *lp++ = htonl(0x91400000 + XLM_IRQ_NEST); // stw r10,XLM_IRQ_NEST
1402 gbeauche 1.20 *lp = htonl(0x48000000 + ((npc - 0x31800c) & 0x03fffffc)); // b ROM_BASE+0x312c2c
1403 gbeauche 1.8
1404 cebix 1.1 /*
1405     // Disable FE0A/FE06 opcodes
1406     lp = (uint32 *)(ROM_BASE + 0x3144ac);
1407     *lp++ = htonl(POWERPC_NOP);
1408     *lp += 8;
1409     */
1410     return true;
1411     }
1412    
1413    
1414     /*
1415     * 68k boot routine patches
1416     */
1417    
1418     static bool patch_68k(void)
1419     {
1420     uint32 *lp;
1421     uint16 *wp;
1422     uint8 *bp;
1423 gbeauche 1.20 uint32 base, loc;
1424 cebix 1.1
1425     // Remove 68k RESET instruction
1426     static const uint8 reset_dat[] = {0x4e, 0x70};
1427     if ((base = find_rom_data(0xc8, 0x120, reset_dat, sizeof(reset_dat))) == 0) return false;
1428     D(bug("reset %08lx\n", base));
1429     wp = (uint16 *)(ROM_BASE + base);
1430     *wp = htons(M68K_NOP);
1431    
1432     // Fake reading PowerMac ID (via Universal)
1433     static const uint8 powermac_id_dat[] = {0x45, 0xf9, 0x5f, 0xff, 0xff, 0xfc, 0x20, 0x12, 0x72, 0x00};
1434     if ((base = find_rom_data(0xe000, 0x15000, powermac_id_dat, sizeof(powermac_id_dat))) == 0) return false;
1435     D(bug("powermac_id %08lx\n", base));
1436     wp = (uint16 *)(ROM_BASE + base);
1437     *wp++ = htons(0x203c); // move.l #id,d0
1438     *wp++ = htons(0);
1439     // if (ROMType == ROMTYPE_NEWWORLD)
1440     // *wp++ = htons(0x3035); // (PowerMac 9500 ID)
1441     // else
1442     *wp++ = htons(0x3020); // (PowerMac 9500 ID)
1443     *wp++ = htons(0xb040); // cmp.w d0,d0
1444     *wp = htons(0x4ed6); // jmp (a6)
1445    
1446     // Patch UniversalInfo
1447     if (ROMType == ROMTYPE_NEWWORLD) {
1448     static const uint8 univ_info_dat[] = {0x3f, 0xff, 0x04, 0x00};
1449 gbeauche 1.4 if ((base = find_rom_data(0x14000, 0x18000, univ_info_dat, sizeof(univ_info_dat))) == 0) return false;
1450 cebix 1.1 D(bug("universal_info %08lx\n", base));
1451     lp = (uint32 *)(ROM_BASE + base - 0x14);
1452     lp[0x00 >> 2] = htonl(ADDR_MAP_PATCH_SPACE - (base - 0x14));
1453     lp[0x10 >> 2] = htonl(0xcc003d11); // Make it like the PowerMac 9500 UniversalInfo
1454     lp[0x14 >> 2] = htonl(0x3fff0401);
1455     lp[0x18 >> 2] = htonl(0x0300001c);
1456     lp[0x1c >> 2] = htonl(0x000108c4);
1457     lp[0x24 >> 2] = htonl(0xc301bf26);
1458     lp[0x28 >> 2] = htonl(0x00000861);
1459     lp[0x58 >> 2] = htonl(0x30200000);
1460     lp[0x60 >> 2] = htonl(0x0000003d);
1461     } else if (ROMType == ROMTYPE_ZANZIBAR) {
1462     base = 0x12b70;
1463     lp = (uint32 *)(ROM_BASE + base - 0x14);
1464     lp[0x00 >> 2] = htonl(ADDR_MAP_PATCH_SPACE - (base - 0x14));
1465     lp[0x10 >> 2] = htonl(0xcc003d11); // Make it like the PowerMac 9500 UniversalInfo
1466     lp[0x14 >> 2] = htonl(0x3fff0401);
1467     lp[0x18 >> 2] = htonl(0x0300001c);
1468     lp[0x1c >> 2] = htonl(0x000108c4);
1469     lp[0x24 >> 2] = htonl(0xc301bf26);
1470     lp[0x28 >> 2] = htonl(0x00000861);
1471     lp[0x58 >> 2] = htonl(0x30200000);
1472     lp[0x60 >> 2] = htonl(0x0000003d);
1473 gbeauche 1.11 } else if (ROMType == ROMTYPE_GOSSAMER) {
1474     base = 0x12d20;
1475     lp = (uint32 *)(ROM_BASE + base - 0x14);
1476     lp[0x00 >> 2] = htonl(ADDR_MAP_PATCH_SPACE - (base - 0x14));
1477     lp[0x10 >> 2] = htonl(0xcc003d11); // Make it like the PowerMac 9500 UniversalInfo
1478     lp[0x14 >> 2] = htonl(0x3fff0401);
1479     lp[0x18 >> 2] = htonl(0x0300001c);
1480     lp[0x1c >> 2] = htonl(0x000108c4);
1481     lp[0x24 >> 2] = htonl(0xc301bf26);
1482     lp[0x28 >> 2] = htonl(0x00000861);
1483     lp[0x58 >> 2] = htonl(0x30410000);
1484     lp[0x60 >> 2] = htonl(0x0000003d);
1485 cebix 1.1 }
1486    
1487     // Construct AddrMap for NewWorld ROM
1488 gbeauche 1.11 if (ROMType == ROMTYPE_NEWWORLD || ROMType == ROMTYPE_ZANZIBAR || ROMType == ROMTYPE_GOSSAMER) {
1489 cebix 1.1 lp = (uint32 *)(ROM_BASE + ADDR_MAP_PATCH_SPACE);
1490     memset(lp - 10, 0, 0x128);
1491     lp[-10] = htonl(0x0300001c);
1492     lp[-9] = htonl(0x000108c4);
1493     lp[-4] = htonl(0x00300000);
1494     lp[-2] = htonl(0x11010000);
1495     lp[-1] = htonl(0xf8000000);
1496     lp[0] = htonl(0xffc00000);
1497     lp[2] = htonl(0xf3016000);
1498     lp[3] = htonl(0xf3012000);
1499     lp[4] = htonl(0xf3012000);
1500     lp[24] = htonl(0xf3018000);
1501     lp[25] = htonl(0xf3010000);
1502     lp[34] = htonl(0xf3011000);
1503     lp[38] = htonl(0xf3015000);
1504     lp[39] = htonl(0xf3014000);
1505     lp[43] = htonl(0xf3000000);
1506     lp[48] = htonl(0xf8000000);
1507     }
1508    
1509     // Don't initialize VIA (via Universal)
1510     static const uint8 via_init_dat[] = {0x08, 0x00, 0x00, 0x02, 0x67, 0x00, 0x00, 0x2c, 0x24, 0x68, 0x00, 0x08};
1511     if ((base = find_rom_data(0xe000, 0x15000, via_init_dat, sizeof(via_init_dat))) == 0) return false;
1512     D(bug("via_init %08lx\n", base));
1513     wp = (uint16 *)(ROM_BASE + base + 4);
1514     *wp = htons(0x6000); // bra
1515    
1516     static const uint8 via_init2_dat[] = {0x24, 0x68, 0x00, 0x08, 0x00, 0x12, 0x00, 0x30, 0x4e, 0x71};
1517     if ((base = find_rom_data(0xa000, 0x10000, via_init2_dat, sizeof(via_init2_dat))) == 0) return false;
1518     D(bug("via_init2 %08lx\n", base));
1519     wp = (uint16 *)(ROM_BASE + base);
1520     *wp = htons(0x4ed6); // jmp (a6)
1521    
1522     static const uint8 via_init3_dat[] = {0x22, 0x68, 0x00, 0x08, 0x28, 0x3c, 0x20, 0x00, 0x01, 0x00};
1523     if ((base = find_rom_data(0xa000, 0x10000, via_init3_dat, sizeof(via_init3_dat))) == 0) return false;
1524     D(bug("via_init3 %08lx\n", base));
1525     wp = (uint16 *)(ROM_BASE + base);
1526     *wp = htons(0x4ed6); // jmp (a6)
1527    
1528     // Don't RunDiags, get BootGlobs pointer directly
1529     if (ROMType == ROMTYPE_NEWWORLD) {
1530     static const uint8 run_diags_dat[] = {0x60, 0xff, 0x00, 0x0c};
1531     if ((base = find_rom_data(0x110, 0x128, run_diags_dat, sizeof(run_diags_dat))) == 0) return false;
1532     D(bug("run_diags %08lx\n", base));
1533     wp = (uint16 *)(ROM_BASE + base);
1534     *wp++ = htons(0x4df9); // lea xxx,a6
1535     *wp++ = htons((RAMBase + RAMSize - 0x1c) >> 16);
1536     *wp = htons((RAMBase + RAMSize - 0x1c) & 0xffff);
1537     } else {
1538     static const uint8 run_diags_dat[] = {0x74, 0x00, 0x2f, 0x0e};
1539     if ((base = find_rom_data(0xd0, 0xf0, run_diags_dat, sizeof(run_diags_dat))) == 0) return false;
1540     D(bug("run_diags %08lx\n", base));
1541     wp = (uint16 *)(ROM_BASE + base - 6);
1542     *wp++ = htons(0x4df9); // lea xxx,a6
1543     *wp++ = htons((RAMBase + RAMSize - 0x1c) >> 16);
1544     *wp = htons((RAMBase + RAMSize - 0x1c) & 0xffff);
1545     }
1546    
1547     // Replace NVRAM routines
1548     static const uint8 nvram1_dat[] = {0x48, 0xe7, 0x01, 0x0e, 0x24, 0x68, 0x00, 0x08, 0x08, 0x83, 0x00, 0x1f};
1549     if ((base = find_rom_data(0x7000, 0xc000, nvram1_dat, sizeof(nvram1_dat))) == 0) return false;
1550     D(bug("nvram1 %08lx\n", base));
1551     wp = (uint16 *)(ROM_BASE + base);
1552     *wp++ = htons(M68K_EMUL_OP_XPRAM1);
1553     *wp = htons(M68K_RTS);
1554    
1555     if (ROMType == ROMTYPE_NEWWORLD) {
1556     static const uint8 nvram2_dat[] = {0x48, 0xe7, 0x1c, 0xe0, 0x4f, 0xef, 0xff, 0xb4};
1557     if ((base = find_rom_data(0xa000, 0xd000, nvram2_dat, sizeof(nvram2_dat))) == 0) return false;
1558     D(bug("nvram2 %08lx\n", base));
1559     wp = (uint16 *)(ROM_BASE + base);
1560     *wp++ = htons(M68K_EMUL_OP_XPRAM2);
1561     *wp = htons(0x4ed3); // jmp (a3)
1562    
1563     static const uint8 nvram3_dat[] = {0x48, 0xe7, 0xdc, 0xe0, 0x4f, 0xef, 0xff, 0xb4};
1564     if ((base = find_rom_data(0xa000, 0xd000, nvram3_dat, sizeof(nvram3_dat))) == 0) return false;
1565     D(bug("nvram3 %08lx\n", base));
1566     wp = (uint16 *)(ROM_BASE + base);
1567     *wp++ = htons(M68K_EMUL_OP_XPRAM3);
1568     *wp = htons(0x4ed3); // jmp (a3)
1569    
1570     static const uint8 nvram4_dat[] = {0x4e, 0x56, 0xff, 0xa8, 0x48, 0xe7, 0x1f, 0x38, 0x16, 0x2e, 0x00, 0x13};
1571     if ((base = find_rom_data(0xa000, 0xd000, nvram4_dat, sizeof(nvram4_dat))) == 0) return false;
1572     D(bug("nvram4 %08lx\n", base));
1573     wp = (uint16 *)(ROM_BASE + base + 16);
1574     *wp++ = htons(0x1a2e); // move.b ($000f,a6),d5
1575     *wp++ = htons(0x000f);
1576     *wp++ = htons(M68K_EMUL_OP_NVRAM3);
1577     *wp++ = htons(0x4cee); // movem.l ($ff88,a6),d3-d7/a2-a4
1578     *wp++ = htons(0x1cf8);
1579     *wp++ = htons(0xff88);
1580     *wp++ = htons(0x4e5e); // unlk a6
1581     *wp = htons(M68K_RTS);
1582    
1583     static const uint8 nvram5_dat[] = {0x0c, 0x80, 0x03, 0x00, 0x00, 0x00, 0x66, 0x0a, 0x70, 0x00, 0x21, 0xf8, 0x02, 0x0c, 0x01, 0xe4};
1584     if ((base = find_rom_data(0xa000, 0xd000, nvram5_dat, sizeof(nvram5_dat))) == 0) return false;
1585     D(bug("nvram5 %08lx\n", base));
1586     wp = (uint16 *)(ROM_BASE + base + 6);
1587     *wp = htons(M68K_NOP);
1588    
1589     static const uint8 nvram6_dat[] = {0x2f, 0x0a, 0x24, 0x48, 0x4f, 0xef, 0xff, 0xa0, 0x20, 0x0f};
1590     if ((base = find_rom_data(0x9000, 0xb000, nvram6_dat, sizeof(nvram6_dat))) == 0) return false;
1591     D(bug("nvram6 %08lx\n", base));
1592     wp = (uint16 *)(ROM_BASE + base);
1593     *wp++ = htons(0x7000); // moveq #0,d0
1594     *wp++ = htons(0x2080); // move.l d0,(a0)
1595     *wp++ = htons(0x4228); // clr.b 4(a0)
1596     *wp++ = htons(0x0004);
1597     *wp = htons(M68K_RTS);
1598    
1599     static const uint8 nvram7_dat[] = {0x42, 0x2a, 0x00, 0x04, 0x4f, 0xef, 0x00, 0x60, 0x24, 0x5f, 0x4e, 0x75, 0x4f, 0xef, 0xff, 0xa0, 0x20, 0x0f};
1600     base = find_rom_data(0x9000, 0xb000, nvram7_dat, sizeof(nvram7_dat));
1601     if (base) {
1602     D(bug("nvram7 %08lx\n", base));
1603     wp = (uint16 *)(ROM_BASE + base + 12);
1604     *wp = htons(M68K_RTS);
1605     }
1606     } else {
1607     static const uint8 nvram2_dat[] = {0x4e, 0xd6, 0x06, 0x41, 0x13, 0x00};
1608     if ((base = find_rom_data(0x7000, 0xb000, nvram2_dat, sizeof(nvram2_dat))) == 0) return false;
1609     D(bug("nvram2 %08lx\n", base));
1610     wp = (uint16 *)(ROM_BASE + base + 2);
1611     *wp++ = htons(M68K_EMUL_OP_XPRAM2);
1612     *wp = htons(0x4ed3); // jmp (a3)
1613    
1614 gbeauche 1.11 static const uint8 nvram3_dat[] = {0x4e, 0xd3, 0x06, 0x41, 0x13, 0x00};
1615     if ((base = find_rom_data(0x7000, 0xb000, nvram3_dat, sizeof(nvram3_dat))) == 0) return false;
1616     D(bug("nvram3 %08lx\n", base));
1617     wp = (uint16 *)(ROM_BASE + base + 2);
1618     *wp++ = htons(M68K_EMUL_OP_XPRAM3);
1619     *wp = htons(0x4ed3); // jmp (a3)
1620    
1621     static const uint32 nvram4_loc[] = {0x582f0, 0xa0a0, 0x7e50, 0xa1d0, 0x538d0, 0};
1622     wp = (uint16 *)(ROM_BASE + nvram4_loc[ROMType]);
1623 cebix 1.1 *wp++ = htons(0x202f); // move.l 4(sp),d0
1624     *wp++ = htons(0x0004);
1625     *wp++ = htons(M68K_EMUL_OP_NVRAM1);
1626     if (ROMType == ROMTYPE_ZANZIBAR || ROMType == ROMTYPE_GAZELLE)
1627     *wp = htons(M68K_RTS);
1628     else {
1629     *wp++ = htons(0x1f40); // move.b d0,8(sp)
1630     *wp++ = htons(0x0008);
1631     *wp++ = htons(0x4e74); // rtd #4
1632     *wp = htons(0x0004);
1633     }
1634    
1635 gbeauche 1.11 static const uint32 nvram5_loc[] = {0x58460, 0xa0f0, 0x7f40, 0xa220, 0x53a20, 0};
1636     wp = (uint16 *)(ROM_BASE + nvram5_loc[ROMType]);
1637 cebix 1.1 if (ROMType == ROMTYPE_ZANZIBAR || ROMType == ROMTYPE_GAZELLE) {
1638     *wp++ = htons(0x202f); // move.l 4(sp),d0
1639     *wp++ = htons(0x0004);
1640     *wp++ = htons(0x122f); // move.b 11(sp),d1
1641     *wp++ = htons(0x000b);
1642     *wp++ = htons(M68K_EMUL_OP_NVRAM2);
1643     *wp = htons(M68K_RTS);
1644     } else {
1645     *wp++ = htons(0x202f); // move.l 6(sp),d0
1646     *wp++ = htons(0x0006);
1647     *wp++ = htons(0x122f); // move.b 4(sp),d1
1648     *wp++ = htons(0x0004);
1649     *wp++ = htons(M68K_EMUL_OP_NVRAM2);
1650     *wp++ = htons(0x4e74); // rtd #6
1651     *wp = htons(0x0006);
1652     }
1653     }
1654    
1655     // Fix MemTop/BootGlobs during system startup
1656     static const uint8 mem_top_dat[] = {0x2c, 0x6c, 0xff, 0xec, 0x2a, 0x4c, 0xdb, 0xec, 0xff, 0xf4};
1657     if ((base = find_rom_data(0x120, 0x180, mem_top_dat, sizeof(mem_top_dat))) == 0) return false;
1658     D(bug("mem_top %08lx\n", base));
1659     wp = (uint16 *)(ROM_BASE + base);
1660     *wp++ = htons(M68K_EMUL_OP_FIX_MEMTOP);
1661     *wp = htons(M68K_NOP);
1662    
1663     // Don't initialize SCC (via 0x1ac)
1664 gbeauche 1.20 static const uint8 scc_init_caller_dat[] = {0x21, 0xce, 0x01, 0x08, 0x22, 0x78, 0x0d, 0xd8};
1665     if ((base = find_rom_data(0x180, 0x1f0, scc_init_caller_dat, sizeof(scc_init_caller_dat))) == 0) return false;
1666     D(bug("scc_init_caller %08lx\n", base + 12));
1667     wp = (uint16 *)(ROM_BASE + base + 12);
1668     loc = ntohs(wp[1]) + ((uintptr)wp - ROM_BASE) + 2;
1669 gbeauche 1.21 static const uint8 scc_init_dat[] = {0x20, 0x78, 0x01, 0xdc, 0x22, 0x78, 0x01, 0xd8};
1670 gbeauche 1.22 if ((base = find_rom_data(loc, loc + 0x80, scc_init_dat, sizeof(scc_init_dat))) == 0) return false;
1671 cebix 1.1 D(bug("scc_init %08lx\n", base));
1672 gbeauche 1.20 wp = (uint16 *)(ROM_BASE + base);
1673 cebix 1.1 *wp++ = htons(M68K_EMUL_OP_RESET);
1674     *wp = htons(M68K_RTS);
1675    
1676     // Don't EnableExtCache (via 0x1f6) and don't DisableIntSources(via 0x1fc)
1677     static const uint8 ext_cache_dat[] = {0x4e, 0x7b, 0x00, 0x02};
1678     if ((base = find_rom_data(0x1d0, 0x230, ext_cache_dat, sizeof(ext_cache_dat))) == 0) return false;
1679     D(bug("ext_cache %08lx\n", base));
1680     lp = (uint32 *)(ROM_BASE + base + 6);
1681     wp = (uint16 *)(ROM_BASE + ntohl(*lp) + base + 6);
1682     *wp = htons(M68K_RTS);
1683     lp = (uint32 *)(ROM_BASE + base + 12);
1684     wp = (uint16 *)(ROM_BASE + ntohl(*lp) + base + 12);
1685     *wp = htons(M68K_RTS);
1686    
1687     // Fake CPU speed test (SetupTimeK)
1688     static const uint8 timek_dat[] = {0x0c, 0x38, 0x00, 0x04, 0x01, 0x2f, 0x6d, 0x3c};
1689     if ((base = find_rom_data(0x400, 0x500, timek_dat, sizeof(timek_dat))) == 0) return false;
1690     D(bug("timek %08lx\n", base));
1691     wp = (uint16 *)(ROM_BASE + base);
1692     *wp++ = htons(0x31fc); // move.w #xxx,TimeDBRA
1693     *wp++ = htons(100);
1694     *wp++ = htons(0x0d00);
1695     *wp++ = htons(0x31fc); // move.w #xxx,TimeSCCDBRA
1696     *wp++ = htons(100);
1697     *wp++ = htons(0x0d02);
1698     *wp++ = htons(0x31fc); // move.w #xxx,TimeSCSIDBRA
1699     *wp++ = htons(100);
1700     *wp++ = htons(0x0b24);
1701     *wp++ = htons(0x31fc); // move.w #xxx,TimeRAMDBRA
1702     *wp++ = htons(100);
1703     *wp++ = htons(0x0cea);
1704     *wp = htons(M68K_RTS);
1705    
1706     // Relocate jump tables ($2000..)
1707     static const uint8 jump_tab_dat[] = {0x41, 0xfa, 0x00, 0x0e, 0x21, 0xc8, 0x20, 0x10, 0x4e, 0x75};
1708     if ((base = find_rom_data(0x3000, 0x6000, jump_tab_dat, sizeof(jump_tab_dat))) == 0) return false;
1709     D(bug("jump_tab %08lx\n", base));
1710     lp = (uint32 *)(ROM_BASE + base + 16);
1711     for (;;) {
1712     D(bug(" %08lx\n", (uint32)lp - ROM_BASE));
1713     while ((ntohl(*lp) & 0xff000000) == 0xff000000) {
1714     *lp = htonl((ntohl(*lp) & (ROM_SIZE-1)) + ROM_BASE);
1715     lp++;
1716     }
1717     while (!ntohl(*lp)) lp++;
1718     if (ntohl(*lp) != 0x41fa000e)
1719     break;
1720     lp += 4;
1721     }
1722    
1723     // Create SysZone at start of Mac RAM (SetSysAppZone, via 0x22a)
1724     static const uint8 sys_zone_dat[] = {0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x40, 0x00};
1725     if ((base = find_rom_data(0x600, 0x900, sys_zone_dat, sizeof(sys_zone_dat))) == 0) return false;
1726     D(bug("sys_zone %08lx\n", base));
1727     lp = (uint32 *)(ROM_BASE + base);
1728     *lp++ = htonl(RAMBase ? RAMBase : 0x3000);
1729     *lp = htonl(RAMBase ? RAMBase + 0x1800 : 0x4800);
1730    
1731     // Set boot stack at RAMBase+4MB and fix logical/physical RAM size (CompBootStack)
1732     // The RAM size fix must be done after InitMemMgr!
1733     static const uint8 boot_stack_dat[] = {0x08, 0x38, 0x00, 0x06, 0x24, 0x0b};
1734     if ((base = find_rom_data(0x580, 0x800, boot_stack_dat, sizeof(boot_stack_dat))) == 0) return false;
1735     D(bug("boot_stack %08lx\n", base));
1736     wp = (uint16 *)(ROM_BASE + base);
1737     *wp++ = htons(0x207c); // move.l #RAMBase+0x3ffffe,a0
1738     *wp++ = htons((RAMBase + 0x3ffffe) >> 16);
1739     *wp++ = htons((RAMBase + 0x3ffffe) & 0xffff);
1740     *wp++ = htons(M68K_EMUL_OP_FIX_MEMSIZE);
1741     *wp = htons(M68K_RTS);
1742    
1743     // Get PowerPC page size (InitVMemMgr, via 0x240)
1744     static const uint8 page_size_dat[] = {0x20, 0x30, 0x81, 0xf2, 0x5f, 0xff, 0xef, 0xd8, 0x00, 0x10};
1745     if ((base = find_rom_data(0xb000, 0x12000, page_size_dat, sizeof(page_size_dat))) == 0) return false;
1746     D(bug("page_size %08lx\n", base));
1747     wp = (uint16 *)(ROM_BASE + base);
1748     *wp++ = htons(0x203c); // move.l #$1000,d0
1749     *wp++ = htons(0);
1750     *wp++ = htons(0x1000);
1751     *wp++ = htons(M68K_NOP);
1752     *wp = htons(M68K_NOP);
1753    
1754 gbeauche 1.34 // Gestalt PowerPC page size, CPU type, RAM size (InitGestalt, via 0x25c)
1755 cebix 1.1 static const uint8 page_size2_dat[] = {0x26, 0x79, 0x5f, 0xff, 0xef, 0xd8, 0x25, 0x6b, 0x00, 0x10, 0x00, 0x1e};
1756     if ((base = find_rom_data(0x50000, 0x70000, page_size2_dat, sizeof(page_size2_dat))) == 0) return false;
1757     D(bug("page_size2 %08lx\n", base));
1758     wp = (uint16 *)(ROM_BASE + base);
1759     *wp++ = htons(0x257c); // move.l #$1000,$1e(a2)
1760     *wp++ = htons(0);
1761     *wp++ = htons(0x1000);
1762     *wp++ = htons(0x001e);
1763     *wp++ = htons(0x157c); // move.b #PVR,$1d(a2)
1764 gbeauche 1.34 uint32 cput = (PVR >> 16);
1765     if (cput == 0x7000)
1766     cput |= 0x20;
1767     else if (cput >= 0x8000 && cput <= 0x8002)
1768     cput |= 0x10;
1769     cput &= 0xff;
1770     *wp++ = htons(cput);
1771 cebix 1.1 *wp++ = htons(0x001d);
1772     *wp++ = htons(0x263c); // move.l #RAMSize,d3
1773     *wp++ = htons(RAMSize >> 16);
1774     *wp++ = htons(RAMSize & 0xffff);
1775     *wp++ = htons(M68K_NOP);
1776     *wp++ = htons(M68K_NOP);
1777     *wp = htons(M68K_NOP);
1778     if (ROMType == ROMTYPE_NEWWORLD)
1779     wp = (uint16 *)(ROM_BASE + base + 0x4a);
1780     else
1781     wp = (uint16 *)(ROM_BASE + base + 0x28);
1782     *wp++ = htons(M68K_NOP);
1783     *wp = htons(M68K_NOP);
1784    
1785     // Gestalt CPU/bus clock speed (InitGestalt, via 0x25c)
1786     if (ROMType == ROMTYPE_ZANZIBAR) {
1787     wp = (uint16 *)(ROM_BASE + 0x5d87a);
1788     *wp++ = htons(0x203c); // move.l #Hz,d0
1789     *wp++ = htons(BusClockSpeed >> 16);
1790     *wp++ = htons(BusClockSpeed & 0xffff);
1791     *wp++ = htons(M68K_NOP);
1792     *wp = htons(M68K_NOP);
1793     wp = (uint16 *)(ROM_BASE + 0x5d888);
1794     *wp++ = htons(0x203c); // move.l #Hz,d0
1795     *wp++ = htons(CPUClockSpeed >> 16);
1796     *wp++ = htons(CPUClockSpeed & 0xffff);
1797     *wp++ = htons(M68K_NOP);
1798     *wp = htons(M68K_NOP);
1799     }
1800    
1801     // Don't write to GC interrupt mask register (via 0x262)
1802     if (ROMType != ROMTYPE_NEWWORLD) {
1803     static const uint8 gc_mask_dat[] = {0x83, 0xa8, 0x00, 0x24, 0x4e, 0x71};
1804     if ((base = find_rom_data(0x13000, 0x20000, gc_mask_dat, sizeof(gc_mask_dat))) == 0) return false;
1805     D(bug("gc_mask %08lx\n", base));
1806     wp = (uint16 *)(ROM_BASE + base);
1807     *wp++ = htons(M68K_NOP);
1808     *wp = htons(M68K_NOP);
1809     wp = (uint16 *)(ROM_BASE + base + 0x40);
1810     *wp++ = htons(M68K_NOP);
1811     *wp = htons(M68K_NOP);
1812     wp = (uint16 *)(ROM_BASE + base + 0x78);
1813     *wp++ = htons(M68K_NOP);
1814     *wp = htons(M68K_NOP);
1815     wp = (uint16 *)(ROM_BASE + base + 0x96);
1816     *wp++ = htons(M68K_NOP);
1817     *wp = htons(M68K_NOP);
1818    
1819     static const uint8 gc_mask2_dat[] = {0x02, 0xa8, 0x00, 0x00, 0x00, 0x80, 0x00, 0x24};
1820     if ((base = find_rom_data(0x13000, 0x20000, gc_mask2_dat, sizeof(gc_mask2_dat))) == 0) return false;
1821     D(bug("gc_mask2 %08lx\n", base));
1822     wp = (uint16 *)(ROM_BASE + base);
1823 gbeauche 1.11 if (ROMType == ROMTYPE_GOSSAMER)
1824     *wp++ = htons(M68K_NOP);
1825 cebix 1.1 for (int i=0; i<5; i++) {
1826     *wp++ = htons(M68K_NOP);
1827     *wp++ = htons(M68K_NOP);
1828     *wp++ = htons(M68K_NOP);
1829     *wp++ = htons(M68K_NOP);
1830     wp += 2;
1831     }
1832 gbeauche 1.11 if (ROMType == ROMTYPE_ZANZIBAR || ROMType == ROMTYPE_GOSSAMER) {
1833 cebix 1.1 for (int i=0; i<6; i++) {
1834     *wp++ = htons(M68K_NOP);
1835     *wp++ = htons(M68K_NOP);
1836     *wp++ = htons(M68K_NOP);
1837     *wp++ = htons(M68K_NOP);
1838     wp += 2;
1839     }
1840     }
1841     }
1842    
1843     // Don't initialize Cuda (via 0x274)
1844     static const uint8 cuda_init_dat[] = {0x08, 0xa9, 0x00, 0x04, 0x16, 0x00, 0x4e, 0x71, 0x13, 0x7c, 0x00, 0x84, 0x1c, 0x00, 0x4e, 0x71};
1845     if ((base = find_rom_data(0xa000, 0x12000, cuda_init_dat, sizeof(cuda_init_dat))) == 0) return false;
1846     D(bug("cuda_init %08lx\n", base));
1847     wp = (uint16 *)(ROM_BASE + base);
1848     *wp++ = htons(M68K_NOP);
1849     *wp++ = htons(M68K_NOP);
1850     *wp++ = htons(M68K_NOP);
1851     *wp++ = htons(M68K_NOP);
1852     *wp++ = htons(M68K_NOP);
1853     *wp++ = htons(M68K_NOP);
1854     *wp = htons(M68K_NOP);
1855    
1856     // Patch GetCPUSpeed (via 0x27a) (some ROMs have two of them)
1857     static const uint8 cpu_speed_dat[] = {0x20, 0x30, 0x81, 0xf2, 0x5f, 0xff, 0xef, 0xd8, 0x00, 0x04, 0x4c, 0x7c};
1858 gbeauche 1.4 if ((base = find_rom_data(0x6000, 0xa000, cpu_speed_dat, sizeof(cpu_speed_dat))) == 0) return false;
1859 cebix 1.1 D(bug("cpu_speed %08lx\n", base));
1860     wp = (uint16 *)(ROM_BASE + base);
1861     *wp++ = htons(0x203c); // move.l #(MHz<<16)|MHz,d0
1862     *wp++ = htons(CPUClockSpeed / 1000000);
1863     *wp++ = htons(CPUClockSpeed / 1000000);
1864     *wp = htons(M68K_RTS);
1865 gbeauche 1.4 if ((base = find_rom_data(base, 0xa000, cpu_speed_dat, sizeof(cpu_speed_dat))) != 0) {
1866 cebix 1.1 D(bug("cpu_speed2 %08lx\n", base));
1867     wp = (uint16 *)(ROM_BASE + base);
1868     *wp++ = htons(0x203c); // move.l #(MHz<<16)|MHz,d0
1869     *wp++ = htons(CPUClockSpeed / 1000000);
1870     *wp++ = htons(CPUClockSpeed / 1000000);
1871     *wp = htons(M68K_RTS);
1872     }
1873    
1874     // Don't poke VIA in InitTimeMgr (via 0x298)
1875     static const uint8 time_via_dat[] = {0x40, 0xe7, 0x00, 0x7c, 0x07, 0x00, 0x28, 0x78, 0x01, 0xd4, 0x43, 0xec, 0x10, 0x00};
1876     if ((base = find_rom_data(0x30000, 0x40000, time_via_dat, sizeof(time_via_dat))) == 0) return false;
1877     D(bug("time_via %08lx\n", base));
1878     wp = (uint16 *)(ROM_BASE + base);
1879     *wp++ = htons(0x4cdf); // movem.l (sp)+,d0-d5/a0-a4
1880     *wp++ = htons(0x1f3f);
1881     *wp = htons(M68K_RTS);
1882    
1883     // Don't read from 0xff800000 (Name Registry, Open Firmware?) (via 0x2a2)
1884     // Remove this if FE03 works!!
1885     static const uint8 open_firmware_dat[] = {0x2f, 0x79, 0xff, 0x80, 0x00, 0x00, 0x00, 0xfc};
1886     if ((base = find_rom_data(0x48000, 0x58000, open_firmware_dat, sizeof(open_firmware_dat))) == 0) return false;
1887     D(bug("open_firmware %08lx\n", base));
1888     wp = (uint16 *)(ROM_BASE + base);
1889     *wp++ = htons(0x2f7c); // move.l #deadbeef,0xfc(a7)
1890     *wp++ = htons(0xdead);
1891     *wp++ = htons(0xbeef);
1892     *wp = htons(0x00fc);
1893     wp = (uint16 *)(ROM_BASE + base + 0x1a);
1894     *wp++ = htons(M68K_NOP); // (FE03 opcode, tries to jump to 0xdeadbeef)
1895     *wp = htons(M68K_NOP);
1896    
1897     // Don't EnableExtCache (via 0x2b2)
1898     static const uint8 ext_cache2_dat[] = {0x4f, 0xef, 0xff, 0xec, 0x20, 0x4f, 0x10, 0xbc, 0x00, 0x01, 0x11, 0x7c, 0x00, 0x1b};
1899     if ((base = find_rom_data(0x13000, 0x20000, ext_cache2_dat, sizeof(ext_cache2_dat))) == 0) return false;
1900     D(bug("ext_cache2 %08lx\n", base));
1901     wp = (uint16 *)(ROM_BASE + base);
1902     *wp = htons(M68K_RTS);
1903    
1904     // Don't install Time Manager task for 60Hz interrupt (Enable60HzInts, via 0x2b8)
1905 gbeauche 1.13 if (ROMType == ROMTYPE_NEWWORLD || ROMType == ROMTYPE_GOSSAMER) {
1906 cebix 1.1 static const uint8 tm_task_dat[] = {0x30, 0x3c, 0x4e, 0x2b, 0xa9, 0xc9};
1907 gbeauche 1.13 if ((base = find_rom_data(0x2a0, 0x320, tm_task_dat, sizeof(tm_task_dat))) == 0) return false;
1908 cebix 1.1 D(bug("tm_task %08lx\n", base));
1909 gbeauche 1.13 wp = (uint16 *)(ROM_BASE + base + 28);
1910 cebix 1.1 *wp++ = htons(M68K_NOP);
1911     *wp++ = htons(M68K_NOP);
1912     *wp++ = htons(M68K_NOP);
1913     *wp++ = htons(M68K_NOP);
1914     *wp++ = htons(M68K_NOP);
1915     *wp = htons(M68K_NOP);
1916     } else {
1917     static const uint8 tm_task_dat[] = {0x20, 0x3c, 0x73, 0x79, 0x73, 0x61};
1918     if ((base = find_rom_data(0x280, 0x300, tm_task_dat, sizeof(tm_task_dat))) == 0) return false;
1919     D(bug("tm_task %08lx\n", base));
1920     wp = (uint16 *)(ROM_BASE + base - 6);
1921     *wp++ = htons(M68K_NOP);
1922     *wp++ = htons(M68K_NOP);
1923     *wp = htons(M68K_NOP);
1924     }
1925    
1926     // Don't read PVR from 0x5fffef80 in DriverServicesLib (via 0x316)
1927 gbeauche 1.11 if (ROMType != ROMTYPE_NEWWORLD && ROMType != ROMTYPE_GOSSAMER) {
1928 cebix 1.1 uint32 dsl_offset = find_rom_resource(FOURCC('n','l','i','b'), -16401);
1929     if (ROMType == ROMTYPE_ZANZIBAR) {
1930     static const uint8 dsl_pvr_dat[] = {0x40, 0x82, 0x00, 0x40, 0x38, 0x60, 0xef, 0x80, 0x3c, 0x63, 0x60, 0x00, 0x80, 0x83, 0x00, 0x00, 0x54, 0x84, 0x84, 0x3e};
1931     if ((base = find_rom_data(dsl_offset, dsl_offset + 0x6000, dsl_pvr_dat, sizeof(dsl_pvr_dat))) == 0) return false;
1932     } else {
1933     static const uint8 dsl_pvr_dat[] = {0x3b, 0xc3, 0x00, 0x00, 0x30, 0x84, 0xff, 0xa0, 0x40, 0x82, 0x00, 0x44, 0x80, 0x84, 0xef, 0xe0, 0x54, 0x84, 0x84, 0x3e};
1934     if ((base = find_rom_data(dsl_offset, dsl_offset + 0x6000, dsl_pvr_dat, sizeof(dsl_pvr_dat))) == 0) return false;
1935     }
1936     D(bug("dsl_pvr %08lx\n", base));
1937     lp = (uint32 *)(ROM_BASE + base + 12);
1938     *lp = htonl(0x3c800000 | (PVR >> 16)); // lis r4,PVR
1939    
1940     // Don't read bus clock from 0x5fffef88 in DriverServicesLib (via 0x316)
1941     if (ROMType == ROMTYPE_ZANZIBAR) {
1942     static const uint8 dsl_bus_dat[] = {0x81, 0x07, 0x00, 0x00, 0x39, 0x20, 0x42, 0x40, 0x81, 0x62, 0xff, 0x20};
1943     if ((base = find_rom_data(dsl_offset, dsl_offset + 0x6000, dsl_bus_dat, sizeof(dsl_bus_dat))) == 0) return false;
1944     D(bug("dsl_bus %08lx\n", base));
1945     lp = (uint32 *)(ROM_BASE + base);
1946     *lp = htonl(0x81000000 + XLM_BUS_CLOCK); // lwz r8,(bus clock speed)
1947     } else {
1948     static const uint8 dsl_bus_dat[] = {0x80, 0x83, 0xef, 0xe8, 0x80, 0x62, 0x00, 0x10, 0x7c, 0x04, 0x03, 0x96};
1949     if ((base = find_rom_data(dsl_offset, dsl_offset + 0x6000, dsl_bus_dat, sizeof(dsl_bus_dat))) == 0) return false;
1950     D(bug("dsl_bus %08lx\n", base));
1951     lp = (uint32 *)(ROM_BASE + base);
1952     *lp = htonl(0x80800000 + XLM_BUS_CLOCK); // lwz r4,(bus clock speed)
1953     }
1954     }
1955    
1956     // Don't open InterruptTreeTNT in MotherBoardHAL init in DriverServicesLib init
1957     if (ROMType == ROMTYPE_ZANZIBAR) {
1958     lp = (uint32 *)(ROM_BASE + find_rom_resource(FOURCC('n','l','i','b'), -16408) + 0x16c);
1959     *lp = htonl(0x38600000); // li r3,0
1960     }
1961    
1962 gbeauche 1.19 // FIXME: Fake reading from [HpChk]+4 (the callchain reports some function from DriverServicesLib)
1963     if (1) {
1964     uint32 hpchk_offset = find_rom_resource(FOURCC('n','l','i','b'), 10);
1965     static const uint8 hpchk_dat[] = {0x80, 0x80, 0x03, 0x16, 0x94, 0x21, 0xff, 0xb0, 0x83, 0xc4, 0x00, 0x04};
1966     if ((base = find_rom_data(hpchk_offset, hpchk_offset + 0x3000, hpchk_dat, sizeof(hpchk_dat))) == 0) return false;
1967     D(bug("hpchk %08lx\n", base));
1968     lp = (uint32 *)(ROM_BASE + base);
1969     *lp = htonl(0x80800000 + XLM_ZERO_PAGE); // lwz r4,(zero page)
1970     }
1971    
1972 cebix 1.1 // Patch Name Registry
1973     static const uint8 name_reg_dat[] = {0x70, 0xff, 0xab, 0xeb};
1974     if ((base = find_rom_data(0x300, 0x380, name_reg_dat, sizeof(name_reg_dat))) == 0) return false;
1975     D(bug("name_reg %08lx\n", base));
1976     wp = (uint16 *)(ROM_BASE + base);
1977     *wp = htons(M68K_EMUL_OP_NAME_REGISTRY);
1978    
1979     #if DISABLE_SCSI
1980     // Fake SCSI Manager
1981     // Remove this if SCSI Manager works!!
1982     static const uint8 scsi_mgr_a_dat[] = {0x4e, 0x56, 0x00, 0x00, 0x20, 0x3c, 0x00, 0x00, 0x04, 0x0c, 0xa7, 0x1e};
1983     static const uint8 scsi_mgr_b_dat[] = {0x4e, 0x56, 0x00, 0x00, 0x2f, 0x0c, 0x20, 0x3c, 0x00, 0x00, 0x04, 0x0c, 0xa7, 0x1e};
1984     if ((base = find_rom_data(0x1c000, 0x28000, scsi_mgr_a_dat, sizeof(scsi_mgr_a_dat))) == 0) {
1985     if ((base = find_rom_data(0x1c000, 0x28000, scsi_mgr_b_dat, sizeof(scsi_mgr_b_dat))) == 0) return false;
1986     }
1987     D(bug("scsi_mgr %08lx\n", base));
1988     wp = (uint16 *)(ROM_BASE + base);
1989     *wp++ = htons(0x21fc); // move.l #xxx,0x624 (SCSIAtomic)
1990     *wp++ = htons((ROM_BASE + base + 18) >> 16);
1991     *wp++ = htons((ROM_BASE + base + 18) & 0xffff);
1992     *wp++ = htons(0x0624);
1993     *wp++ = htons(0x21fc); // move.l #xxx,0xe54 (SCSIDispatch)
1994     *wp++ = htons((ROM_BASE + base + 22) >> 16);
1995     *wp++ = htons((ROM_BASE + base + 22) & 0xffff);
1996     *wp++ = htons(0x0e54);
1997     *wp++ = htons(M68K_RTS);
1998     *wp++ = htons(M68K_EMUL_OP_SCSI_ATOMIC);
1999     *wp++ = htons(M68K_RTS);
2000     *wp++ = htons(M68K_EMUL_OP_SCSI_DISPATCH);
2001     *wp = htons(0x4ed0); // jmp (a0)
2002     wp = (uint16 *)(ROM_BASE + base + 0x20);
2003     *wp++ = htons(0x7000); // moveq #0,d0
2004     *wp = htons(M68K_RTS);
2005     #endif
2006    
2007     #if DISABLE_SCSI
2008     // Don't access SCSI variables
2009     // Remove this if SCSI Manager works!!
2010     if (ROMType == ROMTYPE_NEWWORLD) {
2011     static const uint8 scsi_var_dat[] = {0x70, 0x01, 0xa0, 0x89, 0x4a, 0x6e, 0xfe, 0xac, 0x4f, 0xef, 0x00, 0x10, 0x66, 0x00};
2012     if ((base = find_rom_data(0x1f500, 0x1f600, scsi_var_dat, sizeof(scsi_var_dat))) != 0) {
2013     D(bug("scsi_var %08lx\n", base));
2014     wp = (uint16 *)(ROM_BASE + base + 12);
2015     *wp = htons(0x6000); // bra
2016     }
2017    
2018     static const uint8 scsi_var2_dat[] = {0x4e, 0x56, 0xfc, 0x58, 0x48, 0xe7, 0x1f, 0x38};
2019     if ((base = find_rom_data(0x1f700, 0x1f800, scsi_var2_dat, sizeof(scsi_var2_dat))) != 0) {
2020     D(bug("scsi_var2 %08lx\n", base));
2021     wp = (uint16 *)(ROM_BASE + base);
2022     *wp++ = htons(0x7000); // moveq #0,d0
2023 gbeauche 1.11 *wp = htons(M68K_RTS);
2024     }
2025     }
2026     else if (ROMType == ROMTYPE_GOSSAMER) {
2027     static const uint8 scsi_var_dat[] = {0x70, 0x01, 0xa0, 0x89, 0x4a, 0x6e, 0xfe, 0xac, 0x4f, 0xef, 0x00, 0x10, 0x66, 0x00};
2028     if ((base = find_rom_data(0x1d700, 0x1d800, scsi_var_dat, sizeof(scsi_var_dat))) != 0) {
2029     D(bug("scsi_var %08lx\n", base));
2030     wp = (uint16 *)(ROM_BASE + base + 12);
2031     *wp = htons(0x6000); // bra
2032     }
2033    
2034     static const uint8 scsi_var2_dat[] = {0x4e, 0x56, 0xfc, 0x5a, 0x48, 0xe7, 0x1f, 0x38};
2035     if ((base = find_rom_data(0x1d900, 0x1da00, scsi_var2_dat, sizeof(scsi_var2_dat))) != 0) {
2036     D(bug("scsi_var2 %08lx\n", base));
2037     wp = (uint16 *)(ROM_BASE + base);
2038     *wp++ = htons(0x7000); // moveq #0,d0
2039     *wp = htons(M68K_RTS);
2040 cebix 1.1 }
2041     }
2042     #endif
2043    
2044     // Don't wait in ADBInit (via 0x36c)
2045     static const uint8 adb_init_dat[] = {0x08, 0x2b, 0x00, 0x05, 0x01, 0x5d, 0x66, 0xf8};
2046     if ((base = find_rom_data(0x31000, 0x3d000, adb_init_dat, sizeof(adb_init_dat))) == 0) return false;
2047     D(bug("adb_init %08lx\n", base));
2048     wp = (uint16 *)(ROM_BASE + base + 6);
2049     *wp = htons(M68K_NOP);
2050    
2051     // Modify check in InitResources() so that addresses >0x80000000 work
2052     static const uint8 init_res_dat[] = {0x4a, 0xb8, 0x0a, 0x50, 0x6e, 0x20};
2053     if ((base = find_rom_data(0x78000, 0x8c000, init_res_dat, sizeof(init_res_dat))) == 0) return false;
2054     D(bug("init_res %08lx\n", base));
2055     bp = (uint8 *)(ROM_BASE + base + 4);
2056     *bp = 0x66;
2057    
2058     // Modify vCheckLoad() so that we can patch resources (68k Resource Manager)
2059     static const uint8 check_load_dat[] = {0x20, 0x78, 0x07, 0xf0, 0x4e, 0xd0};
2060     if ((base = find_rom_data(0x78000, 0x8c000, check_load_dat, sizeof(check_load_dat))) == 0) return false;
2061     D(bug("check_load %08lx\n", base));
2062     wp = (uint16 *)(ROM_BASE + base);
2063     *wp++ = htons(M68K_JMP);
2064     *wp++ = htons((ROM_BASE + CHECK_LOAD_PATCH_SPACE) >> 16);
2065     *wp = htons((ROM_BASE + CHECK_LOAD_PATCH_SPACE) & 0xffff);
2066     wp = (uint16 *)(ROM_BASE + CHECK_LOAD_PATCH_SPACE);
2067     *wp++ = htons(0x2f03); // move.l d3,-(a7)
2068     *wp++ = htons(0x2078); // move.l $07f0,a0
2069     *wp++ = htons(0x07f0);
2070     *wp++ = htons(M68K_JSR_A0);
2071     *wp++ = htons(M68K_EMUL_OP_CHECKLOAD);
2072     *wp = htons(M68K_RTS);
2073    
2074     // Replace .Sony driver
2075     sony_offset = find_rom_resource(FOURCC('D','R','V','R'), 4);
2076     if (ROMType == ROMTYPE_ZANZIBAR || ROMType == ROMTYPE_NEWWORLD)
2077     sony_offset = find_rom_resource(FOURCC('D','R','V','R'), 4, true); // First DRVR 4 is .MFMFloppy
2078     if (sony_offset == 0) {
2079     sony_offset = find_rom_resource(FOURCC('n','d','r','v'), -20196); // NewWorld 1.6 has "PCFloppy" ndrv
2080     if (sony_offset == 0)
2081     return false;
2082     lp = (uint32 *)(ROM_BASE + rsrc_ptr + 8);
2083     *lp = htonl(FOURCC('D','R','V','R'));
2084     wp = (uint16 *)(ROM_BASE + rsrc_ptr + 12);
2085     *wp = htons(4);
2086     }
2087     D(bug("sony_offset %08lx\n", sony_offset));
2088     memcpy((void *)(ROM_BASE + sony_offset), sony_driver, sizeof(sony_driver));
2089    
2090     // Install .Disk and .AppleCD drivers
2091     memcpy((void *)(ROM_BASE + sony_offset + 0x100), disk_driver, sizeof(disk_driver));
2092     memcpy((void *)(ROM_BASE + sony_offset + 0x200), cdrom_driver, sizeof(cdrom_driver));
2093    
2094     // Install serial drivers
2095 gbeauche 1.18 gen_ain_driver( ROM_BASE + sony_offset + 0x300);
2096     gen_aout_driver(ROM_BASE + sony_offset + 0x400);
2097     gen_bin_driver( ROM_BASE + sony_offset + 0x500);
2098     gen_bout_driver(ROM_BASE + sony_offset + 0x600);
2099 cebix 1.1
2100     // Copy icons to ROM
2101     SonyDiskIconAddr = ROM_BASE + sony_offset + 0x800;
2102     memcpy((void *)(ROM_BASE + sony_offset + 0x800), SonyDiskIcon, sizeof(SonyDiskIcon));
2103     SonyDriveIconAddr = ROM_BASE + sony_offset + 0xa00;
2104     memcpy((void *)(ROM_BASE + sony_offset + 0xa00), SonyDriveIcon, sizeof(SonyDriveIcon));
2105     DiskIconAddr = ROM_BASE + sony_offset + 0xc00;
2106     memcpy((void *)(ROM_BASE + sony_offset + 0xc00), DiskIcon, sizeof(DiskIcon));
2107     CDROMIconAddr = ROM_BASE + sony_offset + 0xe00;
2108     memcpy((void *)(ROM_BASE + sony_offset + 0xe00), CDROMIcon, sizeof(CDROMIcon));
2109    
2110     // Patch driver install routine
2111     static const uint8 drvr_install_dat[] = {0xa7, 0x1e, 0x21, 0xc8, 0x01, 0x1c, 0x4e, 0x75};
2112     if ((base = find_rom_data(0xb00, 0xd00, drvr_install_dat, sizeof(drvr_install_dat))) == 0) return false;
2113     D(bug("drvr_install %08lx\n", base));
2114     wp = (uint16 *)(ROM_BASE + base + 8);
2115     *wp++ = htons(M68K_EMUL_OP_INSTALL_DRIVERS);
2116     *wp = htons(M68K_RTS);
2117    
2118     // Don't install serial drivers from ROM
2119 gbeauche 1.11 if (ROMType == ROMTYPE_ZANZIBAR || ROMType == ROMTYPE_NEWWORLD || ROMType == ROMTYPE_GOSSAMER) {
2120 cebix 1.1 wp = (uint16 *)(ROM_BASE + find_rom_resource(FOURCC('S','E','R','D'), 0));
2121     *wp = htons(M68K_RTS);
2122     } else {
2123     wp = (uint16 *)(ROM_BASE + find_rom_resource(FOURCC('s','l','0','5'), 2) + 0xc4);
2124     *wp++ = htons(M68K_NOP);
2125     *wp++ = htons(M68K_NOP);
2126     *wp++ = htons(M68K_NOP);
2127     *wp++ = htons(M68K_NOP);
2128     *wp = htons(0x7000); // moveq #0,d0
2129     wp = (uint16 *)(ROM_BASE + find_rom_resource(FOURCC('s','l','0','5'), 2) + 0x8ee);
2130     *wp = htons(M68K_NOP);
2131     }
2132     uint32 nsrd_offset = find_rom_resource(FOURCC('n','s','r','d'), 1);
2133     if (nsrd_offset) {
2134     lp = (uint32 *)(ROM_BASE + rsrc_ptr + 8);
2135     *lp = htonl(FOURCC('x','s','r','d'));
2136     }
2137    
2138     // Replace ADBOp()
2139     memcpy((void *)(ROM_BASE + find_rom_trap(0xa07c)), adbop_patch, sizeof(adbop_patch));
2140    
2141     // Replace Time Manager
2142     wp = (uint16 *)(ROM_BASE + find_rom_trap(0xa058));
2143     *wp++ = htons(M68K_EMUL_OP_INSTIME);
2144     *wp = htons(M68K_RTS);
2145     wp = (uint16 *)(ROM_BASE + find_rom_trap(0xa059));
2146     *wp++ = htons(0x40e7); // move sr,-(sp)
2147     *wp++ = htons(0x007c); // ori #$0700,sr
2148     *wp++ = htons(0x0700);
2149     *wp++ = htons(M68K_EMUL_OP_RMVTIME);
2150     *wp++ = htons(0x46df); // move (sp)+,sr
2151     *wp = htons(M68K_RTS);
2152     wp = (uint16 *)(ROM_BASE + find_rom_trap(0xa05a));
2153     *wp++ = htons(0x40e7); // move sr,-(sp)
2154     *wp++ = htons(0x007c); // ori #$0700,sr
2155     *wp++ = htons(0x0700);
2156     *wp++ = htons(M68K_EMUL_OP_PRIMETIME);
2157     *wp++ = htons(0x46df); // move (sp)+,sr
2158     *wp = htons(M68K_RTS);
2159     wp = (uint16 *)(ROM_BASE + find_rom_trap(0xa093));
2160     *wp++ = htons(M68K_EMUL_OP_MICROSECONDS);
2161     *wp = htons(M68K_RTS);
2162    
2163     // Disable Egret Manager
2164     static const uint8 egret_dat[] = {0x2f, 0x30, 0x81, 0xe2, 0x20, 0x10, 0x00, 0x18};
2165     if ((base = find_rom_data(0xa000, 0x10000, egret_dat, sizeof(egret_dat))) == 0) return false;
2166     D(bug("egret %08lx\n", base));
2167     wp = (uint16 *)(ROM_BASE + base);
2168     *wp++ = htons(0x7000);
2169     *wp = htons(M68K_RTS);
2170    
2171     // Don't call FE0A opcode in Shutdown Manager
2172     static const uint8 shutdown_dat[] = {0x40, 0xe7, 0x00, 0x7c, 0x07, 0x00, 0x48, 0xe7, 0x3f, 0x00, 0x2c, 0x00, 0x2e, 0x01};
2173     if ((base = find_rom_data(0x30000, 0x40000, shutdown_dat, sizeof(shutdown_dat))) == 0) return false;
2174     D(bug("shutdown %08lx\n", base));
2175     wp = (uint16 *)(ROM_BASE + base);
2176     if (ROMType == ROMTYPE_ZANZIBAR)
2177     *wp = htons(M68K_RTS);
2178 gbeauche 1.6 else if (ntohs(wp[-4]) == 0x61ff)
2179     *wp = htons(M68K_RTS);
2180     else if (ntohs(wp[-2]) == 0x6700)
2181 cebix 1.1 wp[-2] = htons(0x6000); // bra
2182    
2183     // Patch PowerOff()
2184     wp = (uint16 *)(ROM_BASE + find_rom_trap(0xa05b)); // PowerOff()
2185     *wp = htons(M68K_EMUL_RETURN);
2186    
2187     // Patch VIA interrupt handler
2188     static const uint8 via_int_dat[] = {0x70, 0x7f, 0xc0, 0x29, 0x1a, 0x00, 0xc0, 0x29, 0x1c, 0x00};
2189     if ((base = find_rom_data(0x13000, 0x1c000, via_int_dat, sizeof(via_int_dat))) == 0) return false;
2190     D(bug("via_int %08lx\n", base));
2191     uint32 level1_int = ROM_BASE + base;
2192     wp = (uint16 *)level1_int; // Level 1 handler
2193     *wp++ = htons(0x7002); // moveq #2,d0 (60Hz interrupt)
2194     *wp++ = htons(M68K_NOP);
2195     *wp++ = htons(M68K_NOP);
2196     *wp++ = htons(M68K_NOP);
2197     *wp = htons(M68K_NOP);
2198    
2199     static const uint8 via_int2_dat[] = {0x13, 0x7c, 0x00, 0x02, 0x1a, 0x00, 0x4e, 0x71, 0x52, 0xb8, 0x01, 0x6a};
2200     if ((base = find_rom_data(0x10000, 0x18000, via_int2_dat, sizeof(via_int2_dat))) == 0) return false;
2201     D(bug("via_int2 %08lx\n", base));
2202     wp = (uint16 *)(ROM_BASE + base); // 60Hz handler
2203     *wp++ = htons(M68K_EMUL_OP_IRQ);
2204     *wp++ = htons(0x4a80); // tst.l d0
2205     *wp++ = htons(0x6700); // beq xxx
2206     *wp = htons(0xffe8);
2207    
2208     if (ROMType == ROMTYPE_NEWWORLD) {
2209     static const uint8 via_int3_dat[] = {0x48, 0xe7, 0xf0, 0xf0, 0x76, 0x01, 0x60, 0x26};
2210 gbeauche 1.4 if ((base = find_rom_data(0x15000, 0x19000, via_int3_dat, sizeof(via_int3_dat))) == 0) return false;
2211 cebix 1.1 D(bug("via_int3 %08lx\n", base));
2212     wp = (uint16 *)(ROM_BASE + base); // CHRP level 1 handler
2213     *wp++ = htons(M68K_JMP);
2214     *wp++ = htons((level1_int - 12) >> 16);
2215     *wp = htons((level1_int - 12) & 0xffff);
2216     }
2217    
2218     // Patch PutScrap() for clipboard exchange with host OS
2219     uint32 put_scrap = find_rom_trap(0xa9fe); // PutScrap()
2220     wp = (uint16 *)(ROM_BASE + PUT_SCRAP_PATCH_SPACE);
2221     *wp++ = htons(M68K_EMUL_OP_PUT_SCRAP);
2222     *wp++ = htons(M68K_JMP);
2223     *wp++ = htons((ROM_BASE + put_scrap) >> 16);
2224     *wp++ = htons((ROM_BASE + put_scrap) & 0xffff);
2225     lp = (uint32 *)(ROM_BASE + 0x22);
2226     lp = (uint32 *)(ROM_BASE + ntohl(*lp));
2227     lp[0xa9fe & 0x3ff] = htonl(PUT_SCRAP_PATCH_SPACE);
2228    
2229     // Patch GetScrap() for clipboard exchange with host OS
2230     uint32 get_scrap = find_rom_trap(0xa9fd); // GetScrap()
2231     wp = (uint16 *)(ROM_BASE + GET_SCRAP_PATCH_SPACE);
2232     *wp++ = htons(M68K_EMUL_OP_GET_SCRAP);
2233     *wp++ = htons(M68K_JMP);
2234     *wp++ = htons((ROM_BASE + get_scrap) >> 16);
2235     *wp++ = htons((ROM_BASE + get_scrap) & 0xffff);
2236     lp = (uint32 *)(ROM_BASE + 0x22);
2237     lp = (uint32 *)(ROM_BASE + ntohl(*lp));
2238     lp[0xa9fd & 0x3ff] = htonl(GET_SCRAP_PATCH_SPACE);
2239    
2240     // Patch SynchIdleTime()
2241     if (PrefsFindBool("idlewait")) {
2242     wp = (uint16 *)(ROM_BASE + find_rom_trap(0xabf7) + 4); // SynchIdleTime()
2243     D(bug("SynchIdleTime at %08lx\n", wp));
2244 gbeauche 1.28 if (ntohs(*wp) == 0x2078) { // movea.l ExpandMem,a0
2245 cebix 1.1 *wp++ = htons(M68K_EMUL_OP_IDLE_TIME);
2246     *wp = htons(M68K_NOP);
2247 gbeauche 1.28 }
2248     else if (ntohs(*wp) == 0x70fe) // moveq #-2,d0
2249     *wp++ = htons(M68K_EMUL_OP_IDLE_TIME_2);
2250     else {
2251 cebix 1.1 D(bug("SynchIdleTime patch not installed\n"));
2252     }
2253     }
2254    
2255     // Construct list of all sifters used by sound components in ROM
2256     D(bug("Searching for sound components with type sdev in ROM\n"));
2257     uint32 thing = find_rom_resource(FOURCC('t','h','n','g'));
2258     while (thing) {
2259     thing += ROM_BASE;
2260     D(bug(" found %c%c%c%c %c%c%c%c\n", ReadMacInt8(thing), ReadMacInt8(thing + 1), ReadMacInt8(thing + 2), ReadMacInt8(thing + 3), ReadMacInt8(thing + 4), ReadMacInt8(thing + 5), ReadMacInt8(thing + 6), ReadMacInt8(thing + 7)));
2261     if (ReadMacInt32(thing) == FOURCC('s','d','e','v') && ReadMacInt32(thing + 4) == FOURCC('s','i','n','g')) {
2262     WriteMacInt32(thing + 4, FOURCC('a','w','g','c'));
2263     D(bug(" found sdev component at offset %08x in ROM\n", thing));
2264     AddSifter(ReadMacInt32(thing + componentResType), ReadMacInt16(thing + componentResID));
2265     if (ReadMacInt32(thing + componentPFCount))
2266     AddSifter(ReadMacInt32(thing + componentPFResType), ReadMacInt16(thing + componentPFResID));
2267     }
2268     thing = find_rom_resource(FOURCC('t','h','n','g'), 4711, true);
2269     }
2270    
2271     // Patch component code
2272     D(bug("Patching sifters in ROM\n"));
2273     for (int i=0; i<num_sifters; i++) {
2274     if ((thing = find_rom_resource(sifter_list[i].type, sifter_list[i].id)) != 0) {
2275     D(bug(" patching type %08x, id %d\n", sifter_list[i].type, sifter_list[i].id));
2276     // Install 68k glue code
2277     uint16 *wp = (uint16 *)(ROM_BASE + thing);
2278     *wp++ = htons(0x4e56); *wp++ = htons(0x0000); // link a6,#0
2279     *wp++ = htons(0x48e7); *wp++ = htons(0x8018); // movem.l d0/a3-a4,-(a7)
2280     *wp++ = htons(0x266e); *wp++ = htons(0x000c); // movea.l $c(a6),a3
2281     *wp++ = htons(0x286e); *wp++ = htons(0x0008); // movea.l $8(a6),a4
2282     *wp++ = htons(M68K_EMUL_OP_AUDIO_DISPATCH);
2283     *wp++ = htons(0x2d40); *wp++ = htons(0x0010); // move.l d0,$10(a6)
2284     *wp++ = htons(0x4cdf); *wp++ = htons(0x1801); // movem.l (a7)+,d0/a3-a4
2285     *wp++ = htons(0x4e5e); // unlk a6
2286     *wp++ = htons(0x4e74); *wp++ = htons(0x0008); // rtd #8
2287     }
2288     }
2289     return true;
2290     }
2291    
2292    
2293     /*
2294     * Install .Sony, disk and CD-ROM drivers
2295     */
2296    
2297     void InstallDrivers(void)
2298     {
2299     D(bug("Installing drivers...\n"));
2300     M68kRegisters r;
2301 gbeauche 1.18 SheepArray<SIZEOF_IOParam> pb_var;
2302     const uintptr pb = pb_var.addr();
2303 gbeauche 1.7
2304 gbeauche 1.5 // Install floppy driver
2305 gbeauche 1.14 if (ROMType == ROMTYPE_NEWWORLD || ROMType == ROMTYPE_GOSSAMER) {
2306 gbeauche 1.5
2307 gbeauche 1.14 // Force installation of floppy driver with NewWorld and Gossamer ROMs
2308 gbeauche 1.5 r.a[0] = ROM_BASE + sony_offset;
2309     r.d[0] = (uint32)SonyRefNum;
2310     Execute68kTrap(0xa43d, &r); // DrvrInstallRsrvMem()
2311     r.a[0] = ReadMacInt32(ReadMacInt32(0x11c) + ~SonyRefNum * 4); // Get driver handle from Unit Table
2312     Execute68kTrap(0xa029, &r); // HLock()
2313     uint32 dce = ReadMacInt32(r.a[0]);
2314     WriteMacInt32(dce + dCtlDriver, ROM_BASE + sony_offset);
2315     WriteMacInt16(dce + dCtlFlags, SonyDriverFlags);
2316     }
2317 gbeauche 1.8
2318 gbeauche 1.27 #if DISABLE_SCSI && HAVE_SIGSEGV_SKIP_INSTRUCTION
2319 gbeauche 1.8 // Fake SCSIGlobals
2320 gbeauche 1.19 WriteMacInt32(0xc0c, SheepMem::ZeroPage());
2321 gbeauche 1.8 #endif
2322 gbeauche 1.5
2323 cebix 1.1 // Open .Sony driver
2324 gbeauche 1.18 SheepString sony_str("\005.Sony");
2325     WriteMacInt8(pb + ioPermssn, 0);
2326     WriteMacInt32(pb + ioNamePtr, sony_str.addr());
2327     r.a[0] = pb;
2328 cebix 1.1 Execute68kTrap(0xa000, &r); // Open()
2329    
2330     // Install disk driver
2331     r.a[0] = ROM_BASE + sony_offset + 0x100;
2332     r.d[0] = (uint32)DiskRefNum;
2333     Execute68kTrap(0xa43d, &r); // DrvrInstallRsrvMem()
2334     r.a[0] = ReadMacInt32(ReadMacInt32(0x11c) + ~DiskRefNum * 4); // Get driver handle from Unit Table
2335     Execute68kTrap(0xa029, &r); // HLock()
2336     uint32 dce = ReadMacInt32(r.a[0]);
2337     WriteMacInt32(dce + dCtlDriver, ROM_BASE + sony_offset + 0x100);
2338     WriteMacInt16(dce + dCtlFlags, DiskDriverFlags);
2339    
2340     // Open disk driver
2341 gbeauche 1.18 SheepString disk_str("\005.Disk");
2342     WriteMacInt32(pb + ioNamePtr, disk_str.addr());
2343     r.a[0] = pb;
2344 cebix 1.1 Execute68kTrap(0xa000, &r); // Open()
2345    
2346     // Install CD-ROM driver unless nocdrom option given
2347     if (!PrefsFindBool("nocdrom")) {
2348    
2349     // Install CD-ROM driver
2350     r.a[0] = ROM_BASE + sony_offset + 0x200;
2351     r.d[0] = (uint32)CDROMRefNum;
2352     Execute68kTrap(0xa43d, &r); // DrvrInstallRsrvMem()
2353     r.a[0] = ReadMacInt32(ReadMacInt32(0x11c) + ~CDROMRefNum * 4); // Get driver handle from Unit Table
2354     Execute68kTrap(0xa029, &r); // HLock()
2355     dce = ReadMacInt32(r.a[0]);
2356     WriteMacInt32(dce + dCtlDriver, ROM_BASE + sony_offset + 0x200);
2357     WriteMacInt16(dce + dCtlFlags, CDROMDriverFlags);
2358    
2359     // Open CD-ROM driver
2360 gbeauche 1.18 SheepString apple_cd("\010.AppleCD");
2361     WriteMacInt32(pb + ioNamePtr, apple_cd.addr());
2362     r.a[0] = pb;
2363 cebix 1.1 Execute68kTrap(0xa000, &r); // Open()
2364     }
2365    
2366     // Install serial drivers
2367     r.a[0] = ROM_BASE + sony_offset + 0x300;
2368     r.d[0] = (uint32)-6;
2369     Execute68kTrap(0xa43d, &r); // DrvrInstallRsrvMem()
2370     r.a[0] = ReadMacInt32(ReadMacInt32(0x11c) + ~(-6) * 4); // Get driver handle from Unit Table
2371     Execute68kTrap(0xa029, &r); // HLock()
2372     dce = ReadMacInt32(r.a[0]);
2373     WriteMacInt32(dce + dCtlDriver, ROM_BASE + sony_offset + 0x300);
2374     WriteMacInt16(dce + dCtlFlags, 0x4d00);
2375    
2376     r.a[0] = ROM_BASE + sony_offset + 0x400;
2377     r.d[0] = (uint32)-7;
2378     Execute68kTrap(0xa43d, &r); // DrvrInstallRsrvMem()
2379     r.a[0] = ReadMacInt32(ReadMacInt32(0x11c) + ~(-7) * 4); // Get driver handle from Unit Table
2380     Execute68kTrap(0xa029, &r); // HLock()
2381     dce = ReadMacInt32(r.a[0]);
2382     WriteMacInt32(dce + dCtlDriver, ROM_BASE + sony_offset + 0x400);
2383     WriteMacInt16(dce + dCtlFlags, 0x4e00);
2384    
2385     r.a[0] = ROM_BASE + sony_offset + 0x500;
2386     r.d[0] = (uint32)-8;
2387     Execute68kTrap(0xa43d, &r); // DrvrInstallRsrvMem()
2388     r.a[0] = ReadMacInt32(ReadMacInt32(0x11c) + ~(-8) * 4); // Get driver handle from Unit Table
2389     Execute68kTrap(0xa029, &r); // HLock()
2390     dce = ReadMacInt32(r.a[0]);
2391     WriteMacInt32(dce + dCtlDriver, ROM_BASE + sony_offset + 0x500);
2392     WriteMacInt16(dce + dCtlFlags, 0x4d00);
2393    
2394     r.a[0] = ROM_BASE + sony_offset + 0x600;
2395     r.d[0] = (uint32)-9;
2396     Execute68kTrap(0xa43d, &r); // DrvrInstallRsrvMem()
2397     r.a[0] = ReadMacInt32(ReadMacInt32(0x11c) + ~(-9) * 4); // Get driver handle from Unit Table
2398     Execute68kTrap(0xa029, &r); // HLock()
2399     dce = ReadMacInt32(r.a[0]);
2400     WriteMacInt32(dce + dCtlDriver, ROM_BASE + sony_offset + 0x600);
2401     WriteMacInt16(dce + dCtlFlags, 0x4e00);
2402     }
Christian Bauer">Christian Bauer
 ViewVC Help
Powered by ViewVC 1.1.15