DOC 1.1 -- HACKER directory documentation ŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽ NOTE! This is a plain ASCII text file containing multiple documents. You may find it most convenient to view or print this file by running the DOC.EXE program (supplied on this disk) on your PC. This is the first Goodies Disk to do it this way. Hope you like it. ŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽ :GD9 :Hacker's Goodies :-jkh- @@Access Ptrs Article about "access pointers", the new G/GX object type. By Joe Horn. jsw@well.sf.ca.us [James Weisbin] writes: > If you execute 2 RPORT (from R Hellsterns <-LIB-> > splitter) on a GX, you get a bunch (well, one for each > library object in that port) of ACPTR objects on the > stack. Exactly what are these, and is there a way to > convert them to their respective library objects (if > that's what they represent)? Any help would be > appreciated. *** THE FOLLOWING IS NOT MANUFACTURER SUPPORTED *** The SX had four "undefined" object types reserved for future use: กกกกกกกกฅกกกกกกกกกกฅกกกกกกกกกกฅกกกกกกกกกกกกกกกกกกกกกกฏ ง Header 3 Old Name 3 New Name 3 Internal object type ง €ŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽ ง 02BAA 3 EXT1 3 ACPTR 3 BF ง ง 02BCC 3 EXT2 3 EXT2 3 CF ง ง 02BEE 3 EXT3 3 EXT3 3 DF ง ง 02C10 3 EXT4 3 EXT4 3 EF ง Šกกกกกกกก‹กกกกกกกกกก‹กกกกกกกกกก‹กกกกกกกกกกกกกกกกกกกกกกฌ The GX has taken one of these unused object types and defined it. The old EXT1 has now become ACPTR, "access pointer". ACPTR objects are pointers to library objects in ports 2 and above. It's part of the GX's complicated bank-switching scheme. Perform an ->ASCI on one of these objects, and you'll see that it's of this form: AAB20 ppppp jjjjj where AAB20 is the prolog (backwards), ppppp is the address of the library, and jjjjj is the address that the HP48 jumps to (a machine language jump, not an RPL jump!) to evaluate that object. If you use Voyager to disassemble the code at jjjjj, you'll see how the jump table works on different bank-switching situations. All the hackers' writings since 6 March 1990 have assumed that "external objects" would have a length field after the prolog, like strings and many other objects do. HP's documentation, however, does not say this anywhere, and sure enough, ACPTR's do NOT have a length field. This causes every "unthreader" that I know of (other than <-RPL-> ) to start mistracking when they hit an ACPTR. If you have any software that handles HP48 objects, be sure to take into account the new fact that ACPTR's are always 7.5 bytes long. Note well: Since EXT1 is no longer undefined, DON'T USE IT in your own programs!! Software that did use EXT1 ought to be rewritten. Commercial software ought not use any of these "reserved" object types at all, since they may be used by a future machine or library. The "Michigan Virus" uses EXT2, and is therefore just as able to infect the G series as any other HP48. @@BREAKLIB S- BREAKLIB, a fast Library Breaker. By ?? Documentation by Joe Horn. CAUTION: DOES *NOT* WORK ON THE HP48 G/GX. Type the ID number of any attached library (other than 1041), and press EXE. A directory will be created containing that library's contents in directory form. Although this is the same idea as the L->DIR command in the <-LIB-> library on Goodies Disk #8, BREAKLIB is much faster. Press INFOS for a nifty info screen; press any key to page down. Do not use BREAKLIB on itself. Use L->DIR on it instead. -Joseph K. Horn- EQU akcs.joehorn@hpcvbbs.cv.hp.com @@CHKRX SG (Comp.sys.hp48) Item: 1862 by pshuprs@prism.gatech.EDU [Howlin' Bob] Subj: Syseval to check rx pin state Date: 11 Oct 1992 [This whole post is about reading the RX pin on the HP48's serial port. If you don't care, then skip it. It's a long one.] akcs.n2kyw@hpcvbbs.cv.hp.com (Paul Smith) writes: Is there a simple syseval or other way to check the state of the serial port's receive pin from a program? I want to avoid any ml type overhead stuff, so a single syseval would be ideal. Thanks Paul Smith smit3223@nova.gmi.edu First of all, there are two VERY important locations for doing this. No, first of all, I need to thank Joe Ervin for the information I used to do this. This entire post is basically a paraphrasing of his work. Thanks. Second are the V.I.A.'s (very imp. addresses) 0x110 (110 hexadecimal) is the UART control register 0x111 is the serial receive control/status They are nibble-long memory-mapped IO registers. When you twiddle these, you're twiddling hardware. UART_CONTROL at 0x110: [SON ETBE ERBF ERBZ] msb . . . . . . . . . . least significant bit. SON=Serial ON. Set it to allow the UART to work. The rest are interrupt control registers explained in the source code comments. SERIAL_STATUS at 0x111: [RX RER RBZ RBF] RX corresponds to the state of the receive (RX) line (read only - you can hardly change someone else's TX by writing here). The rest are explained in the source code comments. To read the state of the RX pin, simply set bit 3 of the UART_CONTROL register and then read bit 3 of the SERIAL_STATUS register. very simple. This sort of thing is all but useless for real serial IO, as you'd have to do all sort of timing, jamming bits together in a makeshift shift register, etc. That's what the hardware boys are for (and, of course, the UART - Universal Asynchronous Rabbit Tamer...sorry I forgot the last two letters. [Receiver/Transmitter. -jkh-] Basically, a serial line->Byte device) A program follows which does some neat stuff for monitoring the RX pin The poster (Paul) who asked about this plans on using the RX pin for morse code applications. This would be simple. Sort of. I guess you'd have to debounce. The source code for it is included. I wrote this using the HP tools, and in HP mnemonics. They're really kind of aesthetic once you're accustomed to them. [It's called chkrx.s on this disk. -jkh-] The loader control file is included too. [It's called chkrx.m on this disk. -jkh-] Follow the standard procecure for compiling. [Only if you really enjoy doing so, but you don't have to; it's already been compiled and is called chkrx on this disk. -jkh-] I hope this helps someone! Robert -- Robert Sanders Georgia Institute of Technology Internet: pshuprs@prism.gatech.edu OR gt8134b@prism.gatech.edu @@CloneMe SG From: tedb@hpcvra.cv.hp.com. (Ted Beers) Newsgroups: comp.sys.hp48 Subject: HP 48 Program Procreation Date: 23 Aug 91 22:06:57 GMT Organization: Hewlett-Packard Co., Corvallis, OR, USA I was intrigued by a challenge made by Ken Thompson (coauthor of Unix) many years ago and mentioned again in the September, 1991, issue of Dr. Dobb's Journal. To paraphrase, as a test of a computer language's power, Thompson suggested that one write a program that, when compiled and executed, will produce an exact copy of itself. Taking up the gauntlet, here's what I came up with for the HP 48: Warning! Examining this program too closely can prove hazardous to your sanity. @ CloneMe: A program that creates itself. @ Reference: Dr. Dobb's Journal #180, September, 1991, @ pg. 18. @ Problem first proposed by Ken Thompson. @ \<< C$ 31 "\<< C$ 31 " OVER + SWAP + STR\-> \>> "\<< C$ 31 " OVER + SWAP + STR\-> \>> (Note: C$ is a little-known built-in object delimiter for an -character string.) When this program is executed, it will output itself! At first this exercise might seem either trivial or impossible, but it's neither. The trick at work here is to make the first half of the program create a string that represents the second half of the program, and to make the second half of the program put together the first half of the program with the second half and change the result into a program (whew!). Variations are possible. Here's a program that creates TWO copies of itself, changing the motive from procreation to proliferation: \<< C$ 35 "\<< C$ 35 " OVER + SWAP + STR\-> DUP \>> "\<< C$ 35 " OVER + SWAP + STR\-> DUP \>> And then of course there's the suicidal variation who's sole purpose is to disappear: \<< \>> Can anyone create a shorter version of the program that creates itself? (Removing unnecessary but friendly formatting doesn't count!) Ted W. Beers Hewlett-Packard @@CloneMe2 SG By: John Paul Morrison From: ochealth@unixg.ubc.ca (Occupational Health and Safety) Newsgroups: comp.sys.hp48 Subject: HP 48 Program Procreation Date: 26 Aug 91 16:22:58 GMT Organization: University of British Columbia, Vancouver, B.C., Canada How's this for short: \<< LASTARG \>> :-) Of course, you need to assume the calculator has the right flags set! [Namely, flag -55 must be clear, which is the default state. -jkh-] John Paul Morrison @@DUMP SG (Comp.sys.hp48) Item: 1616 by ftg0673@tamsun.tamu.edu [Rick Grevelle] Subj: Memory Dump Date: 22 Aug 1993 Those hard core 48 users who are interested in reverse engineering Hewlett-Packard's latest efforts might have a use for this. It's a little scheme that's actually part of a machine language library I'm developing which is nearing completion at this time. The big package will contain a variety professional quality tools that are intended to complement those utilities already available. I have designed this product to benefit everyone from the beginner to the very experienced user. The software runs in all 48 revisions and is quite quick, especially so in the GX revisions since the faster CPU was added. These routines begin beyond where HACKIT left off and essentially provide a set of practical tools for every day use which may become habit forming. Among my favorite is the library builder and the full-screen memory scanner which of course are all machine-language. The routine here is a modified revision of the memory-dump scheme which is utilized by the memory scanner, and is used to dump the contents in memory of a specified address in the 48. The scheme here automatically dumps the 256k unpaged ROM that begins at #0h and ends at #7FFFFh. The dump which it produces is usable by a variety of tools which includes Derek Nickel's Voyager and Jan Brittenson's SAD. After down loading the DUMP routine to either an SX or a GX, a dump may be accomplished by the following: o Type kermit at the prompt of a machine in which KERMIT has been installed. o Set the BAUD rate to 9600 by typing at the kermit prompt 'set baud 9600'. o Capture the dump in a file by typing at the kermit prompt 'log session '. o Connect the serial port by typing at the kermit prompt 'connect'. o Invoke DUMP to start the memory dump. Once invoked, DUMP will continue until the entire 256k bytes dumps to the receiving end. Due to the faster CPU of the GX, it's very possible that some machines might experience 'buffer overflow' in which case characters will be missed. Faster machines such as the 386's and 486's shouldn't have a problem though. For complete details I've included the source code here which should help anyone who might have special needs or a desire to modify the performance of the routine. All in all there's no magic here, but the larger package of which this material is a part is entirely another story. Rick Grevelle (409) 774-1169 ftg0673@tamsun.tamu.edu TITLE 256k I/O ASCII Memory Dump, Version 1.1 ** begin DUMP.S ***************************************** ********************************************************* ** ** NAME: DUMP ** ** CATEGORY: Memory ** ** ENTRY: - ** ** EXIT: - ** ** CALLS: SAVPTR, init_UART*, OUTUART, GETPTRLOOP. ** ** STACK LEVELS: 2 ** ** ABSTRACT: Dumps first 256k bytes of memory (ROM). ** ** MODULE HISTORY: ** ** Written 08/12/93 Rick Grevelle ** ********************************************************* ********************************************************* ASSEMBLE =init_UART* EQU #30EBC RPL CODE GOSBVL =SAVPTR ** Zero cpu registers. P= 0 A=0 W B=0 W C=0 W D=0 W R0=A W R1=A W ** Initialize dump parameters. LC(1) 6 9600 BAUD GOSBVL =init_UART* LC(5) (256*1024*2/16)-1 256k bytes ** Main transmit loop. iodmplp RSTK=C ** Initilize memory pointer loop. A=R0.F A ASRC ASRC ASRC ASRC ASRC R1=A.F W P= 0 LC(5) 4 ** Transmit the 5 nibble address in memory. ioptrlp RSTK=C A ŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽจ A=R1.F W A=0 B 3 ASLC 3 R1=A.F W 3 ** Compute ASCII translation one byte at a time. 3 LCASC \0\ 3 A=A+C B 3 LCASC \9\ 3 ?C>=A B 3 GOYES xmitptr 3 LC(2) 7 3 A=A+C B 3 ** Transmit pointer character. 3 xmitptr GOSBVL =OUTUART 3 C=RSTK A 3 C=C-1 A 3 GONC ioptrlp ŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽ — ** Transmit colon. LCASC \:\ A=C B GOSBVL =OUTUART ** Initilize memory loop. P= 0 LC(5) 15 ** Transmit 16 nibbles of memory @D0. iomemlp RSTK=C A ŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽจ A=R0.F A D1=A 3 A=A+1 A 3 R0=A.F A 3 A=0 B 3 A=DAT1 1 3 ** Compute ASCII translation one byte at a time. 3 LCASC \0\ 3 A=A+C B 3 LCASC \9\ 3 ?C>=A B 3 GOYES xmitmem 3 LC(2) 7 3 A=A+C B 3 ** Transmit memory character. 3 xmitmem GOSBVL =OUTUART 3 C=RSTK A 3 C=C-1 A 3 GONC iomemlp ŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽŽ — ** Transmit CR. LC(2) 13 A=C B GOSBVL =OUTUART ** Transmit LF. LC(2) 10 A=C B GOSBVL =OUTUART C=RSTK C=C-1 A GOC getptrloop GOTO iodmplp getptrloop GOVLNG =GETPTRLOOP ENDCODE @@LIBMAKER S- LIBMAKER, a Library Builder. By ?? [S/SX only! Clears memory on the G/GX. -jkh-] Turns directories into libraries. Similar to the D->LIB command in the <-LIB-> library on Goodies Disk #8; see that for more details. @@MLDL 1.06 S- Version 1.06 of Jan Brittenson's awesome Machine Language Development Library is in the HACKER directory on this disk. Its documentation is so huge that it has its own documentation file. Press ESC S M M ENTER to view and/or print its documentation. @@Rosetta The HP48 Rosetta Stone by Joe Horn & Jan Brittenson The HP <--> AG Mnemonics Translation Table There are two different sets of mnemonics in use for the HP48's assembly language; the set used by HP to develop their calculators' operating systems and support software, and the set invented by Alonzo Gariepy in an attempt to make assembly language more understandable. People keep clamoring for a HP-to-AG dictionary. So we made one. It's called ROSETTA.DOC, and can be found in the HACKER directory on this disk. Use LIST.COM to view and/or print it.