EPROM Programming

Yes dis-assemblers are available. You have to know what processor you have so as to get the correct dis-assembler

Be advised that the first run of a dis-assembler will probably have many errors. You then have to go through the code and find those errors. If data is mixed in with the instructions things can get complicated.

Been there - done that. Good luck

Bill K7NOM

[snip...snip...]

Especially if they've deliberately obscured things by having pieces of the data run as legitimate machine language.

I also seem to recall a (possibly apocryphal) story of a ROM for an early computer (an Apple?) that had instructions in interleaved reading frames. Ah, those were the days ...

--
Rich Webb   Norfolk, VA

Am Fri, 09 Sep 2005 01:57:58 GMT schrieb Rich Webb:

On some machines address and data lines on the bus have been interchanged to do some kind of "scrambling". This can also be a problem for a disassembler.

You have to know if the connectio of the lines is comletely 1:1

Alexander

I once disassembled the PROM for a Synertek KTM-3, a simple "terminal emulator built into a keyboard". Standard PC-size keyboard, a serial port connection on the back, and a monochrome-video output to go to a monochrome monitor display.

It was implemented using a 6502 (if I recall correctly) architecture.

One of the oddities of this micro was that its memory bus interface was driven during only one-half of each clock cycle. It's possible for two micros to share the same bus (and thus share RAM and PROM) if one of them has its clock line inverted.

That's just what the KTM-3 did... it had two 6502s, one to run the terminal emulator code, and the other to act as the video encoder (reading the data out of RAM, doing table lookups to construct the scan lines, and shoving the resulting bits into a shift register which clocked them out to create the video signal). The second 6502 had some odd reordering and inversions done to its address and data lines, so that its code was broken up into a few blocks of "data" in the PROM image executed by the main (terminal emulator) 6502.

It worked. It also made my brain hurt.

--
Dave Platt                                    AE6EO
Hosting the Jade Warrior home page: http://www.radagast.org/jade-warrior
  I do _not_ wish to receive unsolicited commercial email, and I will
     boycott any company which has the gall to send me such ads!

"Davis" schreef in bericht news:gh4Ue.7607$ snipped-for-privacy@newsread2.news.pas.earthlink.net...

Well... Such software is called a "Disassembler" or sometimes "Unassembler". I wrote several of them over time. Having over 10 years programming experience it should be the easy part for you. Although a little Googling will make you find free disassmeblers for all of the old beasts. But what about the hardware? Of course you need to know what processor you're dealing with but some overview of the "system" may be necessary as well. If your EPROM is straight forward connected with address- and databus it's easy but you need to know. The same counts for the I/O-addresses and the hardware they control. A hexdump will be handy to locate (ASCII)data in the code. Running a disassembler is no problem. But the result. You will have several hundreds or even thousends lines of assemblercode without comments, symbolic names or other support. 32k assemblercode is quite a lot. The largest one I ever fully disassembled was 4k of 8051 code and it took weeks to have it all pointed out. (Including partial reverse engineering of the circuit, especially the I/O). So I guess the hardware part will be the hard part for you. Nevertheless succes.

petrus bitbyter

you're dealing

but

several

symbolic

I

all

for

Hi,

Thanks for all this advice. I was able to locate a specific Z80 disassembler. I extracted the EPROM and disassembled it. I now have the listing. Here is the first 19 lines of 9110.

-------------------------------------------------- Z80 DISASSEMBLER LISTING Line Addr Opcodes Label Instruction

--------------------------------------------------

0001 0000 3E 78 L1063: LD A,78H 0002 0002 D3 88 OUT (88H),A 0003 0004 C3 CE 0E JP L0001 0004 0007 00 NOP 0005 0008 08 EX AF,AF' 0006 0009 D9 L0591: EXX 0007 000A ED 40 IN B,(C) 0008 000C 7D L0594: LD A,L 0009 000D D3 98 OUT (98H),A 0010 000F 7C LD A,H 0011 0010 D3 9C OUT (9CH),A 0012 0012 23 INC HL 0013 0013 1B DEC DE 0014 0014 7A LD A,D 0015 0015 B3 OR E 0016 0016 D9 EXX 0017 0017 28 02 JR Z,L0002 0018 0019 08 EX AF,AF' 0019 001A C9 RET

It only has labels and code as you said. I do have a repair and theory manual for the hardware. It contains block diagrams and schematics. I guess that should help alot, but I have a lot of studying and learning to do.

Thanks

I missed the front end of this conversation, but it looks like you are trying to fix an old Z80 system. The best tool I know of for figuring these out WITHOUT a schematic or memory map (or disassembling the code!) is the Fluke series of Microprocessor testers. The original Fluke 9010A with a Z80 pod has alearn function that will do a pretty good job of identifying the ROM locations, RAM and I/O. You can then use the probe to check chip selects and find out more the memory layout. The later Fluke Series 90 Z80 Microprocessor Tester is a bit easier to use than the original 9010, but it is rarer and not well understood.

I support a tech tools mail list that you can join if you wish to discuss using these Fluke (or other brands) of CPU test devices. We mostly chat about the 9010A...but burners (Data I/O for example) and other stuff fits in fine:

John :-#)#

--
  (Please post followups or tech enquires to the newsgroup)  John's 
Jukes Ltd. 2343 Main St., Vancouver, BC, Canada V5T 3C9      Call 
(604)872-5757 or Fax 872-2010 (Pinballs, Jukes, Video Games)            
        www.flippers.com              "Old pinballers never die, they 
just flip out."