Defender RAM Use

  <$20 (word?) = 
  <$21 (byte?) = 
  <$22 (word) = 
  <$24 (byte) = 
  <$25 (byte) = 
  <$26 (byte?) = 
  <$27 (byte?) = 
  <$28 (word) = 
  <$2A (word?) = 
  <$2B (byte?) = 
  <$2C (word) = 
  <$2E (word) = 
  <$30 (word) = 
  <$32 (word) = 
  <$34 (word) = 
  <$31 (byte) = 
  <$34 (byte) = ?? 
  <$36 (byte) = current page # for addresses $C000-$CFFF 
  <$37 (byte) = 
  <$38 (byte) = 
  <$39 (byte) = 
  <$3A (byte) = only known instance of use is at $D045 in fixed ROM bank. Does not appear to have a use. 
  <$3D (word) = address of position in jump table to go in fixed ROM bank 
  <$3F (word) = address to return to when called subroutine completes processing? 
  <$4C (byte) = 
  <$4E (word) = 
  <$50 (byte?) = 
  <$51 (byte?) = 
  <$52 (word) = 
  <$54 (word) = 
  <$56 (word) = 
  <$58 (byte) = 
  <$59 (word) = 
  <$5D (byte) = 
  <$5F (word) = the address of the 1st link in the event chain
  <$61 (word) = current link in chain beginning at $AF1B? 
  <$63 (word) = current link in "event chain" beginning at $A05F 
  <$65 (word) = 
  <$67 (word) = 
  <$69 (word) = current link in chain beginning at $AF2A? 
  <$6B (word) = 
  <$6D (word) = 
  <$6F (byte?) = 
  <$70 (byte?) = 
  <$71 (byte) = 
  <$73 (byte?) = 
  <$74 (byte?) = 
  <$77 (word?) = stack pointer storage? No?... maybe more like a scratch pad, I think. 
  <$78 (byte) = scratch pad? 
  <$79 (byte) = 
  <$7A (byte) = 
  <$7B (byte) = 
  <$7C (byte) = 
  <$7D (byte) = 
  <$7E (byte) = ?? only found in code w/o any identified entry points ?? 
  <$7F (byte) = 
  <$80 (byte) = 
  <$81 (byte) = 
  <$82 (word) = 
  <$84 (word) = 
  <$86 (word) = 
  <$88 (word) = 
  <$8A (byte) = 
  <$8B (byte) = 
  <$8C (byte) = 
  <$8D (word) = 
  <$8F (byte) = 
  <$90 (word) = 
  <$92 (byte) = 
  <$93 (byte?) = 
  <$94 (byte?) = 
  <$95 (word) = 
  <$99 (byte) = 
  <$9A (byte) = 
  <$9B (word) = 
  <$9D (word) = 
  <$9F (word) = 
  <$A1 (word?) = 
  <$A2 (byte?) = 
  <$A3 (byte?) = 
  <$A4 (word) = 
  <$A6 (word) = 
  <$A8 (word) = 
  <$AB (byte) = 
  <$AC (byte) = 
  <$AD (byte) = 
  <$AE (byte) = 
  <$AF (byte) = 
  <$B0 (word) = 
  <$B2 (byte) = 
  <$B3 (byte) = 
  <$B4 (byte) = 
  <$B5 (byte) = 
  <$B7 (byte) = 
  <$BA (byte) = 
  <$BB (word?) = 
  <$BD (word?) = 
  <$BE (byte?) = 
  <$BF (word?) = 
  <$C0 (byte?) = 
  <$C1 (word?) = 
  <$C2 (byte?) = 
  <$C3 (word?) = 
  <$C4 (byte?) = 
  <$C5 (word?) = 
  <$C7 (word?) = 
  <$C8 (word?) = 
  <$C9 (byte) = 
  <$CA (word) = 
  <$CC (word) = 
  <$CE (word?) = 
  <$CF (byte) = 
  <$D0 (word?) = 
  <$D1 (byte?) = 
  <$D2 (word?) = 
  <$D3 (byte?) = 
  <$D4 (byte) = 
  <$D5 (byte) = 
  <$D6 (word?) = 
  <$D7 (byte?) = 
  <$D8 (word?) = 
  <$D9 (byte?) = 
  <$DA (word) = 
  <$DC (word) = 
  <$DF (byte) = 
  <$E0 (byte?) = 
  <$E1 (byte?) = 
  <$FA (byte) = 
  <$FB (byte) = 
  <$FC (byte) = 
  <$FD (byte) = 
  <$FE (byte) = 
  <$FF (byte) = 

; From MAME
;	ROM_REGION( 0x19000, "maincpu", 0 )
;	ROM_LOAD( "defend.1",     0x0d000, 0x0800, CRC(c3e52d7e) SHA1(a57f5278ffe44248fc73f9925d107f4024ad981a) )
;	ROM_LOAD( "defend.4",     0x0d800, 0x0800, CRC(9a72348b) SHA1(ed6ce796702ff32209ced3cb1ba3837dbafa526f) )
;	ROM_LOAD( "defend.2",     0x0e000, 0x1000, CRC(89b75984) SHA1(a9481478da38f99efb67f0ecf82d084e14b93b42) )
;	ROM_LOAD( "defend.3",     0x0f000, 0x1000, CRC(94f51e9b) SHA1(a24cfc55de56a72758c76fe2a55f1ec6c353b16f) )
; 1
;	ROM_LOAD( "defend.9",     0x10000, 0x0800, CRC(6870e8a5) SHA1(67ccc194b1753a18af0c85f5e603355549c4f727) )
;	ROM_LOAD( "defend.12",    0x10800, 0x0800, CRC(f1f88938) SHA1(26e48dfeefa0766837b1e762695b9532dbc8bc5e) )
; 2
;	ROM_LOAD( "defend.8",     0x11000, 0x0800, CRC(b649e306) SHA1(9d7bc3c89e5a53c575946f06702c722b864b1ff0) )
;	ROM_LOAD( "defend.11",    0x11800, 0x0800, CRC(9deaf6d9) SHA1(59b018ba0f3fe6eadfd387dc180ac281460358bc) )
; 3
;	ROM_LOAD( "defend.7",     0x12000, 0x0800, CRC(339e092e) SHA1(2f89951dbe55d80df43df8dcf497171f73e726d3) )
;	ROM_LOAD( "defend.10",    0x12800, 0x0800, CRC(a543b167) SHA1(9292b94b0d74e57e03aada4852ad1997c34122ff) )
; 7
;	ROM_LOAD( "defend.6",     0x16000, 0x0800, CRC(65f4efd1) SHA1(a960fd1559ed74b81deba434391e49fc6ec389ca) )


; Fixed ROM (always available in memory map)

Fixed Bank ($D000 - $FFFF) subroutines

$D013

The same as the routine at $D015 except the source of the value in the X register is provided at an address at 6,X with this entry point.

Called from:

Fixed ROM: $EBF1 : $EDC1 : $F40F : $F418

$D015

Called from:

Fixed ROM: $D00C : $D08F : $F3D8 Bank 1 ROM:/ $C472

$D03A

Called from:

Fixed ROM: $D044 : $D05B : $D0B3 : $D0EF : $EDD5

$D03E

This is one entry point for a subroutine that fits into the address space from $D03E to $D07B. The other, much more heavily used, entry point is at $D055. This one is used only once. $D055 is used 42 times that I know about. The two subroutines converge at address $D066 and continue to the exit point at $D07A.

Called from:

Fixed ROM: $F2AE

$D055

This is the main entry point for a subroutine that fits into the address space from $D03E to $D07B. The other entry point, which is only used once as far as I am aware, is at $D03E. $D055 is used 42 times that I know about. The two subroutines converge at address $D066 and continue to the exit point at $D07A.

Called from:

Fixed ROM: $D7AC : $D8C1 : $D94A : $D9D2 : $D9DA : $D9E2 : $D9EA : $D9F2 : $D9FA : $DC23 : $E843 : $E88B : $EA85 : $EBB2 : $EDAE : $EDE5 : $EF1E : $EFAC : $F1F4 : $F27E Bank 1 ROM: $C027 : $C0B2 : $C0BA : $C0C2 : $C279 : $C2E3 : $C363 : $C374 : $C37C : $C384 : $C38C : $C394 : $C42E : $C58A : $C690 : $C698 : $C725 : $C735 : $C7C9 : $C7D9 : $C829 : $C861

$D07C

Called from:

Fixed ROM: $D86C : $D921 : $DABA : $DCF9 Bank 1 ROM: $C006 : $C10E : $C266 : $C351 : $C677

$D095

Called from:

Fixed ROM: $DBE5 : $E975 : $EA8A : $EBB7 : $EE65 : $EE73 : $EF23 : $EFB1 : $F2C1 :

$D0AD

Called from:

Fixed ROM: $D095 : $DC77 Bank 1 ROM: $C397 : $C3BC : $C3E1 : $C4B5 : $C54F : $C5A1

$D0C7

Called from:

Fixed ROM: $F3FB : $F41D Bank 1 ROM: $C47A : $C546 : $C59E

$D0F2

Called from:

Fixed ROM: $E526 : $E93A

$D21F

Looks like a subroutine on its face. I have two problems with it that make me think otherwise, however. 1) I can't find where it is ever called. It may be in a jump table that I have not yet discovered, though. 2) It uses the S register to pick up data in 4 byte packs, which would presumably be OK if you disabled the interrupts first. This routine does not disable the interrupts, though. However, it could be that the calling routine does this so it is unnecessary to do it here. In either case, it sounds like a recipe for disaster to me.

$D260

I can't find where this is ever called from anywhere. However, it does seem to be a clear routine for a structure such as the one that appears to be created by $D21F. Unfortunately, I can't find where $D21F is ever called either.

$F57B (ScrnBlkClrP2)

This looks like it will clear a block of screen memory, of any size with byte granularity. It sets the ROM page # to 2 for some reason that I haven't figured out yet. On completion it restores the ROM page # to its previous setting.

Entry conditions:

X = address to begin Y = pointer to size of block to clear 1st byte = # lines to clear 2nd byte = # of bytes/line to clear

Exit conditions:

The block is cleared

Called from:

Fixed ROM: $FFB6 : $D41B : $DA81 Bank 3 ROM: $C533

$F5C7 (ScrnBlkClr)

This subroutine will clear a block of screen memory of any size, with byte granularity. It bypasses the part of ScrnBlkClrP2 that changes the ROM page. Then it converges with ScrnBlkClrP2 at $F58C. Because it restores the ROM page #, this routine also must save the ROM page #.

Entry conditions:

X = address to begin Y = pointer to size of block to clear 1st byte = # lines to clear 2nd byte = # of bytes/line to clear

Exit conditions:

The block is cleared

Called from:

Fixed ROM: $FFB9 : $D64D : $D66D : $D6A4 : $DA53 : $F4A5 Bank 1 ROM: $C15E

$F5D1 (VidMemClr)

Entry conditions:

Exit conditions:

Called from:

Fixed ROM: $FFBC : $D75A : $D86F : $D959 Bank 1 ROM: $C043 : $C26C : $C443 : $C681 Bank 3 ROM: $C24A : $C2C6 : $C5E6 : $C7C8 : $CA2A Bank 7 ROM: $C7C8

$F7DB (WriteIOPort)

Saves current ROM page #, switches to I/O page, and writes a byte to the port # specified. Then restores the ROM page #.

Entry conditions:

B = byte to write to port X = I/O port to write

Exit conditions:

no change

Called from:

Bank 1 ROM: $C068 : $C06D : $C075 : $C07A Bank 3 ROM: $C114 : $C224 : $C36D : $C3EF : $C4F8 : $C506 : $C5F1 : $C5F9 : $C601 : $C609 : $C77C? : $C796? : $C9CB : $CA70 : $CA9E : $CAB8 : $CAC3 : $CAFF : $CB13 : $CB1B

$F7F1 (ReadIOPort)

Saves current ROM page #, switches to I/O page, and reads a byte from the port # specified. Then returns the ROM page # to the same as it was on entry.

Entry conditions:

X = I/O port to read

Exit conditions:

B = data read from port

Called from:

Bank 1 ROM: $C312 Bank 3 ROM: $C0EB : $C10B : $C1C6 : $C1E2 : $C322 : $C347 : $C34E : $C42F : $C4C4 : $C4EE : $C55C : $C5A1 : $C5B5 : $C7FB : $C878 : $C9AC : $CA18 : $CA22 : $CA76

$F813 (SRAMRead)

Performs the actual reading of the nybbles out of the SRAM.

Entry conditions:

X = the memory location to be read

Exit conditions:

A = the contents of the ,X and the 1,X. They are each only 4 bits wide and thus are packed into a single byte in the A register. ,X is the MSNybble and 1,X is the LSNybble. X = memory location + 2.

See $F822

$F822 (RdSRAMbyte)

Saves the contents of the $Cxxx page before switching to the 0, or I/O, page, calls $F813, and then restores the previous contents of the $Cxxx page. $F813 is not called from any other location so, if one wanted to speed things up just a bit, it could be incorporated into this subroutine.

Entry conditions:

X = the address of the first of the two memory locations to be read

Exit conditions:

A = the contents of the ,X and the 1,X. They are each only 4 bits wide and thus are packed into a single byte in the A register. ,X is the MSNybble and 1,X is the LSNybble. X = memory location + 2.

Called from:

Fixed ROM: $D82B : $D88B : $DE83 : $F838 : $F83C : $FFA1 Bank 1 ROM: $C151 : $C332 Bank 3 ROM: $C8DD : $C951 : $C973 : $C991

$F838 (SRAMWordRd)

Entry conditions:

X = the address of the first of the two memory locations to be read

Exit conditions:

D = the contents of the ,X , 1,X, 2,X and 3,X. They are each only 4 bits wide and thus are packed into a single word in the D register. As with the 8 bit variation the MSNybble is first followed by decreasingly significant digits. X = memory location + 4.

Called from:

Fixed ROM: $D8A4 : $DEC5 : $FFA7 Bank 1 ROM: $C149 : $C1C7 : $C32D Bank 3 ROM: $C937 : $C963

$F83A (SRAMByteRd)

Entry conditions:

X = the address of the first of the two memory locations to be read

Exit conditions:

B = the contents of the ,X and the 1,X. They are each only 4 bits wide and thus are packed into a single byte in the B register. ,X is the MSNybble and 1,X is the LSNybble. X = memory location + 2.

Called from:

Fixed ROM: $D775 : $FFA4 Bank 3 ROM: $C101 : $C11A : $C835 : $C8C8 : $CBF2 : $CBF7 : $CC38 : $CC4E : $CC5E : $CC6C

$F842 (SRAMWrite)

Performs the actual writing into the SRAM.

Entry conditions:

A = byte to be written into 2 nybbles of SRAM. X = address of first, most signigicant nybble.

Exit conditions:

The byte is written into 2 nybbles in the SRAM

See $F84E

$F84E (WrSRAMbyte)

Entry conditions:

Called from:

Fixed ROM: $D8D0 : $F864 : $F86A : $FFAA Bank 1 ROM: $C1B1 : $C1B9 Bank 3 ROM: $C120 : $C95B : $CBB5 : $CBC8 : $CC1B : $CCCE

$F864 (SRAMWordWr)

Entry conditions:

Called from:

Fixed ROM: $FFB0 Bank 1 ROM: $C1AC : $C1CC Bank 3 ROM: $C94E? : $CC08

$F866 (SRAMByteWr)

Entry conditions:

Called from:

Fixed ROM: $FFAD Bank 3 ROM: $C84B : $C854 : $CB9C

$FC60 (see $FC60)

This routine consists of a single instruction: JMP $FC69 Further discussion will be found in the $FC69 subroutine entry.

$FC63 (see $FCCC)

This routine consists of a single instruction: JMP $FCCC Further discussion will be found in the $FCCC subroutine entry.

$FC66 (see $FD2D)

This routine consists of a single instruction: JMP $FD2D Further discussion will be found in the $FD2D subroutine entry.

$FC69

All known calls to this routine are made via a jump to $FC60. The reasoning behind this remains a mystery to me.

Called from:

Fixed ROM: $E9A1 : $EAB1 : $EB6C : $EF5D : $EFE6
Bank 1 ROM: $C404 : $C574 : $C5BC : $C79B

$FCCC

All known calls to this rountine are made via a jump to $FC63.

Called from:

Fixed ROM: $E541 : $EC08 : $EE88 : $EE20 : $F438

$FD2D

All known calls to this rountine are made via a jump to $FC66.

Called from:

Fixed ROM: $E823