trunk/src/mame/machine/pgmprot_igs027a_type3.c
| r26123 | r26124 | |
|---|
| 238 | 238 | |
| 239 | 239 | |
| 240 | 240 | |
| 241 | | temp16[(0xe8)/2] = 0xE004; // based on killbldp |
| 242 | | temp16[(0xea)/2] = 0xE52D; |
| 243 | | temp16[(0xec)/2] = 0x00D3; |
| 244 | | temp16[(0xee)/2] = 0xE3A0; |
| 245 | | temp16[(0xf0)/2] = 0xF000; |
| 246 | | temp16[(0xf2)/2] = 0xE121; |
| 247 | | temp16[(0xf4)/2] = 0xE004; |
| 248 | | temp16[(0xf6)/2] = 0xE49D; |
| 249 | | temp16[(0xf8)/2] = 0xFF1E; |
| 250 | | temp16[(0xfa)/2] = 0xE12F; |
| 251 | 241 | |
| 252 | | temp16[(0xfc) / 2] = 0xE004;// based on killbldp |
| 253 | | temp16[(0xfe) / 2] = 0xE52D; |
| 254 | | temp16[(0x100) / 2] = 0x0013; |
| 255 | | temp16[(0x102) / 2] = 0xE3A0; |
| 256 | | temp16[(0x104) / 2] = 0xF000; |
| 257 | | temp16[(0x106) / 2] = 0xE121; |
| 258 | | temp16[(0x108) / 2] = 0xE004; |
| 259 | | temp16[(0x10a) / 2] = 0xE49D; |
| 260 | | temp16[(0x10c) / 2] = 0xFF1E; |
| 261 | | temp16[(0x10e) / 2] = 0xE12F; |
| 262 | 242 | |
| 263 | 243 | |
| 264 | 244 | // the interrupt code appears to be at 0x08000010 |
| 265 | | // although this still crashes for now.. |
| 245 | // so point the FIQ vector to jump there, the actual internal EO area code |
| 246 | // would not look like this because this reads from the EO area to get the jump address which is verified |
| 247 | // as impossible |
| 266 | 248 | int base = 0x1c; |
| 267 | 249 | temp16[(base) /2] = 0xf000; base += 2; |
| 268 | 250 | temp16[(base) /2] = 0xe59f; base += 2; |
| r26123 | r26124 | |
|---|
| 272 | 254 | temp16[(base) /2] = 0x0800; base += 2; |
| 273 | 255 | |
| 274 | 256 | |
| 257 | // some startup code to set up the stacks etc. we're assuming |
| 258 | // behavior is basically the same as killing blade plus here, this code |
| 259 | // could be very wrong |
| 275 | 260 | base = 0x30; |
| 276 | 261 | temp16[(base) /2] = 0x00D3; base += 2; |
| 277 | 262 | temp16[(base) /2] = 0xE3A0; base += 2; |
| r26123 | r26124 | |
|---|
| 338 | 323 | temp16[(base) /2] = 0x0008; base += 2; |
| 339 | 324 | temp16[(base) /2] = 0xE3A0; base += 2; |
| 340 | 325 | temp16[(base) /2] = 0x8805; base += 2; |
| 341 | | temp16[(base) / 2] = 0xE080; base += 2; |
| 326 | temp16[(base) /2] = 0xE080; base += 2; |
| 342 | 327 | temp16[(base) /2] = 0x0010; base += 2; |
| 343 | 328 | temp16[(base) /2] = 0xE3A0; base += 2; |
| 344 | 329 | temp16[(base) /2] = 0x0000; base += 2; |
| r26123 | r26124 | |
|---|
| 364 | 349 | temp16[(base) /2] = 0x000a; base += 2; |
| 365 | 350 | temp16[(base) /2] = 0xEA00; base += 2; |
| 366 | 351 | |
| 352 | // see table at ~080824A4 in The Gladiator (ARM space) |
| 353 | // there are pointers to |
| 354 | // 0000 00FC |
| 355 | // 0000 00E8 |
| 356 | // 0000 0110 |
| 357 | // 0000 0150 |
| 358 | // in the table.. for e8 / fc we can deduce from the calling code and size of the functions expected that they should be the |
| 359 | // same as those in the killing blade plus 'killbldp' (there are also explicit jumps to these addresses in the code) |
| 360 | // |
| 361 | // 0x110 is called after the 'continue' screen, I suspect it is unique code to the gladiator, probably 0x40 bytes long due to next entry being at 0x150 |
| 362 | // 0x150 I haven't seen called, I guess it is 0x38 in size because the execute-only area ends at 0x188 |
| 363 | |
| 364 | |
| 365 | base = 0xe8; |
| 366 | temp16[(base) /2] = 0xE004; base += 2; // based on killbldp |
| 367 | temp16[(base) /2] = 0xE52D; base += 2; |
| 368 | temp16[(base) /2] = 0x00D3; base += 2; |
| 369 | temp16[(base) /2] = 0xE3A0; base += 2; |
| 370 | temp16[(base) /2] = 0xF000; base += 2; |
| 371 | temp16[(base) /2] = 0xE121; base += 2; |
| 372 | temp16[(base) /2] = 0xE004; base += 2; |
| 373 | temp16[(base) /2] = 0xE49D; base += 2; |
| 374 | temp16[(base) /2] = 0xFF1E; base += 2; |
| 375 | temp16[(base) /2] = 0xE12F; base += 2; |
| 376 | |
| 377 | // base = 0xfc; // already at 0xfc |
| 378 | temp16[(base) /2] = 0xE004; base += 2; // based on killbldp |
| 379 | temp16[(base) /2] = 0xE52D; base += 2; |
| 380 | temp16[(base) /2] = 0x0013; base += 2; |
| 381 | temp16[(base) /2] = 0xE3A0; base += 2; |
| 382 | temp16[(base) /2] = 0xF000; base += 2; |
| 383 | temp16[(base) /2] = 0xE121; base += 2; |
| 384 | temp16[(base) /2] = 0xE004; base += 2; |
| 385 | temp16[(base) /2] = 0xE49D; base += 2; |
| 386 | temp16[(base) /2] = 0xFF1E; base += 2; |
| 387 | temp16[(base) /2] = 0xE12F; base += 2; |
| 388 | |
| 389 | // base = 0x110; // already at 0x110 |
| 390 | temp16[(base) /2] = 0xff1e; base += 2; |
| 391 | temp16[(base) /2] = 0xe12f; base += 2; |
| 392 | |
| 393 | base = 0x150; |
| 394 | temp16[(base) /2] = 0xff1e; base += 2; |
| 395 | temp16[(base) /2] = 0xe12f; base += 2; |
| 396 | |
| 397 | |
| 367 | 398 | #if 0 |
| 368 | 399 | m_svg_ram_sel = 1; |
| 369 | 400 | |