Gary Barrett boldly goes where no program has gone before -inside Romantic Robot's Multiface Two
Long ago In the early days of the CPC there was born a small black box that lived in the expansion slot at the back of the computer and had two buttons on top of it. With this mysterious box, known as the Multiface Two. you could transfer games from cassette t.o disk, display and edit memory, and do the same with the Z80 registers Now you can delve deeper into the CPC with the aid of the Insider.
The Insider comes on a single disk and must first be installed into the Multiface. It couldn't be easier: just type rUn"disc" and away you go A message tells you that the Insider is OK.
The first step is to press the infamous red button and watch the screen. Rather than the usual menu bar across the bottom you're instructed to insert the Insider disk. When you put the Insider disk in you're presented with a menu: lower ROM on/off, upper ROM on/off, printer on/off, linefeed on/off, Ram bank select, return, disassembler, Z80 find, text, number, poke, hex and dec. All options are accessed by a single keypress. Hex fairly obviously changes all input and output to hexadecimal and dec returns it to decimal. The return option exits from the Insider and you go back to whatever program you'd interrupted with the Multiface.
|The programmer's point of view|
During program development you occasionally crash the system, and can do nothing but turn the machine off and reload. With the Insider, though, you can just hit the red button and see where the program went wrong. A quick look at the registers ana flags tells you where the program counter is pointing and that gives you somewhere to start looking for the bug. You're not guaranteed to find it, but the chances of tracking it down are increased with the ability to search a crashed system.
If nothing else you can still revert the Multiface to its normal mode of operation and save memory out to tape or disk for examination at a future date. The lower ROM on/off options toggles between the CPC's operating system ROM and the Ram bank which goes from &0000 to &3FFF. Ploughing through the ROM can provide you with insight into the way the CPC works. More often than not though you'll want the lower ROM off so you look around the memory. Upper ROM on/off works like the lower ROM on/off option only this time the swap is between the Basic ROM and Ram from &C000 to &FFFF. If yon have more than 64K of memory you can switch banks using the Insider's Ram bank number option. The bank appears from locations &4000 to &7FFF. The contents of all of the CPC's registers can be diplayed with the Z80 option. Both the normal and alternate register sets are shown.
Afind opt ion enables you to search for a siring of either Ascii characters or numbers in ROM or RAM. An Ascii search is useful if you want to find passwords, vocabularies or just silly messages left by the programmers and a number search can be used to hunt appears from locations &4000 to &7FFF. The contents of all of the CPC's registers can be diplayed with the Z80 option. Both the normal and alternate register sets are shown
A find option enables you to search for a siring of either Ascii characters or numbers in ROM or RAM. An Ascii search is useful if you want to find passwords, vocabularies or just silly messages left by the programmers and a number search can be used to hunt down those elusive infinite lives pokes. The address at which the string was found is printed or you get a not lound message. If the string was found you can search again to see if it occurs elsewhere in memory. Once you've lound the address that you want to change you can use the poke option With this you're asked for an address and a number to put there.
There are three ways to look at memory: text, number and disassembly. In text mode the contents of the memory locations are displayed in Ascii form Messages and passwords appear before your eyes as you scurry through memory. Number mode is the same as Ascii except, that hex or decimal numbers are displayed instead of letters.
|The hacker's point of view|
People have boon hacking into games since there have been games to hack and now r.he protection systems used are getting more and more sophisticated. Games are often encoded, so that they must be decoded before they can run. With the Multiface you can stop a program when it has all been decoded and see the code as it really is.
Checking the contents of the program counter gives you somewhere to star:, looking for pokes, and if that fails you can always search through memory for the num ber of lives, shields, energy etc. Once you've found something you want to try it's just a matter oi poking that address with an appropriate value and returning to the game. If the poke works the problem's solved, and if it doesn't you just hit the red button again and try something else.
Now for the interesting bit: the disassembler. Disassemblers are invaluable for debugging and hacking into programs, but because of their large size they often overwrite some of the code that you want to disassemble. With the Insider you don't get that problem because it sits mside the Multiface's RAM.
The disassembler itself can handle all of the 780 instructions including the undocumented ones often found in commercial programs. The disassembly is tabulated into three columns: number, mnemonics and Ascii. The left hand column gives the contents of memory in either hex or decimal and the right hand column shows the contents of the same locations in Ascii. The central col umn has the assembly language mnemonics with numbers displayed in either hex or decimal, depending on which number base the Insider is in.
The Insider requires some knowledge of assembly language and the Z80 to yield its full potential The program itself is not difficult to use, but if this is the first time that you've used a disassembler you may have problems. If you use the Insider simply to put pokes into games then you may as well stick with the basic Multiface. If on the other hand you want to wander around memory and explore the inner workings and secrets of the CPC, or even just find your own pokes, the Insider is an invaluable audition to the Multiface Machine code programmers should seriously consider it. as a debugging aid.
|THE SECRET OF IMMORTALITY|
How to use the Insider to poke a game: Side Arms (US Gold) gets infinite lives • Install the Insider into the Multiface by typing rUn"disc" with the Insider disk in the drive. (If you have, a Multiface Two make sure that the switch on the front is in the down position.)
- Insert the Side Arms disk in the drive and type run"disk".
- When the game has loaded press the red button on the Multiface, put the Insider disk in the drive and press Return.
- The number of lives that you have in Side Arms is three, but only two blobs are shown on screen to indicate lives remaining. At. some stage during the game a location in memory must be set to the number of lives you have ana one of the most common methods of doing this is:
To find all occurrences in which the a register is loaded with two press F on the keyboard and you'll end up in the find routine. Press l on the keyboard to enter the list of bytes that you want to search for In this case you're looking for LD a, 2, which in hex is 3E 02. Type 3E (Return) 2E (Return) and then press Return again. (The final return is used to tell the Insider that you don't want to enter any more numbers to he searched for.)
- Press 3 to select the start address from which you want to search and type in 0 (Return) to start right at the bottom of memory.
- Press 4 to start the search and up should come the message ** Found at 01CC **. Note this number. If you press 4 twice more it comes up with two more addresses: 0685 and 9F59. Note these addresses too. A third press of the key gives you 01CC again which means thai you've found all occurrences of LD A,02 in the game.
- Press 5 to get back to the main menu and then press d to use the disassembler. Enter 01CC as the address when asked and press return. The screen shows the first six lines of disassembly for the address 01 CC onwards. You're looking for an ID (address), a instruction somewhere nearby to store the number of lives in a memory location.
- This line of attack looks unproductive, so try the next address that was supplied, 0685. Return to the main menu and do the above using 0685 as the address instead of 01CC.
- This time it looks more promising, with an ld(06b2),a at 0690. Return to the main menu again and find B2, 06 this time (the number 06B2 is stored in memory as B206). Only two occurrences of the number appear in the game at 068A and 0691.
- Since we're looking for references to that address in memory rather than the actual memory address we disassemble from slightly before the addresses that were found.
- Disassemble from 0689 and you see the following:
add a, (hl)
jp m, 06f4
The HL register is pointing to the address 06B2 and then the A register is added to the contents of 06B2. jp m, 06f4 means to jump to 06F4 if the contents of the A register is negative.
- Do another find - this time for 0689 -and learn how many times a call is made to the subroutine at 0689. Only once is there a reference to that routine, at 0672.
- Disassemble from 0671 and you see call 0689.
- Now go for it. Assuming a call to that routine is used to decrease the number of lives that you have, all you have to do is to stop the game from calling that subroutine.
In the Z80 there is an instruction nop which does absolutely nothing. It may seem useless, but in hacking games it's very useful indeed. The hex equivalent, of nop :s 00.
- To stop the game from executing the call 0689 mstruction we just fill those three locations with nop. Go back to the main menu ana press p for poke. When asked for an address type in 0671 and then type 00. Poke 00 into the xwo following address of 0672 and 0673.
- It's time to try it out and see if it has worked. Go back to the main menu and press r to return to the game. Start playing the game and lo and behold you now have infinite lives.
- As you can see from this example poking is not a simple business, and requires more discussion than we have space for here. How much of AA we dedicate to this subject depends on your reaction...
|★ AMSTRAD CPC ★ DOWNLOAD ★|
|★ AMSTRAD CPC ★ A voir aussi sur CPCrulez , les sujets suivants pourront vous intéresser...|
|QUE DIT LA LOI FRANÇAISE:|
L'alinéa 8 de l'article L122-5 du Code de la propriété intellectuelle explique que « Lorsque l'œuvre a été divulguée, l'auteur ne peut interdire la reproduction d'une œuvre et sa représentation effectuées à des fins de conservation ou destinées à préserver les conditions de sa consultation à des fins de recherche ou détudes privées par des particuliers, dans les locaux de l'établissement et sur des terminaux dédiés par des bibliothèques accessibles au public, par des musées ou par des services d'archives, sous réserve que ceux-ci ne recherchent aucun avantage économique ou commercial ». Pas de problème donc pour nous!
|CPCrulez[Content Management System] v8.7-desktop/c|
Page créée en 111 millisecondes et consultée 1238 fois
L'Amstrad CPC est une machine 8 bits à base d'un Z80 à 4MHz. Le premier de la gamme fut le CPC 464 en 1984, équipé d'un lecteur de cassettes intégré il se plaçait en concurrent du Commodore C64 beaucoup plus compliqué à utiliser et plus cher. Ce fut un réel succès et sorti cette même années le CPC 664 équipé d'un lecteur de disquettes trois pouces intégré. Sa vie fut de courte durée puisqu'en 1985 il fut remplacé par le CPC 6128 qui était plus compact, plus soigné et surtout qui avait 128Ko de RAM au lieu de 64Ko.