SD: Re: No Subject
[Prev][Next][Index][Thread]
SD: Re: No Subject
In a message dated 97-07-18 21:07:58 EDT, you write:
<< I have a few questions/observations regarding the inner workings of
OShell (2.5), the assembly language shell for the TI-82. As far as I
understand it, the TI-BASIC program SHELL exploits some kind of bug in
the TI-82 by first storing E17 in the variable Q. What happens next is
a little confusing (the first of many things). The program then exits
with a 'Stop' command. What does happen, however, is that after ENTER
is pressed, (which would presumably re-run SHELL), the program OShell82
is run instead. If OShell82 isn't present, SHELL simply reruns.
Interestingly enough, no 'Done.' is displayed after SHELL runs, which is
another small but interesting thing. There isn't anything intrinsic
about SHELL which performs the magic of getting OShell82 to run, because
you can write a program called anything in TI-BASIC on your calculator
which invokes OShell82 by using the same code as SHELL. Now, OShell82
is described in the VAT as starting at 8D24, which is the start of user
memory (and not where programs normally reside). This must play an
important role in running OShell. I guess Q also resides at the start
of user memory, am I right? So by assigning E17 to Q, you somehow allow
OShell82 to execute? Is that it? My final, and most important
question, is: Could I write a shell in assembly and then use PRGM82.EXE
to turn it into an 82 executable, relocate it to 8D24 by editing an
backup file and use a similar proceedure to run it?
Cheers,
Dominic Cooney, coonsta@hotmail.com
"YOU'LL PAY TO KNOW WHAT YOU _REALLY_ THINK!" -J.R. 'BOB' DOBBS
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
>>
OK, in the backup, the variable Q points to $8114 (I think...check
82-RAM.txt), which is the pointer to ROM when a certain key is pressed. When
you store E17 to Q, it overwrites these pointers, as the calc stores it as 00
91, which is where the code for OShell82 is located. So when you press a key
(any key, not just enter), It makes a jump to $9100 and executes it as if it
were executing machine code - the ROM. So then you have complete control
over the proccessor, and you can do anything you like. You could do that to
make your own shell, but you have to find a memory location that is
equivelent to a BASIC command, and Q will have to point to $8114 (or whatever
that is...). You can actually use any variable that can be relocated in
memory ie that you can find in the VAT. The only problem is exiting the
shell, because where are you going to ret to? OShell-82 v1.0 had this
problem, but Jason Todd (Alphasoft) fixed that quickly in his next version.
~Adamman
P.S. I didn't find any of this out at all. This explaination has knowledge
gained from an email sent through the CALC-TI list by (?). I'll send another
message if I can find that email.