Lode Runner (Broderbund, 1983), by LoGo from http://www.hackzapple.com/phpBB2/viewtopic.php?t=191 You are a miner. You must collect all the coffins, avoid foes and escape from each level. That game is one of my favorites: easy rules, fantastic gameplay, hours of entertainment. It is one of the best selling software of the Apple II. The program is heavily protected: - boot code is coded - code executed in the zero page area - code loaded in the text screen area - all vectors redirected to the reboot code - jumps to different parts of code through the stack - on-disk protection with half-tracks (the sound of the head moving is nice) - nibbles on disk are 4*4 coded But... it has passed the LoGo's exam Wink The following table summarizes the memory usage: - $0060..$010F: boot stage / phase 1 (oh! the stack) - $0200..$02FF: reboot code - $0400..$04FF: final boot / inits (replaces data of phase 2) - $0400..$07FF: boot stage / phase 2 - $0800..$08FF: boot stage / phase 0 - $0F00..$1EFF: program - $6000..$BFFF: program Final jump to $6000 once code at $0400 has been executed. Let me find my external USB CF reader and I will upload the boot source codes. What a great program!!!! Antoine 10/2008 Second digging into the disk organization of Lode Runner... TRACK $00 - sector 0: first boot loaded at $0800..$08FF - other pseudo 4*4 sectors: $0400..$07FF TRACKS $01-$02 : NO DATA TRACKS $03-$0C : GAME LEVELS - track $0C / sector $ 0F : score board loaded at $1F00..$1FFF - sectors can be copied with DEMUFFIN once $B942:18 is set TRACKS $0D-$1E : PROGRAM CODE - eight 4*4 sectors per half-track ($0D and $0D.5) - then move to next 1.5 track - data is loaded from $0F00..$1EFF - program is loaded from $6000..$BFFF - $B700..$BFFF is a standard DOS 3.3 RWTS TRACK $21 : PROGRAM INIT - last boot phase loaded at $0400..$04FF Now that we have gathered all the necessary information about the program, there are different ways to create a standard and copyable diskette: - rewrite the boot code at $0400..$07FF using the $Cx5C routine - use a fastboot code (the one from EA games) - use the standard DOS 3.3 RWTS track $00 code and use it to load the game. As always, I would like to minimize the changes of the original code. As the $0900..$0EFF RAM space is free, it can be used for our routines. My choice has not been decided yet, that fantastic game needs some good load routines... Antoine 10/2008 And now, introducing you to the boot 1 code of Lode Runner, the one that is loaded from track $0 / sector $ 0 at address $0800: * * Lode Runner * (c) 1983, Broderbund * * (k) 2008, LoGo * org $0800 lst off mx %11 * * Equates * TXTCLR EQU $C050 MIXCLR EQU $C052 TXTPAGE1 EQU $C054 HIRES EQU $C057 * * Boot code * L0800 DB $01 L0801 LDY #$00 ; clear LDA #$20 ; HGR & HGR2 pages LDX #$40 STY $00 STA $01 TYA L080C STA ($00),Y INY BNE L080C INC $01 DEX BNE L080C BIT MIXCLR ; HGR mode on BIT HIRES BIT TXTPAGE1 BIT TXTCLR LDX $2B ; save slot*16 STX $08 NOP ; decode next boot stage NOP LDY #$00 NOP NOP L082C LDA L0850,Y NOP NOP EOR #$A5 ; the key NOP NOP STA |$0060,Y NOP NOP INY BNE L082C NOP NOP LDX #$FF ; set stack pointer NOP NOP NOP TXS NOP NOP RTS ; Return please... HEX DDAFFD3F12448731 L0850 HEX 239B209F039B23E505A5009F21992098 HEX 03AD850BA560A5755C850BA560A47550 HEX 850BA560A77550182965B55E8F209A18 HEX 2965B55E809A34996D7549ABA5651829 HEX 65B55E60A67518439863E5757FC51829 HEX 65B55EC5077123A54D23A44D23A74D23 HEX A60CA10FC55A8F8C145AED8FACA42FEC HEX 5A6CB50F4DAC0F4F5A07A5ED6F755907 HEX AA1855A138A5A46F75523FC5BDCCA08C HEX A2CCA4A54F4D6F4D6F4D6F6D2D6D2D6D HEX 16A5FAA55AA6A5A15A2E5BA25AA65AFA Note the non standard way to jump to the next boot stage with the use of the stack. Quite difficult to follow... The code decyphered from $0850 to $0060 is just there... * * Lode Runner * (c) 1983, Broderbund * * (k) 2008, LoGo * org $0060 lst off mx %11 * * Boot code stage 2 * KBD EQU $C000 * Remember $08 contains slot*16 L0060 STX $3E ; number of pages STA $3A ; RAM pointer L0064 LDX $3E STX $40 LDY #$00 LDA $3A STY $3C STA $3D LDX $08 ; slot*16 L0072 JSR L00AE L0075 CMP $00 ; #$D4 BNE L0072 JSR L00AE L007C CMP $01 ; #$D5 BNE L0075 JSR L00AE CMP $02 ; #$D6 BNE L007C L0087 LDA $C08C,X ; 4*4 coding ;-) BPL L0087 ROL STA $3F L008F LDA $C08C,X BPL L008F AND $3F STA ($3C),Y INY BNE L0087 ASL KBD L009E LDA $C08C,X BPL L009E CMP $03 ; #$D7 BNE L0064 INC $3D ; next high ram pointer DEC $40 ; decrement number of pages BNE L0087 RTS L00AE LDA $C08C,X BPL L00AE RTS * * * L00B4 LDX #$D4 STX $00 ; #$D4 INX STX $01 ; #$D5 INX STX $02 ; #$D6 INX STX $03 ; #$D7 LDA #$04 ; high pointer TAX ; number of pages RTS DB $FF ROL AND #$B1 DB $FF PHA ROL ORA #$01 TXA EOR #$FF CMP #$10 TAX INX ORA #$AA NOP DB $FF * * * L00D9 LDX #$00 L00DB PHA DEX BNE L00DB LDX #$0F ; copy data L00E1 LDA $04F0,X ; to stack STA L0100,X DEX BNE L00E1 TXS ; and set index to $0 RTS ; JUMP... CLC ADC #$05 AND #$07 ADC #$01 DB $00 NOP INX DEX INX DEX INX DEX INY DEY INY DEY INY * * Jump with the stack ;-) * L0100 DA L00B4-1 ; init DISK INFO DA L0060-1 ; read DISK DA $0400-1 ; jump RTS DA $0401-1 ; jump CODE DA $8C00-1 DA $07FF-1 DA $0400-1 DA $6000-1 HEX A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5 HEX A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5 HEX A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5 HEX A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5 HEX A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5 I really appreciate the jump values pushed onto the stack... The entry point is $00B4, once the RTS is performed, the next call is $0060. Then $0400 and the final jump is $0401... The next boot stage on track $00 which is loaded from $0400 to $07FF is included in that message. Note that page 7 ($0700..$07FF) is copied from $0200..$02FF. The interesting load routines and arm move are located there. Once program is loaded from $0F00..$1EFF and $6000..$BFFF, a final "sector" is loaded from track $21 at $0400..$04FF then a jump is executed. * * Lode Runner * (c) 1983, Broderbund * * (k) 2008, LoGo * org $0400 lst off mx %11 * * Equates * SOFTEV EQU $03F2 PWREDUP EQU $03F4 KBD EQU $C000 KBDSTROBE EQU $C010 SPKR EQU $C030 RDBANK2 EQU $C080 ROMIN2 EQU $C081 LCBANK2 EQU $C083 INIT EQU $FB2F BELL1_2 EQU $FBE2 HOME EQU $FC58 WAIT EQU $FCA8 SETNORM EQU $FE84 OLDRST EQU $FF59 RESETV EQU $FFFC IRQV EQU $FFFE * * Boot code stage 3 * L0400 RTS NOP NOP JSR L07E0 ; Goodbye wildcards NOP NOP LDA LCBANK2 ; Copy reboot code LDA LCBANK2 LDY #$00 L0410 LDA L0700,Y STA $0200,Y INY BNE L0410 LDA #>L0200 ; reset vector STY RESETV STA RESETV+1 STY SOFTEV STA SOFTEV+1 EOR #$A5 STA PWREDUP LDY #L0203 STY $36 STA $37 STY $38 STA $39 STY $03F0 STA $03F1 * * * LDA #$00 ; hehe STA $0A LDX $2B ; slot*16 STX $02FF NOP NOP NOP LDA #$1A ; track $0D JSR L0603 ; move NOP NOP JSR L0550 ; read all NOP NOP * * Final read * LDA #$DD ; 1st marker STA $00 LDA #$F5 ; 2nd marker STA $01 LDA #$D5 ; 3rd marker STA $02 LDA #$D4 ; 4th marker STA $03 NOP NOP LDA #$42 ; track $21 JSR L0603 ; move LDA #$04 ; read at $0400 LDX #$01 ; one sector JSR L0600 ; read JMP $8541 ; JUMP to game... HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 000000000000000000 JSR L05C0 L04A3 LDA KBD BPL L04A3 BIT KBDSTROBE CMP #$9B BEQ L04B2 JMP BELL1_2 L04B2 NOP JMP OLDRST HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000 L0500 LDA #$FF JSR L0540 L0505 CMP #$DD BNE L0500 JSR L0542 L050C CMP #$F5 BNE L0505 JSR L0542 CMP #$D5 BNE L050C L0517 JSR L0539 STA L0526+1 JSR L0539 STA L0526+2 JSR L0539 L0526 STA IRQV+1 CMP #$EA BNE L0517 LDA $C088,X RTS AND $4805,Y JSR L0539 PHA RTS L0539 LDA $C08C,X BPL L0539 SEC ROL L0540 STA $FF L0542 LDA $C08C,X BPL L0542 AND $FF RTS HEX 000000000000 * * Main read loop * L0550 LDY #$00 ; loop... STY $05 L0554 STY $06 LDA L0570,Y ; RAM pointer BEQ L0564 JSR L05C0 ; read data LDY $06 INY BNE L0554 ; ...loop DB $00 L0564 RTS JSR L05C0 L0568 LDA KBD BPL L0568 BIT KBDSTROBE * * Where to load data * * $0F00..$1EFF * $6000..$BFFF L0570 HEX 0F1760687078808898A0A8B0B8000000 * * * L0580 PHA LDA $05 ; loop index AND #$07 TAY LDA L06F8,Y ; wonderful markers list STA $00 ; first marker LDA $05 LSR ORA #$AA STA $01 ; second marker LDA $05 ORA #$AA STA $02 ; third marker PLA INC $05 LDX #$01 ; read one sector JMP L0600 ; read DB $00 DB $00 DB $00 DB $00 DB $05 LDX #$01 LDY $07 BNE L05AE JMP $1100 L05AE PHA LDA #$01 JSR WAIT PLA JMP $1000 HEX 0000000000000000 * * Read $0800 bytes of data * * Two adjacent blocks in memory * are located on half tracks... * L05C0 LDY #$04 ; loop 4 STY $04 L05C4 PHA ; RAM pointer LDX #$01 ; unuseful JSR L0580 ; read sector LDA $0A ; start with $00 CLC ADC #$01 JSR L0606 ; next phase PLA CLC ADC #$01 ; RAM pointer++ PHA JSR L0580 ; read sector LDA $0A SEC SBC #$01 JSR L0606 ; previous phase PLA CLC ADC #$01 ; RAM pointer++ DEC $04 BNE L05C4 PHA LDA $0A CLC ADC #$03 ; next 1.5 track JSR L0603 ; move... PLA RTS HEX 0000000000000000000000 * * the pseudo RWTS * L0600 JMP L0609 ; Read L0603 JMP L065D ; Move L0606 JMP L06D6 ; Change tempo * * Read... * L0609 STX $3E ; number of pages STA $3A ; RAM pointer L060D LDX $3E ; of boot stage 2 STX $40 LDY #$00 ; please refer to it LDA $3A STY $3C STA $3D LDX $08 L061B JSR L0657 L061E CMP $00 BNE L061B JSR L0657 L0625 CMP $01 BNE L061E JSR L0657 CMP $02 BNE L0625 L0630 LDA $C08C,X BPL L0630 ROL STA $3F L0638 LDA $C08C,X BPL L0638 AND $3F STA ($3C),Y INY BNE L0630 ASL KBD L0647 LDA $C08C,X BPL L0647 CMP $03 BNE L060D INC $3D DEC $40 BNE L0630 RTS L0657 LDA $C08C,X BPL L0657 RTS * * Move arm... * L065D STA $41 CMP $0A BEQ L06B2 LDA #$00 STA $26 L0667 LDA $0A STA $27 SEC SBC $41 BEQ L06A1 BCS L0678 EOR #$FF INC $0A BCC L067C L0678 ADC #$FE DEC $0A L067C CMP $26 BCC L0682 LDA $26 L0682 CMP #$0C BCS L0687 TAY L0687 SEC JSR L06A5 LDA L06BE,Y JSR L06B3 LDA $27 CLC JSR L06A7 LDA L06CA,Y JSR L06B3 INC $26 BNE L0667 L06A1 JSR L06B3 CLC L06A5 LDA $0A L06A7 AND #$03 ROL ORA $08 TAX LDA $C080,X LDX $08 L06B2 RTS L06B3 LDX #$13 L06B5 DEX BNE L06B5 SEC SBC #$01 BNE L06B3 RTS L06BE HEX 01302824201E1D1C1C1C1C1C L06CA HEX 702C26221F1E1D1C1C1C1C1C * * Change tempo... * L06D6 LDX #$0D STX L06B3+1 JSR L065D LDA #$13 STA L06B3+1 RTS HEX 00000000000000000000000000000000 HEX 00000000 * * A marker table * L06F8 HEX 96979A9B9D9E9FCB * * The magnificent reboot code * L0700 LDA #$D2 ; Q DB $2C L0703 LDA #$D0 ; P DB $2C L0706 LDA #$CC ; L DB $2C L0709 LDA #$A1 ; a PHA JSR $02E0 ; =$07E0 JSR INIT JSR HOME JSR SETNORM PLA STA L0400 L071C LDY #$00 ; Clear RAM TYA L071F STA $BF00,Y INY BNE L071F DEC $0221 LDA $0221 TAX BIT SPKR NOP NOP NOP CMP #$08 BCS L071C STA SOFTEV+1 STA PWREDUP LDA $02FF ; Reboot LSR LSR LSR LSR ORA #$C0 SBC #$00 PHA LDA #$FF PHA RTS HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000 L07E0 LDA ROMIN2 ; Goodbye wildcards LDA ROMIN2 LDY #$00 LDA #$D0 STY $00 STA $01 L07EE LDA ($00),Y STA ($00),Y INY BNE L07EE INC $01 BNE L07EE LDA RDBANK2 RTS DB $00 DB $00 DB $00 And now the final boot stage from track $21 loaded from $0400..$04FF. It inits some game values and jumps to the program at $6000. * * Lode Runner * (c) 1983, Broderbund * * (k) 2008, LoGo * org $0400 lst off mx %11 * * Final boot stage * L0400 LDY #$00 STY $00 STY $01 STY $03 L0408 STY $02 LDA $0570,Y ; RAM pointers BEQ L0430 ; end of table STA $04 LDX #$08 ; loop 8 pages LDY #$00 ; of 256 bytes L0415 LDA ($03),Y EOR $00 ; calculate checksum STA $00 LDA ($03),Y CLC ADC $01 STA $01 INY BNE L0415 INC $04 DEX BNE L0415 LDY $02 INY BNE L0408 DB $00 * * * L0430 LDA L04FE ; #$64 EOR $00 ; EOR $00 (#$64) BEQ L043A ; ...OK L0437 JMP $0206 ; otherwise reboot L043A LDA L04FF ; #$76 EOR $01 ; EOR $01 (#$76) BNE L0437 ; ...KO * * * LDX $02FF ; slot*16 STX $B7E9 STX $B7F7 NOP JSR L0480 ; set track info for RWTS NOP NOP LDA #$06 STA $8C LDA #$FF STA $99 LDA #$CA STA $95 LDA #$4C STA $23 LDA #$50 ; $8E50 STA $36 LDA #$8E STA $37 LDA #$B5 ; $B7B5 STA $38 LDA #$B7 STA $39 JMP $6000 ; ...final jump DB $00 LDA $C088,X JMP L0400 DB $EA DB $00 DB $00 DB $00 DB $00 DB $00 * * set current track number for RWTS * L0480 TXA LSR LSR LSR LSR TAX LDA #$18 ; Phase (Track = #$0C) STA $0478,X JMP $0603 ; move arm DB $03 DB $06 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $00 DB $FF DB $FF DB $FF DB $FF L04FE DB $64 L04FF DB $76 How can we load the complete program data into memory as wildcards and other hardware stuff are turned off. Just disassemble and reassemble the load program where memory is free... The first step is to perform the famous "2600L0200 ; reset vector STY SOFTEV STA SOFTEV+1 EOR #$A5 STA PWREDUP LDY #L0203 STY $36 STA $37 STY $38 STA $39 STY $03F0 STA $03F1 *----------------------------- LDX $02FF ; slot*16 STX $B7E9 STX $B7F7 TXA LSR LSR LSR LSR TAX LDA #$18 ; Phase (Track = #$0C) STA $0478,X jsr $0603 ; move arm LDA #$06 STA $8C LDA #$FF STA $99 LDA #$CA STA $95 LDA #$4C STA $23 LDA #$50 ; $8E50 STA $36 LDA #$8E STA $37 LDA #$B5 ; $B7B5 STA $38 LDA #$B7 STA $39 lda #$64 ; The final sta $00 lda #$76 ; checksums sta $01 ldx $02FF LDA $C088,X JMP L6000 ds \ *----------------------------- * A= Track * X= RAM * Y= Nb of tracks to read * readALL sta dpTRACK txa sta dpRAM sty dpNBTRACKS lda #0 sta dpBUFFER * readMAIN lda dpTRACK ; move arm asl jsr moveARM ldx #$0F ; number of sectors stx dpLOADED ; to read per track ldy dpRAM ; prepare table ]lp tya ; of RAM pointers clc adc tblINTER,x sta tblMEMORY,x ; where to load dex bpl ]lp * * Read header * readHEADER CLC readDATA PHP LDX dpSLOT read1 LDA $C08C,X BPL *-3 read2 EOR #$D5 BNE read1 LDA $C08C,X BPL *-3 CMP #$AA BNE read2 LDA $C08C,X BPL *-3 CMP #$96 BEQ doHEADER PLP BCC readHEADER EOR #$AD BEQ doDATA BNE readHEADER * Read header doHEADER LDY #4 ; volume/volume ]lp LDA $C08C,X ; track/track BPL *-3 DEY BNE ]lp ; we skip them ;-) LDA $C08C,X ; we want sector BPL *-3 ROL STA dpNIBBLE LDA $C08C,X BPL *-3 AND dpNIBBLE AND #$0f ; $00..$0F PLP ; restore status TAX LDA tblMEMORY,X BEQ readHEADER ; already been read STA dpBUFFER+1 LDA #0 ; sector has been read STA tblMEMORY,X SEC BCS readDATA ; read data * Read data doDATA LDY #$56 ]lp STY dpNIBBLE LDY $C08C,X BPL *-3 EOR L0356-$80,Y LDY dpNIBBLE DEY STA L0300,Y BNE ]lp ]lp STY dpNIBBLE LDY $C08C,X BPL *-3 EOR L0356-$80,Y LDY dpNIBBLE STA (dpBUFFER),Y INY BNE ]lp * Deniblize doNIBBLE1 LDX #$56 ; Y equals 0 ;-) ]lp DEX BMI doNIBBLE1 LDA (dpBUFFER),Y LSR L0300,X ROL LSR L0300,X ROL STA (dpBUFFER),Y INY BNE ]lp * NEXT SECTOR dec dpLOADED ; pages-- bmi doNEXT jmp readHEADER doNEXT dec dpNBTRACKS ; tracks-- beq doEND inc dpTRACK ; next track lda dpRAM ; next $1000 bytes clc adc #$10 sta dpRAM jmp readMAIN doEND rts * * Special interleaving for fast access * tblINTER hex 00070E060D050C04 hex 0B030A020901080F tblMEMORY hex 0000000000000000 hex 0000000000000000 ds \ *----------------------------- * * To be copied to $0600..$06FF * M0600 HEX 4C09064C5D064CD606863E853AA63E86 HEX 40A000A53A843C853DA608205706C500 HEX D0F9205706C501D0F5205706C502D0F5 HEX BD8CC010FB2A853FBD8CC010FB253F91 HEX 3CC8D0EC0E00C0BD8CC010FBC503D0BD HEX E63DC640D0DA60BD8CC010FB608541C5 HEX 0AF04FA9008526A50A852738E541F031 HEX B00649FFE60A900469FEC60AC5269002 HEX A526C90CB001A83820A506B9BE0620B3 HEX 06A5271820A706B9CA0620B306E626D0 HEX C620B30618A50A29032A0508AABD80C0 HEX A60860A213CAD0FD38E901D0F6600130 HEX 2824201E1D1C1C1C1C1C702C26221F1E HEX 1D1C1C1C1C1CA20D8EB406205D06A913 HEX 8DB40660000000000000000000000000 HEX 000000000000000096979A9B9D9E9FCB * * To be copied to $0200..$02FF * M0200 HEX A9D22CA9D02CA9CC2CA9A14820E00220 HEX 2FFB2058FC2084FE688D0004A0009899 HEX 00BFC8D0FACE2102AD2102AA2C30C0EA HEX EAEAC908B0E68DF3038DF403ADFF024A HEX 4A4A4A09C0E90048A9FF486000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX AD81C0AD81C0A000A9D084008501B100 HEX 9100C8D0F9E601D0F5AD80C060000000 * * To be copied to $0400..$04FF * M0400 HEX A0008400840184038402B97005F02185 HEX 04A208A000B10345008500B103186501 HEX 8501C8D0F0E604CAD0EBA402C8D0D900 HEX ADFE044500F0034C0602ADFF044501D0 HEX F6AEFF028EE9B78EF7B7EA208004EAEA HEX A906858CA9FF8599A9CA8595A94C8523 HEX A9508536A98E8537A9B58538A9B78539 HEX 4C006000BD88C04C0004EA0000000000 HEX 8A4A4A4A4AAAA9189D78044C03060306 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000000000000000 HEX 00000000000000000000FFFFFFFF6476 That game is fantastic... Antoine Nov. 2008 He he... Track $22 is used by the game (see $8E00) to see if the disk inserted is the original game disk or (not a copy) but a data disk. This test is performed to prevent the user from formatting the original game disk while in the Editor mode. av