My HP-41 ROM module (INFOH1) for which I now have the image files (.bin .rom) consists of several FOCAL programs that are all protected as PRIVATE so I can't COPY them into the RAM. I want to be able to have the individual listings for all the programs from the module. I am familiar with a procedure of UNPRIVATING the programs in RAM but how to get them there first? So far the only way I found to list a PRIVATE program is CSST routine from SANDBOX ROM, however, it doesn't echo the printout to DISPLAY device of EMU41 so I can't capture the listing in the DISP.LOG file.

Since I have the disassembled listing of the ROM image is there an easy way to change some flags or similar indicators at MCODE level and assemble the image again.


Edited: 6 Nov 2004, 3:34 p.m.


If I remember well, there's a special code (such 000h) between function name and code listing. In the fat, 201h and 047h (for instance) instead of 001h and 047h for a program (located at X147h... To be continued



Salut Emmanuel!

For User Code there are no words between function name and code, there are two word before the user code and the function name is taken from the globel alpha-label in the code. When I look at the difference of a cracked Bobby Schenk Yacht Module and the original I find following:

                                   MAT=  135            
I - 8087 250 NCXQ 9440 RPL= 1 00136 00136
D - E087 350 NCXQ D440
MAT= 1798
I - 878E 260 SETHEX RPL= 1 01935 01935
D - E78E 360 CRTN
MAT= 1281
I - 8C90 260 SETHEX RPL= 1 03217 03217
D - EC90 360 CRTN
Note: the ZEN-ROM disassembly is not valid for user code

The entry in FAT points to the first byte of the global alpha-label and here you find following:

8086 101 (n-2)
8087 250 (n-1)
8088 1CA global Label
8089 000 @ of global chain here if in RAM
808A 0F3 # chars + 1
808B 000 in RAM key assignment here
808C 041 "A"
808D 035 "5"
So the PRIVATE status in ROM is indicated by the 9th bit of word (n-1). The meaning of the rest may be described in the ZEN-ROM manual, or MCode for Beginners, or somewhere in PPC-CN.

Hope this helps.



You were right Mike, bit 9 of word (n-1) controls the ROM PRIVATE status. I tested it with my ROM listing in the following manner:

E000 01F XROM NO.=31
E002 000 FCT:INFOH 1
E003 048 ADR: E048
E004 200 FCT:`TEMP
E005 04B ADR: E04B
E006 200 FCT:`PRES
E04A 350 LD@PT- D
E04B 1CA A=A-C PT<-
E04C 000 NOP

So I changed 350 at address E04A to 250, left the rest unchanged and assembled the ROM again. Then, I was able to COPY 'TEMP program to RAM. The program was still showing as PRIVATE but this time is in the RAM so I can use the procedure described here to remove the PRIVATE flag and get the listing.

By the way Meindert's disassembler has done all this automatically.


Edited: 9 Nov 2004, 11:22 p.m.


Thank you, Miki, for sharing your observation. I can't remember such troubles.

What I wrote yesterday was just from my poor memory and the compare of the cracked vs the original Schenk Module. That was years ago when I did that, so for sure there are others today who know better and have the appropriate routines at hand. I "use" the HP-41 for long time only in it's emulators (Emu41, V41, and of cause my NutEm) and there I have other potentialities to flip some bits or decode some ROM. I just do it outside the emulator. On a real HP-41 only with a RAM-Box and a ZEN-ROM it's quite a challenge.




You have mail. I have a ROM disassembler that also disassembles user code in a .ROM file



Would you be willing to share your disassembler. I've been working on FOCAL to mCode translations and have need of decoding FOCAL programs in place in rom. I was going to write my own disassembler but just don't have the spare time right now.
I can be emailed at leshaworks(at)iname(dot)com
Thanks David Y.


I will share my ROM disassembler (with user code disassembler as well) as part of the MLDL2000 software. There is still some work that needs to be done, so please be a little patient ...


