Hacking the ZX Spectrum 48K ROM
Hi Guys,
I have modded my Speccy with a dual boot ROM loading on first bank the original ZX kernel and on the second bank an enhanced version. I have modified already the welcome message at the prompt with an hex editor but I would like for example to change the border and paper colour at startup or any other nice trick. Is that possible and where do I need to look at?
Thanks,
Rick
I have modded my Speccy with a dual boot ROM loading on first bank the original ZX kernel and on the second bank an enhanced version. I have modified already the welcome message at the prompt with an hex editor but I would like for example to change the border and paper colour at startup or any other nice trick. Is that possible and where do I need to look at?
Thanks,
Rick
Comments
So, for example to change the default colours to bright yellow ink on blue paper, with a blue border, change the following bytes:
Everyone has a crap game inside them, let yours out!
Thanks a lot for the explanation :-). I will look at this closely. Actually each memory address of the rom is filled with HEX instructions of course so I need to understand exactly what is what :-).
As far as I understand each colour has a value ranging from $01($00?) to $07.
If you're going to hack the ROM, I'd recommend having a read through the ROM disassembly, particularly as the ROM is coded for space efficiency rather than being easy to modify. Obviously you can't modify it too much if you want to maintain compatibility with software, you certainly wouldn't want to start moving routines around in memory for example. If you're careful you won't cause problems just by changing initial attribute values except possibly any games that use the ROM as data.
That's correct.
In the routines I listed above, the initial border colour is set using a single colour: For the BORDER, P-ATTR and T-ATTR system variables; the flash, bright, paper and ink are packed into the same byte:
The other most obvious cosmetic change would be a custom character set; which you can insert into the ROM as a 768 byte (96 characters of 8 rows each) from $3D00.
For something more minor you can tweak the initial memory test routine to fill memory with $FE instead of $02 and test on increments instead of decrements; the routine still works as before but it fills the screen with flashing yellow and white stripes instead of the familiar red on black:
Everyone has a crap game inside them, let yours out!
I am a noob sorry ^-^. This is what I see at address 11CD for example with the HEX editor
https://ibb.co/hcFmtG
Looks a long string of HEX data. (??)
Author of A Yankee in Iraq, a 50 fps shoot-’em-up—the first game to utilize the floating bus on the +2A/+3,
and zasm Z80 Assembler syntax highlighter.
Member of the team that discovered, analyzed, and detailed the floating bus behavior on the ZX Spectrum +2A/+3.
A few Spectrum game fixes.
Depending on your level of knowledge, you might also want to familiarize yourself with how the Z80 fetches and executes instructions, especially multibyte ones (e.g. low/high byte order), so you don’t get confused by, say, LD BC,$1234 represented as 01 34 12, rather than 01 12 34.
Author of A Yankee in Iraq, a 50 fps shoot-’em-up—the first game to utilize the floating bus on the +2A/+3,
and zasm Z80 Assembler syntax highlighter.
Member of the team that discovered, analyzed, and detailed the floating bus behavior on the ZX Spectrum +2A/+3.
A few Spectrum game fixes.
Actually I do have a basic knowledge of ML instructions for the 6502 processor but none for the Z80 so in that area yes I am a total noob. Also I always worked with an assembler when coding and never used an HEX editor to modify a code but only to program eproms or limited to text mod (for example the ZX Prompt welcome message which is visible in the ASCII section of the editor) :-D
I need to get more into the Z80 to better understand :-) and also have a better knowledge on how to decode instructions as seen from the HEx editor ;-)
I will give a try to GreW advices and see what happens :-)
Thanks
Rick
Do give Hex Fiend a try (no need to launch Wine when there’s a great native macOS hex editor available.) And if you ever feel like coding in assembly for the Z80 (and the Spectrum), check out the second link in my signature.
You could also use a disassembler (such as z80dasm, for instance), of course, but then you’ll need to assemble the modified code and save it as a .bin file. Not too difficult and perhaps a little less error prone. The only problem is you’ll have to define entry points for each chunk of code/data, so for making small changes, a hex editor is probably the best choice.
Author of A Yankee in Iraq, a 50 fps shoot-’em-up—the first game to utilize the floating bus on the +2A/+3,
and zasm Z80 Assembler syntax highlighter.
Member of the team that discovered, analyzed, and detailed the floating bus behavior on the ZX Spectrum +2A/+3.
A few Spectrum game fixes.
The row labels are showing the address to rounded down to the nearest 16 ($10); and the column labels are showing the offsets from 0 to 15 ($00 to $0F), to get the address of a particular byte, add the column label to the row label.
So location $11CC contains $3E (which is the Z80 opcode for LD A,nn); while $11CD contains $07 (the operand for the LD A,nn instruction, ie. the "nn"; in this case representing the colour code for white).
Everyone has a crap game inside them, let yours out!
Thanks to both of you for this clear explanation :-D. I had no idea really on how to read out the ROM content from an HEX editor and now it makes sense of course :-)
It might also be fun to use an emulator and put breakpoints on those addresses in the emulator's debugger, then you can step through the startup sequence and follow along, relating it to the disassembly on the website, and also to your hex editor display.
SevenFFF / Threetwosevensixseven / colonel32
NXtel • NXTP • ESP Update • ESP Reset • CSpect Plugins
Zeus run nicely under Wine on Macs.
SevenFFF / Threetwosevensixseven / colonel32
NXtel • NXTP • ESP Update • ESP Reset • CSpect Plugins
Zeus OMG this is the one I will definitely grab! :-). Thanks a lot!
Author of A Yankee in Iraq, a 50 fps shoot-’em-up—the first game to utilize the floating bus on the +2A/+3,
and zasm Z80 Assembler syntax highlighter.
Member of the team that discovered, analyzed, and detailed the floating bus behavior on the ZX Spectrum +2A/+3.
A few Spectrum game fixes.