Commodore 64 Hacking

Various bits and pieces of C=64 related hacking info.

1 Instruction Set
2 KERNAL Jump Table
3 Memory Map

1 Instruction Set


Mnemonic	Description
ADC	Add Memory to Accumulator with Carry
AND	"AND" Memory with Accumulator
ASL	Shift Left One Bit (Memory or Accumulator)
BCC	Branch on Carry Clear
BCS	Branch on Carry Set
BEQ	Branch on Result Zero
BIT	Test Bits in Memory with Accumulator
BMI	Branch on Result Minus
BNE	Branch on Result not Zero
BPL	Branch on Result Plus
BRK	Force Break
BVC	Branch on Overflow Clear
BVS	Branch on Overflow Set
CLC	Clear Carry Flag
CLD	Clear Decimal Mode
CLI	Clear interrupt Disable Bit
CLV	Clear Overflow Flag
CMP	Compare Memory and Accumulator
CPX	Compare Memory and Index X
CPY	Compare Memory and Index Y
DEC	Decrement Memory by One
DEX	Decrement Index X by One
DEY	Decrement Index Y by One
EOR	"Exclusive-Or" Memory with Accumulator
INC	Increment Memory by One
INX	Increment Index X by One
INY	Increment Index Y by One
JMP	Jump to New Location
JSR	Jump to New Location Saving Return Address
LDA	Load Accumulator with Memory
LDX	Load Index X with Memory
LDY	Load Index Y with Memory
LSR	Shift Right One Bit (Memory or Accumulator)
NOP	No Operation
ORA	"OR" Memory with Accumulator
PHA	Push Accumulator on Stack
PHP	Push Processor Status on Stack
PLA	Pull Accumulator from Stack
PLP	Pull Processor Status from Stack
ROL	Rotate One Bit Left (Memory or Accumulator)
ROR	Rotate One Bit Right (Memory or Accumulator)
RTI	Return from Interrupt
RTS	Return from Subroutine
SBC	Subtract Memory from Accumulator with Borrow
SEC	Set Carry Flag
SED	Set Decimal Mode
SEI	Set Interrupt Disable Status
STA	Store Accumulator in Memory
STX	Store Index X in Memory
STY	Store Index Y in Memory
TAX	Transfer Accumulator to Index X
TAY	Transfer Accumulator to Index Y
TSX	Transfer Stack Pointer to Index X
TXA	Transfer Index X to Accumulator
TXS	Transfer Index X to Stack Pointer
TYA	Transfer Index Y to Accumulator

Source: MCS6510 Microprocessor Instruction Set

2 KERNAL Jump Table


Address	Name	A	X	Y	F	Description	Vid	Sys	Ser
FF47/128	SPINSPOUT	*				Initializes I/O for fast serial	***
FF4A/128	CLOSEALL	*	*	*		Close all files on a device	***
FF4D/128	C64MODE					Switches to C=64 mode	***
FF50/128	DMACALL	*	*			Send DMA command to REU	***
FF53/128	BOOTCALL	*	*	*		Attempts to run boot sector	***	***
FF56/128	PHOENIX	*	*	*		Initalizes external/internal cartri.	***
FF59/128	LKUPLA	*	*	*	*	Looks up logical device #	***	***
FF5C/128	LKUPSA	*	*	*	*	Looks up for secondary address	***	***
FF5F/128	SWAPPER	*	*	*		Switches betten 40 / 80 column screen	***
FF62/128	DLCHAR	*	*	*		Initializes 80 column character set	***
FF65/128	PFKEY	*	*	*	*	Installs a function key definition	***
FF68/128	SETBNK					Sets bank for any I/O operations	***	***
FF6B/128	GETCFG	*				Get MMU configuration for a given bank	***
FF6E/128	JSRFAR					Jumps to a subroutine in another bank	***
FF71/128	JMPFAR					Starts executing code in another bank	***
FF74/128	INDFET	*	*	*		Execute a LDA(fetvec),Y from a bank	***
FF77/128	INDSTA	*		*		Stores a value indirectly in a bank	***
FF7A/128	INDCMP	*		*		Compares a value indirectly in a bank	***
FF7D/128	PRIMM					Outputs null-terminated string	***		***
FF81	CINT	*	*	*		Setup VIC,screen values, 8563…	***
FF84	IOINIT	*	*	*		Initialize VIC,SID,8563,CIA for system	***	***
FF87	RAMTAS	*	*	*		Initialize ram.	***
FF8D	VECTOR	*		*		Reads or Writes to Kernal RAM Vectors	***
FF90	SETMSG					Sets Kernal Messages On/Off.	***
FF93	SECND	*				Sends secondary address after LISTN	***	***
FF96	TKSA	*				Sends secondary address after TALK	***	***
FF99	MEMTOP	*	*			Read or set the top of system RAM.	***
FF9C	MEMBOT	*	*			Read or set the bottom of system RAM.	***
FF9F	KEY					Scans Keyboard	***
FFA2	SETMO					– Unimplemented Subroutine in All –
FFA5	ACPTR	*				Grabs byte from current talker	***	***
FFA8	CIOUT	*				Output byte to current listener	***	***
FFAB	UNTLK	*				Commands device to stop talking	***	***
FFAE	UNLSN	*				Commands device to stop listening	***	***
FFB1	LISTN	*				Commands device to begin listening	***	***
FFB4	TALK	*				Commands device to begin talking	***	***
FFB7	READSS	*				Returns I/O status byte	***
FFBA	SETLFS					Sets logical #, device #, secondary #	***
FFBD	SETNAM					Sets pointer to filename.	***
FFC0	OPEN	*	*	*	*	Opens up a logical file.	***
FFC3	CLOSE	*	*	*	*	Closes a logical file.	***
FFC6	CHKIN	*	*	*	*	Set input channel	***
FFC9	CHKOUT	*	*	*	*	Set output channel	***
FFCC	CLRCH	*	*			Restore default channels	***
FFCF	BASIN	*		*		Input from channel	***
FFD2	BSOUT	*		*		Output to channel (aka CHROUT)	***		***
FFD5	LOAD	*	*	*	*	Load data from file	***
FFD8	SAVE	*	*	*	*	Save data to file	***
FFDB	SETTIM					Sets internal (TI\() clock	***
FFDE	RDTIM	*	*	*		Reads internal (TI\)) clock	***
FFE1	STOP	*	*			Scans and check for STOP key	***
FFE4	GETIN	*	*	*	*	Reads buffered data from file	***
FFE7	CLALL	*	*			Close all open files and channels	***
FFEA	UDTIM	*	*			Updates internal (TI$) clock	***
FFED	SCRORG	*	*	*		Returns current window/screen size	***
FFF0	PLOT	*	*	*		Read or set cursor position	***
FFF3	IOBASE	*	*			Read base of I/O block	***

Source: C=Hacking Issue 3

3 Memory Map


Label	Hex Address	Dec. Location	Description
D6510	0000	0	6510 On-Chip Data-Direction Register
R6510	0001	1	6510 On-Chip 8-Bit Input/Output Register
	0002	2	Unused
ADRAY1	0003-0004	3-4	Jump Vector: Convert Floating-Integer
ADRAY2	0005-0006	5-6	Jump Vector: Convert Integer–Floating
CHARAC	0007	7	Search Character
ENDCHR	0008	8	Flag: Scan for Quote at End of String
TRMPOS	0009	9	Screen Column From Last TAB
VERCK	000A	10	Flag: 0 = Load, 1 = Verify
COUNT	000B	11	Input Buffer Pointer / No. of Subscripts
DIMFLG	000C	12	Flag: Default Array DiMension
VALTYP	000D	13	Data Type: $FF = String, $00 = Numeric
INTFLG	000E	14	Data Type: $80 = Integer, $00 = Floating
GARBFL	000F	15	Flag: DATA scan/LIST quote/Garbage Coll
SUBFLG	0010	16	Flag: Subscript Ref / User Function Call
INPFLG	0011	17	Flag: $00 = INPUT, $40 = GET, $98 = READ
TANSGN	0012	18	Flag TAN sign / Comparison Result
	0013	19	Flag: INPUT Prompt
LINNUM	0014-0015	20-21	Temp: Integer Value
TEMPPT	0016	22	Pointer Temporary String
LASTPT	0017-0018	23-24	Last Temp String Address
TEMPST	0019-0021	25-33	Stack for Temporary Strings
INDEX	0022-0025	34-37	Utility Pointer Area
RESHO	0026-002A	38-42	Floating-Point Product of Multiply
TXTTAB	002B-002C	43-44	Pointer: Start of BASIC Text
VARTAB	002D-002E	45-46	Pointer: Start of BASIC Variables
ARYTAB	002F-0030	47-48	Pointer: Start of BASIC Arrays
STREND	0031-0032	49-50	Pointer End of BASIC Arrays (+1)
FRETOP	0033-0034	51-52	Pointer: Bottom of String Storage
FRESPC	0035-0036	53-54	Utility String Pointer
MEMSIZ	0037-0038	55-56	Pointer: Highest Address Used by BASIC
CURLIN	0039-003A	57-58	Current BASIC Line Number
OLDLIN	003B-003C	59-60	Previous BASIC Line Number
OLDTXT	003D-003E	61-62	Pointer: BASIC Statement for CONT
DATLIN	003F-0040	63-64	Current DATA Line Number
DATPTR	0041-0042	65-66	Pointer: Current DATA Item Address
INPPTR	0043-0044	67-68	Vector: INPUT Routine
VARNAM	0045-0046	69-70	Current BASIC Variable Name
VARPNT	0047-0048	71-72	Pointer: Current BASIC Variable Data
FORPNT	0049-004A	73-74	Pointer: Index Variable for FOR/NEXT
	004B-0060	75-96	Temp Pointer / Data Area
FACEXP	0061	97	Floating-Point Accumulator #1: Exponent
FACHO	0062-0065	98-101	Floating Accum. #1: Mantissa
FACSGN	0066	102	Floating Accum. #1: Sign
SGNFLG	0067	103	Pointer: Series Evaluation Constant
BITS	0068	104	Floating Accum. #1: Overflow Digit
ARGEXP	0069	105	Floating-Point Accumulator #2: Exponent
ARGHO	006A-006D	106-109	Floating Accum. #2: Mantissa
ARGSGN	006E	110	Floating Accum. #2: Sign
ARISGN	006F	111	Sign Comparison Result: Accum. # 1 vs #2
FACOV	0070	112	Floating Accum. #1. Low-Order (Rounding)
FBUFPT	0071-0072	113-114	Pointer: Cassette Buffer
CHRGET	0073-008A	115-138	Subroutine: Get Next Byte of BASIC Text
CHRGOT	0079	121	Entry to Get Same Byte of Text Again
TXTPTR	007A-007B	122-123	Pointer: Current Byte of BASIC Text
RNDX	008B-008F	139-143	Floating RND Function Seed Value
STATUS	0090	144	Kernal I/O Status Word: ST
STKEY	0091	145	Flag: STOP key / RVS key
SVXT	0092	146	Timing Constant for Tape
VERCK	0093	147	Flag: 0 = Load, 1 = Verify
C3PO	0094	148	Flag: Serial Bus-Output Char. Buffered
BSOUR	0095	149	Buffered Character for Serial Bus
SYNO	0096	150	Cassette Sync No.
	0097	151	Temp Data Area
LDTND	0098	152	No. of Open Files / Index to File Table
DFLTN	0099	153	Default Input Device (0)
DFLTO	009A	154	Default Output (CMD) Device (3)
PRTY	009B	155	Tape Character Parity
DPSW	009C	156	Flag: Tape Byte-Received
MSGFLG	009D	157	Flag: $80 = Direct Mode, $00 = Program
PTR1	009E	158	Tape Pass 1 Error Log
PTR2	009F	159	Tape Pass 2 Error Log
TIME	00A0-00A2	160-162	Real-Time Jiffy Clock (approx) 1/60 Sec
	00A3-00A4	163-164	Temp Data Area
CNTDN	00A5	165	Cassette Sync Countdown
BUFPNT	00A6	166	Pointer: Tape I/O Buffer
INBIT	00A7	167	RS-232 Input Bits / Cassette Temp
BITCI	00A8	168	RS-232 Input Bit Count / Cassette Temp
RINONE	00A9	169	RS-232 Flag: Check for Start Bit
RIDATA	00AA	170	RS-232 Input Byte Buffer/Cassette Temp
RIPRTY	00AB	171	RS-232 Input Parity / Cassette Short Cnt
SAL	00AC-00AD	172-173	Pointer: Tape Buffer/ Screen Scrolling
EAL	00AE-00AF	174-175	Tape End Addresses/End of Program
CMP0	00B0-00B1	176-177	Tape Timing Constants
TAPE1	00B2-00B3	178-179	Pointer: Start of Tape Buffer
BITTS	00B4	180	RS-232 Out Bit Count / Cassette Temp
NXTBIT	00B5	181	RS-232 Next Bit to Send/ Tape EOT Flag
RODATA	00B6	182	RS-232 Out Byte Buffer
FNLEN	00B7	183	Length of Current File Name
LA	00B8	184	Current Logical File Number
SA	00B9	185	Current Secondary Address
FA	00BA	186	Current Device Number
FNADR	00BB-00BC	187-188	Pointer: Current File Name
ROPRTY	00BD	189	RS-232 Out Parity / Cassette Temp
FSBLK	00BE	190	Cassette Read / Write Block Count
MYCH	00BF	191	Serial Word Buffer
CAS1	00C0	192	Tape Motor Interlock
STAL	00C1-00C2	193-194	I/O Start Address
MEMUSS	00C3-00C4	195-196	Tape Load Temps
LSTX	00C5	197	Current Key Pressed: CHR$(n) 0 = No Key
NDX	00C6	198	No. of Chars. in Keyboard Buffer (Queue)
RVS	00C7	199	Flag: Reverse Chars. - 1=Yes, 0=No Used
INDX	00C8	200	Pointer: End of Logical Line for INPUT
LXSP	00C9-00CA	201-202	Cursor X-Y Pos. at Start of INPUT
SFDX	00CB	203	Flag: Print Shifted Chars.
BLNSW	00CC	204	Cursor Blink enable: 0 = Flash Cursor
BLNCT	00CD	205	Timer: Countdown to Toggle Cursor
GDBLN	00CE	206	Character Under Cursor
BLNON	00CF	207	Flag: Last Cursor Blink On/Off
CRSW	00D0	208	Flag: INPUT or GET from Keyboard
PNT	00D1-00D2	209-210	Pointer: Current Screen Line Address
PNTR	00D3	211	Cursor Column on Current Line
QTSW	00D4	212	Flag: Editor in Quote Mode, $00 = NO
LNMX	00D5	213	Physical Screen Line Length
TBLX	00D6	214	Current Cursor Physical Line Number
	00D7	215	Temp Data Area
INSRT	00D8	216	Flag: Insert Mode, >0 = # INSTs
LDTB1	00D9-00F2	217-242	Screen Line Link Table / Editor Temps
USER	00F3-00F4	243-244	Pointer: Current Screen Color RAM loc.
KEYTAB	00F5-00F6	245-246	Vector Keyboard Decode Table
RIBUF	00F7-00F8	247-248	RS-232 Input Buffer Pointer
ROBUF	00F9-00FA	249-250	RS-232 Output Buffer Pointer
FREKZP	00FB-00FE	251-254	Free 0-Page Space for User Programs
BASZPT	00FF	255	BASIC Temp Data Area
	0100-01FF	256-511	Micro-Processor System Stack Area
	0100-010A	256-266	Floating to String Work Area
BAD	0100-013E	256-318	Tape Input Error Log
BUF	0200-02S8	512-600	System INPUT Buffer
LAT	0259-0262	601-610	KERNAL Table: Active Logical File No's.
FAT	0263-026C	611-620	KERNAL Table: Device No. for Each File
SAT	026D-0276	621-630	KERNAL Table: Second Address Each File
KEYD	0277-0280	631-640	Keyboard Buffer Queue (FIFO)
MEMSTR	0281-0282	641-642	Pointer: Bottom of Memory for O.S.
MEMSIZ	0283-0284	643-644	Pointer: Top of Memory for O.S.
TIMOUT	0285	645	Flag: Kernal Variable for IEEE Timeout
COLOR	0286	646	Current Character Color Code
GDCOL	0287	647	Background Color Under Cursor
HIBASE	0288	648	Top of Screen Memory (Page)
XMAX	0289	649	Size of Keyboard Buffer
RPTFLG	028A	650	Flag: REPEAT Key Used, $80 = Repeat
KOUNT	028B	651	Repeat Speed Counter
DELAY	028C	652	Repeat Delay Counter
SHFLAG	028D	653	Flag: Keyboard SHIFT Key/CTRL Key/C= Key
LSTSHF	028E	654	Last Keyboard Shift Pattern
KEYLOG	028F-0290	655-656	Vector: Keyboard Table Setup
MODE	0291	657	Flag: $00=Disable SHIFT Keys, $80=Enable
AUTODN	0292	658	Flag: Auto Scroll Down, 0 = ON
M51CTR	0293	659	RS-232: 6551 Control Register Image
MS1CDR	0294	660	RS-232: 6551 Command Register Image
M51AJB	0295-0296	661-662	RS-232 Non-Standard BPS (Time/2-100) USA
RSSTAT	0297	663	RS-232: 6551 Status Register Image
BITNUM	0298	664	RS-232 Number of Bits Left to Send
BAUDOF	0299-029A	665-666	RS-232 Baud Rate: Full Bit Time (us)
RIDBE	029B	667	RS-232 Index to End of Input Buffer
RIDBS	029C	668	RS-232 Start of Input Buffer (Page)
RODBS	029D	669	RS-232 Start of Output Buffer (Page)
RODBE	029E	670	RS-232 Index to End of Output Buffer
IRQTMP	029F-02A0	671-672	Holds IRQ Vector During Tape I/O
ENABL	02A1	673	RS-232 Enables
	02A2	674	TOD Sense During Cassette I/O
	02A3	675	Temp Storage For Cassette Read
	02A4	676	Temp D1 IRQ Indicator For Cassette Read
	02A5	677	Temp For Line Index
	02A6	678	PAL/NTSC Flag, 0= NTSC, 1 = PAL
	02A7-02FF	679-767	Unused
IERROR	0300-0301	768-769	Vector: Print BASIC Error Message
IMAIN	0302-0303	770-771	Vector: BASIC Warm Start
ICRNCH	0304-0305	772-773	Vector: Tokenize BASIC Text
IQPLOP	0306-0307	774-775	Vector: BASIC Text LIST
IGONE	0308-0309	776-777	Vector: BASIC Char. Dispatch
IEVAL	030A-030B	778-779	Vector: BASIC Token Evaluation
SAREG	030C	780	Storage for 6502 .A Register
SXREG	030D	781	Storage for 5502 .X Register
SYREG	030E	782	Storage for 6502 .Y Register
SPREG	030F	783	Storage for 6502 .SP Register
USRPOK	0310	784	USR Function Jump Instr (4C)
USRADD	0311-0312	785-786	USR Address Low Byte / High Byte
	0313	787	Unused
CINV	0314-0315	788-789	Vector: Hardware Interrupt
CBINV	0316-0317	790-791	Vector: BRK Instr. Interrupt
NMINV	0318-0319	792-793	Vector: Non-Maskable Interrupt
IOPEN	031A-031B	794-795	KERNAL OPEN Routine Vector
ICLOSE	031C-031D	796-797	KERNAL CLOSE Routine Vector
ICHKIN	031E-031F	798-799	KERNAL CHKIN Routine
ICKOUT	0320-0321	800-801	KERNAL CHKOUT Routine
ICLRCH	0322-0323	802-803	KERNAL CLRCHN Routine Vector
IBASIN	0324-0325	804-805	KERNAL CHRIN Routine
IBSOUT	0326-0327	806-807	KERNAL CHROUT Routine
ISTOP	0328-0329	808-809	KERNAL STOP Routine Vector
IGETIN	032A-032B	810-811	KERNAL GETIN Routine
ICLALL	032C-032D	812-813	KERNAL CLALL Routine Vector
USRCMD	032E-032F	814-815	User-Defined Vector
ILOAD	0330-0331	813-817	KERNAL LOAD Routine
ISAVE	0332-0333	818-819	KERNAL SAVE Routine Vector
&nsbp;	0334-033B	820-827	Unused
TBUFFR	033C-03FB	828-1019	Tape I/O Buffer
	03FC-03FF	1020-1023	Unused
VICSCN	0400-07FF	1024-2047	1024 Byte Screen Memory Area
	0400-07E7	1024-2023	Video Matrix: 25 Lines X 40 Columns
	07F8-07FF	2040-2047	Sprite Data Pointers
	0800-9FFF	2048-40959	Normal BASIC Program Space
	8000-9FFF	32768-40959	VSP Cartridge ROM - 8192 Bytes
	A000-BFFF	40960-49151	BASIC ROM - 8192 Bytes (or 8K RAM)
	C000-CFFF	49152-53247	RAM - 4096 Bytes
	D000-DFFF	53248-57343	Input/Output Devices and Color RAM or Character Generator ROM or RAM - 4096 Bytes
	E000-FFFF	57344-65535	KERNAL ROM - 8192 Bytes (or 8K RAM)

Source: Commodore 64 Memory Map

Commodore 64 Hacking

Table of Contents

1 Instruction Set

2 KERNAL Jump Table

3 Memory Map