myUnitNum equ 52 myDRefNum equ ~myUnitNum Code cmp.l #1,4(SP) beq getBootBlocks cmp.l #2,4(SP) beq getSysVol cmp.l #3,4(SP) beq mountSysVol move.l #-1,d0 rts getBootBlocks ; Now is the time to install our DRVR because we are guaranteed an opportunity to boot if we don't fuck up. link A6,#-$32 movem.l A2-A4/D3-D7,-(SP) ; Copy the DRVR -> A2 move.l #DrvrEnd-DrvrBase,D0 lea DrvrBase,A0 bsr InstallInSysHeap move.l A0,A2 ; Patch the server address into the DRVR code move.l 12(A6),A0 ; global pointer move.l 24(A0),D0 ; AddrBlock lea gSaveAddr-DrvrBase(A2),A0 move.b #10,15(A0) ; hardcode DDP protocol ID move.b D0,13(A0) ; socket lsr.w #4,D0 lsr.w #4,D0 move.b D0,11(A0) ; node swap D0 move.w D0,7(A0) ; network ; Patch the disk image name and size into the DRVR code bsr BootPicker ; A0 = pstring ptr lea gNumBlks-DrvrBase(A2),A1 move.l -4(A0),(A1) ; the size is underneath the pstring ptr move.l -4(A0),D6 ; D6 = block count, needed for DQE lea gQFilename-DrvrBase(A2),A1 ; A1 = dest moveq.l #1,D0 add.b (A0),D0 dc.w $A22E ; _BlockMoveData ; Install the driver in the unit table move.l #myDRefNum,D0 dc.w $A43D ; _DrvrInstall ReserveMem ; That call created a DCE. Find and lock. move.l $11C,A0 ; UTableBase move.l myUnitNum*4(A0),A0 dc.w $A029 ; _HLock move.l (A0),A0 ; Populate the empty DCE that DrvrInstall left us move.l A2,0(A0) ; dCtlDriver is pointer (not hdl) move.w 0(A2),D0 ; get DRVR.drvrFlags bclr #6,D0 ; Clear dRAMBased bit (to treat dCtlDriver as a pointer) move.w D0,4(A0) ; set DCE.dCtlFlags move.w 2(A2),$22(A0) ; drvrDelay to dCtlDelay move.w 4(A2),$24(A0) ; drvrEMask to dCtlEMask move.w 6(A2),$26(A0) ; drvrMenu to dCtlMenu ; Open the driver lea -$32(SP),SP move.l SP,A0 bsr clearblock lea DrvrNameString,A1 move.l A1,$12(A0) ; IOFileName dc.w $A000 ; _Open lea $32(SP),SP ; Create a DQE move.l #$16,D0 dc.w $A71E ; _NewPtr ,Sys,Clear add.l #4,A0 ; has some cheeky flags at negative offset move.l A0,A3 lea gDQEAddr,A0 move.l A3,(A0) ; Populate the DQE move.l D6,D0 ; needs fixing for Ruby Slipper lsl.l #5,D0 ; convert to bytes lsl.l #4,D0 swap D0 move.l D0,$C(A3) ; dQDrvSz/dQDrvSz2 move.l #$80080000,-4(A3) ; secret flags, see http://mirror.informatimago.com/next/developer.apple.com/documentation/mac/Files/Files-112.html move.w #1,4(A3) ; qType move.w #0,$A(A3) ; dQFSID should be for a native fs ; Into the drive queue (which will further populate the DQE) bsr findFreeDriveNum ; get drvnum in D0 lea gDriveNum,A0 move.w D0,(A0) swap D0 move.w #myDRefNum,D0 ; D0.H = drvnum, D0.L = drefnum move.l D0,D3 ; we need this in a sec move.l A3,A0 dc.w $A04E ; _AddDrive ; Open our socket lea -$32(SP),SP move.l SP,A0 bsr clearblock move.w #-10,$18(A0) ; ioRefNum = .MPP move.w #248,$1A(A0) ; csCode = openSkt move.b #10,$1C(A0) ; socket = 10, same as ATBOOT uses lea DrvrSockListener-DrvrBase(A2),A2 move.l A2,$1E(A0) ; listener dc.w $A004 ; _Control lea $32(SP),SP ; Get the real 1024k of boot blocks to a temp location ; (it will eventually get trashed, but we have time) lea 4096(A5),A4 ; above BootGlobals lea -$32(SP),SP move.l SP,A0 bsr clearblock move.l D3,22(A0) ; IOVRefNum=drvnum, IORefNum=drefnum move.l A4,32(A0) ; IOBuffer move.l #1024,36(A0) ; IOReqCount = 2 blocks move.l #0,46(A0) ; IOPosOffset = 0 move.w #1,44(A0) ; IOPosMode = from start dc.w $A002 ; _Read lea $32(SP),SP ; Put the boot blocks in netBOOT's global data structure as requested move.l A4,A0 move.l 12(A6),A1 lea $BA(A1),A1 move.l #$138,D0 dc.w $A22E ; _BlockMoveData move.l A1,A0 ; A0 = truncated BBs move.l A4,A1 ; A1 = full-length BBs bsr HealInjuredBootBlocks ; Clean up our stack frame movem.l (SP)+,A2-A4/D3-D7 unlk A6 move.l #0,D0 rts getSysVol ; pointless call :( move.l #0,D0 rts mountSysVol link A6,#-$32 movem.l A2-A4/D3,-(SP) lea gDriveNum,A0 move.w (A0),D3 ; System 7 needs MountVol to return the right vRefNum move.l $366,A0 ; Steal existing PB from FSQHead ; Set aside the FS queue to stop MountVol deadlocking move.w $360,-(SP) ; FSBusy move.l $362,-(SP) ; FSQHead move.l $366,-(SP) ; FSQTail clr.w $360 clr.l $362 clr.l $366 ; MountVol bsr clearblock move.w D3,$16(A0) ; ioVRefNum = ioDrvNum = the drive number dc.w $A00F ; _MountVol bne error ; Restore the FS queue move.l (SP)+,$366 move.l (SP)+,$362 move.w (SP)+,$360 ; Tattle about the DQE and VCB move.l 4+12(A6),A1 move.l $356+2,A0 ; VCBQHdr.QHead (maybe I should be clever-er) move.l A0,(A1) move.l 4+16(A6),A1 lea gDQEAddr,A0 move.l (A0),(A1) movem.l (SP)+,A2-A4/D3 unlk A6 move.l #0,d0 rts error move.w #$7777,D0 dc.w $A9C9 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; clearblock move.w #$32/2-1,D0 .loop clr.w (A0)+ dbra D0,.loop lea -$32(A0),A0 rts findFreeDriveNum ; and return it in D0. Free to trash the usual registers ; Find a free drive number (nicked this code from BootUtils.a:AddMyDrive) LEA $308,A0 ; [DrvQHdr] MOVEQ #4,D0 ; start with drive number 4 .CheckDrvNum MOVE.L 2(A0),A1 ; [qHead] start with first drive .CheckDrv CMP.W 6(A1),D0 ; [dqDrive] does this drive already have our number? BEQ.S .NextDrvNum ; yep, bump the number and try again. CMP.L 6(A0),A1 ; [qTail] no, are we at the end of the queue? BEQ.S .GotDrvNum ; if yes, our number's unique! Go use it. MOVE.L 0(A1),A1 ; [qLink] point to next queue element BRA.S .CheckDrv ; go check it. .NextDrvNum ; this drive number is taken, pick another ADDQ.W #1,D0 ; bump to next possible drive number BRA.S .CheckDrvNum ; try the new number .GotDrvNum rts DrvrNameString dc.b 8, ".LANDisk", 0 gDriveNum dc.w 0 gDQEAddr dc.l 0 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; DrvrBase dc.w $4F00 ; dReadEnable dWritEnable dCtlEnable dStatEnable dNeedLock dc.w 0 ; delay dc.w 0 ; evt mask dc.w 0 ; menu dc.w DrvrOpen-DrvrBase dc.w DrvrPrime-DrvrBase dc.w DrvrControl-DrvrBase dc.w DrvrStatus-DrvrBase dc.w DrvrClose-DrvrBase dc.b 8, ".LANDisk", 0 g gNumBlks dc.l 0 ; the source of all truth gMyDCE dc.l 0 gQuery gQTypeVer dc.w 0 ; part of gQuery gQSeqNum dc.w 0 ; part of gQuery gQOffset dc.l 0 ; part of gQuery: block offset gQLen dc.l 0 ; part of gQuery: block count gQFilename dcb.b 32 ; part of gQuery ; set by the init code gQueryEnd gWDS dcb.b 2+4+2+4+2 gMyPB dcb.b $32+2 ; allow us to clear it with move.l's odd gSaveAddr dcb.b 16 gAddr dcb.b 16 even ; a0=iopb, a1=dce on entry to all of these... ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; DrvrOpen move.l A0,-(SP) lea gMyDCE,A0 ; dodgy, need this for IODone move.l A1,(A0) move.l (SP)+,A0 move.w #0,$10(A0) ; ioResult rts ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; DrvrPrime ; Convert the ioPosOffset in the parameter block to a block offset (allows large vol support). btst.b #0,$2C(A0) ; test ioPosMode & kUseWidePositioning bne.s .wide .notwide move.l $10(A1),D0 bra.s .gotD0 .wide move.l $2E(A0),D0 ; the block offset can only be up to 32 bits or.l $32(A0),D0 .gotD0 ror.l #4,D0 ; now D0 = (LS 23 bits) followed by (MS 9 bits) ror.l #5,D0 move.l D0,$2E(A0) ; ioPosOffset = D0 = byte_offset/512 ; Increment the protocol sequence counter. lea gQSeqNum,A2 addq.w #1,(A2) ; Kick the state machine. movem.l A0-A1,-(SP) bsr.s DrvrTransmitRequest ; takes A0 as PB argument movem.l (SP)+,A0-A1 ; Return with a "pending" ioResult. move.w #1,$10(A0) ; ioResult = pending. We will return without an answer. rts DrvrTransmitRequest ; On entry, A0=pb. Trashes A0-A4/D0 so be careful. Uses our globals extensively. lea g,A2 move.b gSaveAddr-g(A2),gAddr-g(A2) ; reasonable way to copy the address struct, I guess move.l gSaveAddr-g+1(A2),gAddr-g+1(A2) move.l gSaveAddr-g+5(A2),gAddr-g+5(A2) move.l gSaveAddr-g+9(A2),gAddr-g+9(A2) move.w gSaveAddr-g+13(A2),gAddr-g+13(A2) move.b gSaveAddr-g+15(A2),gAddr-g+15(A2) move.w #$8001,gQTypeVer-g(A2) ; Means a polite request, v1 move.l $28(A0),D0 ; [ioActCount (in bytes) lsr.l #4,D0 lsr.l #5,D0 ; / 512] add.l $2E(A0),D0 ; + ioPosOffset (in blocks) move.l D0,gQOffset-g(A2) ; -> "offset" field of request move.l $24(A0),D0 ; [ioReqCount (in bytes) sub.l $28(A0),D0 ; - ioActCount (in bytes)] lsr.l #4,D0 lsr.l #5,D0 ; / 512 move.l D0,gQLen-g(A2) ; -> "length" field of request lea gAddr,A3 clr.w gWDS-g(A2) ; WDS+0 reserved field move.l A3,gWDS-g+2(A2) ; WDS+2 pointer to address struct lea gQuery,A3 move.w #gQueryEnd-gQuery,gWDS-g+6(A2) ; WDS+6 length of second entry move.l A3,gWDS-g+8(A2) ; WDS+8 pointer to second entry clr.w gWDS-g+12(A2) ; WDS+10 zero to end the list lea gMyPB,A0 .retry bsr DrvrClearBlock move.w #-10,$18(A0) ; ioRefNum = .MPP move.w #246,$1A(A0) ; csCode = writeDDP move.b #10,$1C(A0) ; socket = 10 (hardcoded) move.b #1,$1D(A0) ; set checksumFlag pea gWDS move.l (SP)+,$1E(A0) ; wdsPointer to our WriteDataStructure dc.w $A404 ; _Control ,async cmp.w #-91,$10(A0) ; This happens when the RAM MPP replaces the ROM one bne.s .noNeedToRetry ; so we need to reopen socket #10, then retry... bsr DrvrClearBlock move.w #-10,$18(A0) ; ioRefNum = .MPP move.w #248,$1A(A0) ; csCode = openSkt move.b #10,$1C(A0) ; socket = 10 (hardcoded) pea DrvrSockListener move.l (SP)+,$1E(A0) ; listener dc.w $A004 ; _Control (synchronous, better hope it doesn't deadlock!) bra.s .retry .noNeedToRetry move.w $10(A0),D0 ; for our caller to figure out what went wrong rts DrvrClearBlock move.w #$32/2-1,D0 .loop clr.w (A0)+ dbra D0,.loop lea -$32(A0),A0 rts DrvrSockListener ; works closely with the Prime routine ; A0 Reserved for internal use by the .MPP driver. You must preserve this register until after the ReadRest routine has completed execution. ; A1 Reserved for internal use by the .MPP driver. You must preserve this register until after the ReadRest routine has completed execution. ; A2 Pointer to the .MPP driver's local variables. Elliot says: the frame and packet header ("RHA") are at offset 1 from A2 (keeps the 2-byte fields aligned) ; A3 Pointer to the first byte in the RHA past the DDP header bytes (the first byte after the DDP protocol type field). ; A4 Pointer to the ReadPacket routine. The ReadRest routine starts 2 bytes after the start of the ReadPacket routine. ; A5 Free for your use before and until your socket listener calls the ReadRest routine. ; D0 Lower byte is the destination socket number of the packet. ; D1 Word indicating the number of bytes in the DDP packet left to be read (that is, the number of bytes following the DDP header). ; D2 Free for your use. ; D3 Free for your use. move.l gMyDCE,A5 btst.b #7,5(A5) ; Check drvrActive flag (is there an outstanding request?) beq .trashpacket cmp.b #10,-1(A3) ; DDP protocol type better be ATBOOT bne.s .trashpacket moveq.l #8,D3 jsr (A4) ; Read 8 bytes cmp.w #$8101,-8(A3) ; Check protocol and version bne.s .trashpacket lea gQSeqNum,A5 ; Check packet sequence number move.w (A5),D2 cmp.w -6(A3),D2 bne.s .trashpacket move.l gMyDCE,A5 ; Get current param block move.l 6+2(A5),A5 ; dCtlQHdr.qHead move.l $28(A5),D2 ; keep this in D2 because we will use it in a sec move.l -4(A3),D3 lsl.l #4,D3 lsl.l #5,D3 cmp.l D3,D2 ; ioActCount = this offset? bne.s .outoforder move.l $20(A5),A3 ; ioBuffer add.l D2,A3 ; A3 = ioBuffer + ioReqDone move.l #512,D3 ; D3 = bytes to read = 512 add.l D3,D2 ; D2 = new ioReqDone = old ioReqDone + 512 jsr 2(A4) ; ReadRest ; From this point on, use A1 instead of A5 move.l gMyDCE,A1 ; Get current param block move.l 6+2(A1),A1 ; dCtlQHdr.qHead move.l D2,$28(A1) ; update ioActCount cmp.l $24(A1),D2 ; does it equal ioReqCount? bne.s .rts lea gMyDCE,A1 move.l (A1),A1 moveq.l #0,D0 move.l $8FC,A0 ; jIODone (D0 = result, A1 = DCE) jmp (A0) .outoforder ; apparent dropped packet, so please resend moveq.l #0,D3 jsr 2(A4) ; ReadRest nothing movem.l A0-A4,-(SP) move.l gMyDCE,A0 ; Get current param block move.l 6+2(A0),A0 ; dCtlQHdr.qHead bsr DrvrTransmitRequest movem.l (SP)+,A0-A4 rts .trashpacket moveq.l #0,D3 jmp 2(A4) ; ReadRest nothing .rts rts ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; DrvrControl move.w #-17,$10(A0) ; ioResult = controlErr bra DrvrFinish ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; DrvrStatus cmp.w #6,$1A(A0) beq.s status_fmtLstCode cmp.w #8,$1A(A0) beq.s status_drvStsCode bra.s status_unknown status_fmtLstCode ; tell them about our size movem.l A2/A3,-(SP) lea gNumBlks,A3 move.l (A3),D0 lsl.l #5,D0 ; convert from blocks to bytes lsl.l #4,D0 move.w #1,$1C(A0) move.l $1C+2(A0),A2 move.l D0,0(A2) move.l #$40000000,4(A2) movem.l (SP)+,A2/A3 move.w #0,$10(A0) ; ioResult = noErr bra DrvrFinish status_drvStsCode ; tell them about some of our flags move.w #0,$1C(A0) ; csParam[0..1] = track no (0) move.l #$80080000,$1C+2(A0) ; csParam[2..5] = same flags as dqe move.w #0,$10(A0) ; ioResult = noErr bra DrvrFinish status_unknown move.w $1A(A0),D0 ; dodgy, for debugging add.w #$3000,D0 dc.w $A9C9 move.w #-18,$10(A0) ; ioResult bra DrvrFinish ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; DrvrClose move.w #$4444,D0 dc.w $A9C9 move.w #0,$10(A0) ; ioResult rts ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; DrvrFinish move.w 6(A0),D1 ; iopb.ioTrap btst #9,D1 ; noQueueBit bne.s DrvrNoIoDone move.l $8FC,-(SP) ; jIODone DrvrNoIoDone rts DrvrEnd ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; HealInjuredBootBlocks ; patch the BBs to fix themselves if executed ; Args: A0 = truncated boot blocks (138b), A1 = correct boot blocks (1024b) ; If these boot blocks are executable (from offset 2), then the 138 bytes of ; declarative data copied by the netBOOT driver are not enough. We edit the boot ; blocks with a stub that copies the entire 1k into place. System 7 needs this. ; This unfortunately clobbers the declarative part of the boot blocks, so we need to ; check for declarative boot blocks and leave them unchanged move.l A0,-(SP) ; Save A1 to a global, but need to keep A0 lea .gFullLoc,A0 move.l A1,(A0) move.l (SP)+,A0 move.b 6(A0),D0 ; BBVersion cmp.b #$44,D0 beq.s .executable and.b #$C0,D0 cmp.b #$C0,D0 beq.s .executable rts ; Relevant structure of the boot blocks: ; 0-1 bbID always 'LK' ; 2-5 bbEntry BRA.W base+128 ; 6-7 bbVersion interpreted as above ; 8-137 data ; 138-1023 code (MISSING from netBOOT's short version) ; Our self-repairing boot blocks: ; 0-1 bbID always 'LK' ; 2-5 bbEntry BRA.W base+8 ; 6-7 bbVersion interpreted as above ; 8-13 JSR .inPlaceFixRoutine ; 14-137 junk .executable ; Need to leave bytes 6,7 intact move.l #$60000004,2(A0) ; BB+2: BRA.W BB+8 move.w #$4EB9,8(A0) ; BB+8: JSR .inPlaceFixRoutine (abs) lea .inPlaceFixRoutine,A1 move.l A1,10(A0) move.l A0,A1 ; Clear the icache with a BlockMove move.l #138,D0 dc.w $A02E ; _BlockMove rts .inPlaceFixRoutine ; The BB stub JSRs to here move.l (SP)+,A1 ; so the return address will be at BB+14 lea -14(A1),A1 ; "Rewind" to the start of the BB move.l .gFullLoc,A0 ; And here are our full boot blocks move.l #1024,D0 dc.w $A02E ; _BlockMove (needs to clear cache) jmp 2(A1) ; Jump to the fixed-up BB .gFullLoc dc.l 0 ; Stuff addr of full-length BB in here ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; InstallInSysHeap ; takes A0/D0 as args, returns ptr in A0 movem.l A0/D0,-(SP) dc.w $A51E ; NewPtr ,Sys movem.l (SP)+,A1/D0 ; now A1=old, A0=new exg A0,A1 ; now A1=new, A0=old move.l D0,-(SP) dc.w $A02E ; _BlockMove move.l (SP)+,D0 exg A1,A0 ; now A1=old, A0=new subq.l #1,D0 .wipeloop move.b $99,(A1)+ dbra D0,.wipeloop rts BootPicker include "BootPicker.a"