Image Map Image Map
Results 1 to 7 of 7

Thread: Defeating Tandy 1000 Detection

  1. #1
    Join Date
    Mar 2006
    Location
    Massachusetts, USA
    Posts
    1,880

    Default Defeating Tandy 1000 Detection

    Many PC games autodetect when they are in a Tandy 1000 system and if so, will automatically use the Tandy video and audio hardware instead of other PC video adapters or the PC Speaker. I believe that virtually all Tandy-supporting games check a BIOS type byte to determine that they are being run on a Tandy and not an IBM PC/XT/AT. If so, could someone write a simple TSR-style program that will intercept the read and return an IBM byte instead?

  2. #2

    Default

    How do you propose that somebody write a TSR that can intercept a read of a memory location?

  3. #3

    Default

    Although I'm not sure I understand the intent I'd assume if possible you'd hijack/overwrite the memory location for the interrupt like most viruses?

    ..after I post that I realize you don't necessarily call an interrupt to read a memory location unless they do it that way. Either way I think you'd want to run it through a debugger to find what it checks. Then you could either patch the binary or I dunno if it'd be worth the effort trying to poke that address or reburn an eeprom.
    Looking to acquire: IBM 5100, Altair 8800

  4. #4

    Default

    That's my point. You can't write a TSR to intercept a memory read. You can write a TSR to do something at a timer tick, or to intercept a hardware or software interrupt. But not an arbitrary memory read.

    The program has to be patched. Or you can patch that byte in the BIOS, as is done on some PCjrs. But a TSR is impossible.

  5. #5
    Join Date
    Mar 2006
    Location
    Massachusetts, USA
    Posts
    1,880

    Default

    Quote Originally Posted by mbbrutman View Post
    That's my point. You can't write a TSR to intercept a memory read. You can write a TSR to do something at a timer tick, or to intercept a hardware or software interrupt. But not an arbitrary memory read.

    The program has to be patched. Or you can patch that byte in the BIOS, as is done on some PCjrs. But a TSR is impossible.
    I understand that it is impossible. What is possible is to burn the ROM with the ID byte replaced. Of course, by doing so you would make the programs that detect a Tandy machine using that byte unusuable in Tandy mode. Therefore, you would need two ROMs instead of one and use a switch to activate the proper ROM.

    Presumably, the byte in question would be at F000:FFFE, as it is with the IBM PCs, but both the SX and HX BIOS ROMs I looked at have FF in that memory location, so there has to be another way.
    Last edited by Great Hierophant; August 19th, 2009 at 05:49 PM.

  6. #6

    Default

    Quote Originally Posted by Great Hierophant View Post
    I understand that it is impossible. What is possible is to burn the ROM with the ID byte replaced. Of course, by doing so you would make the programs that detect a Tandy machine using that byte unusuable in Tandy mode. Therefore, you would need two ROMs instead of one and use a switch to activate the proper ROM.

    Presumably, the byte in question would be at F000:FFFE, as it is with the IBM PCs, but both the SX and HX BIOS ROMs I looked at have FF in that memory location, so there has to be another way.
    I guess this is something you learned from the thread, because in your original message you had written this:

    "If so, could someone write a simple TSR-style program that will intercept the read and return an IBM byte instead?"

    Apparently it is returning the 'PC' value. Tandy probably defined a 'sub-architecture' value at a known location in BIOS which is what the software is looking for and using. The copyright string is another possibility.

    PCjrs have a great solution for this problem - ROM cartridges that can replace (or patch) the system ROM.

  7. #7

    Default

    Quote Originally Posted by Great Hierophant View Post
    Presumably, the byte in question would be at F000:FFFE, as it is with the IBM PCs, but both the SX and HX BIOS ROMs I looked at have FF in that memory location, so there has to be another way.
    What games do is check the BIOS for the string "TANDY". The ID byte on all Tandy 1000s (except the RLX and RSX) is FFh, same as the IBM 5150.

    Now on PCjrs, the ID byte is FDh. Games like Jumpman, Troll's Tale, and Oil's Well (all released in 1984 before the Tandy 1000 had debuted), check F000:FFFEh for FDh, and if they find something different, they assume they're on a normal PC and will only run in CGA mode with speaker sound on Tandys.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •