Welcome To
Capitoline
An Amiga Kickstart editing tool
About
- Load standard, encrypted, Rekick, Kickit, superkickstart, ADF, Kickstarts
- Extract and save components (libraries) from ROMs as loadable binaries
- Create ROMs from scratch
- Add components from other ROMs
- Add "romable" libraries
- Extract/add files from ADF images
- Save ROMs to load in emulators (single file)
- Save ROMs to burn to eproms (16/32bit, single/dual, 32bit interleave, byteswap, 512k chunks).
- Text based patching language
- Analyse unknown ROMs
- Identify relocation offsets
- Disassemble
- Create RTB files
Kickstart structure
ROM Banks
The Amiga supports several ROM/Kickstart "banks"; The original A1000 bank is a 256k chunk starting at $FC0000, this was used right up until the first KS 1.4 (alpha) release, then there was a move to use 512k kickstarts starting at $F80000 (an extra 256k)
The CDTV was an exception as it uses $F00000 for its extended ROM, these are separate physical ROMs (also uses $200000 for the VCD/mpeg CD32 cart ROM - unsure about this as resources seem to contradict)
This was pretty much the same until the CD32 which has a 1Mb kickstart, or, more correctly an original 512k kickstart at $F80000 and an extended kickstart at $E00000.
The A500+/A600/A1200/CD32 are all (electrically) capable of addressing a further 1Mb of space at $A80000 without any hardware modifications.
256k Kickstart 0xFC0000 - 0xFFFFFF 256k chunk
512k Kickstart 0xF80000 - 0xFFFFFF 512k chunk, overlaps the 256k chunk, but starts earlier
1Mb Kickstart 0xF80000 - 0xFFFFFF 512k chunk 0xE00000 - 0xE7FFFF 512k chunk
2Mb Kickstart 0xF80000 - 0xFFFFFF 512k chunk 0xE00000 - 0xE7FFFF 512k chunk 0xA80000 - 0xB7FFFF 1Mb chunk Note, these banks are not contiguous.
There are also other areas used for loading additonal ROMs, "expansion" ROMs can appear at $E80000 (and maybe $E90000), but they get copied from there (there's also the ZorroIII address $FF000000, but I'll ignore 32bit addresses here for now).
ROMHEADER
Because of these various chunks and the way that the Amiga maps kickstart addresses on startup various ROMs may try and execute at different times, to keep this under control, it uses a ROMHEADER, the original 256k ROM starts at $FC0000
When you build a 1Mb ROM, you're not really building a 1Mb ROM, you're building a 512k ROM at $F80000 and a 512k ROM at $E00000, so you need to give the $E00000 ROM a ROMHEADER too.
When the 680x0 starts, it maps the rom to address 0x0000000 (this is called "overlay" or OVL), then starts executing at address 0x000002 (the first two bytes of the Kickstart identify the size of the first bank used) when execution starts at the proper ROM address it can turn overlay off which means the address 0x000000 then is mapped properly to the first bank of chip ram
Kickstart 1.3 (A500) 256k ROMHEADER 0x000000 1111 ChipID 256k 0x000002 4EF9 00FC 00D2 JMP $FC00D2
Kickstart 2.05 (A600) 512k ROMHEADER 0x000000 1114 ChipID 512k 0x000002 4EF9 00F8 00D2 JMP $F800D2
You may even see this in the form of a ROMHEADER half way through some 512k ROMs, colloqually known as "Kickity-Split", this was just a backward-compatible "hack" in case programmers assumed the reset code as at $FC0002.
Kickstart 2.05 (A600) 512k Kickety-Split 0x004000 1111 ChipID 256k 0x004002 4EF9 00F8 0002 JMP $F80002
Scantable
The way that the Amiga knows what Kickstart banks are present is by using a "scantable". The scantable is stored in exec, it's a list of areas in the memory to search in pairs of long words, it's make up will vary depending on the version of exec/kickstart (and target machine).
Kickstart 1.2 exec - 1.3 is the same, just in a different place 0xFC04E4 00FC0000 01000000 0xFC0000 - 0x01000000 0xFC04EC 00FC0000 01000000 0xFC0000 - 0x01000000 0xFC04F4 00F00000 00F80000 0xF00000 - 0xF80000 "Extended ROM" e.g. CDTV 0xFC04FC FFFFFFFF End of scantable
Kickstart 2.05 exec (37.299) most of the 2.0 - 3.1 kickstarts are the same 0xF80346 00F80000 01000000 0xF80000 - 0x01000000 0xF8034E 00F00000 00F80000 00F00000 - 0xF80000 "Extended ROM" 0xF80356 FFFFFFFF End of scantable
Kickstart 3.1 exec (CD32 - 1Mb kickstart) 0xF8036A 00F80000 01000000 0xF80000 - 0x01000000 "Normal kickstart" 0xF80372 00E00000 00E80000 0xE00000 - 0xE80000 "Extended ROM" 0xF8037A 00A80000 00B80000 0xA80000 - 0xB80000 "FMV ROM" - Although, the ROM I have has a ROMBASE of $200000 0xF80382 00F00000 00F80000 0xF00000 - 0xF80000 "Extended/Flash ROM" 0xF8038A FFFFFFFF End of scantable
In 3.1.4/3.2 it also has an "exclude".
Kickstart 3.2 0xF80410 00F80000 00F840C0 0xF80000 - 0xF840C0 "Exclude from scan" - this is different in 3.1.4 as exec is different 0xF80418 00F80000 01000000 0xF80000 - 0x01000000 "Normal kickstart" 0xF80420 00F00000 00F80000 00F00000 - 0xF80000 "Extended ROM" 0xF80428 FFFFFFFF End of scantable
These are "standard" scantables - if you want to build a custom size ROM you may have to update these.
Libraries and Devices
The whole point of the ROM is to hold the libraries and devices, these are stored using library header which has a ROMTAG magic word, this is basically an illegal 680000 opcode (RTC_MATCHWORD) followed by a ROM address which should match the address of the magic number
For example $4AFC00FC00B6, $4AFC is the magic word, and the next 4 bytes $00FC00B6 should be the address of the magic word (if it's valid)
The ROMTAG structure allows exec to find the devices and libraries in ROM (using the scantable ranges) and initialise/load them.
Markus Wandel dissassembled the 1.2 exec back in 1989, here's the exec ROMTAG structure from his page
FC00B6 4AFC RTC_MATCHWORD (start of ROMTAG marker) FC00B8 00FC00B6 RT_MATCHTAG (pointer RTC_MATCHWORD) FC00BC 00FC323A RT_ENDSKIP (pointer to end of code) FC00C0 00 RT_FLAGS (no flags) FC00C1 21 RT_VERSION (version number) FC00C2 09 RT_TYPE (NT_LIBRARY) FC00C3 78 RT_PRI (priority = 126) FC00C4 00FC00A8 RT_NAME (pointer to name) FC00C8 00FC0018 RT_IDSTRING (pointer to ID string) FC00CC 00FC00D2 RT_INIT (execution address)
Checksum
The kickstart checksum is a very simple algorithm, to generate and store a new checksum;
CHECKSUM=0 Starting at the beginning of the rom, read in 4 byte chunks (treat each as an unsigned long word) Add the unsigned word to CHECKSUM If CHECKSUM overflows (wraps round past 0xFFFFFFFF) increment CHECKSUM by 1
While reading these long words don't add the current checksum in the ROM (24 bytes from the end of the ROM)
Subtract this CHECKSUM from 0xFFFFFFFF and store this 4 byte unsigned long word 24 bytes from the end of the ROM
Of course, if you just wanted to validate the checksum (and you didn't care what it is), you can run the algorithm (including the checksum position) and the result should be 0xFFFFFFFF
Size
The size of the ROM is stored at 20 bytes from the end of the ROM and is the size in bytes (e.g. 0x.00080000 = 524288 = 512k)
Vectors
The final 16 bytes are "hardware interrupt vectors", and don't vary much between the versions of the kickstart ROMs.
Download
This code is beta release code, provided "as-is" with no warranty implied, it WILL crash (even when used correctly), it has memory leaks and incomplete features and functions, use it at your own risk, do not run it with admin rights or superuser/root (it's not needed).
Decided to bundle the MacOS and Linux code in the same single zip file (why not?).
At the moment the MacOS and Linux code is (are?) statically linked, so no messing with libraries, but if/when there's GUI's or need to expose the functions as .dynlib/.so I'll create them as dynamic libraries (like the Windows DLL).
Started to keep old versions in case of bugs introduced - if you find an issue then use the CLI and issue "loglevel 9" before you run the commands that cause the error, "loglevel 1" to only display essential info (default) loglevel 0 to switch logging off and "logfile logfile-name" to send output into a file.
29/12/2022 Final 2022 release; Capitoline.v0.42(Xmas.2022).zip
- skick/RTB generator rehashed, tested with v2.05/3.1.4/3.2 ROMs
You can generate RTB files for use with skick (and others apps such as WHDLoad/mkick), this allows you to soft load different kickstarts, including your own custom ones, kicking a KS 1.x is more problematic as they use BCPL relocs which I don't cater for - maybe next time!
- GUI bugs displaying the wrong files or colours fixed
It wasn't scanning and reading the right tags after I renamed them for consistency.
- Kickstart 1.x and 2.x definition files
You'll be able to pull apart/rebuild KS 2.x, but KS 1.x is more tricky (unless you keep dos.library in the same address), added a 1.4 and some 3.0, also updated the exec libraries for skick entries (scantable).
- CDTV Extended ROM definitions added, including the unofficial CDTV land 2.35 extended ROMs
I've only done 2.7/2.30 ROMs and the 2.35 from CDTV Land - these contain quite a few patches, so if you have a CDTV, pop over to their site and give them a look.
- Few random bugs fixed, more than I can remember to be honest, but no big ones
I've discovered a couple of issues that I've added to the bug log, there's a odd crash when auditing a very large number of files, this might result in files not appearing in the GUI, but I've yet to get a consistent, repeatable test. Some of the GUI colours show up green for ROMs that don't have definitions for, this is when a file contains an unknown ROM, e.g. an encrypted ROM, I'll fix this next time.
10/1/2022 Time for a roll-up update; CapitolineV0.40(2022.rollup).zip
- Loading RAW data crashes Fixed - Only initialised a buffer properly if the data has a HEADER chunk.
- Windows GUI had bad line breaks in the CLI (script) interface, caused various cut/paste issues
- Windows GUI now Resizable (more work than it sounds)
- More accurate/faster scanning of files
- Cloanto encrypted/KickIt/ReKick files presented better, loading better, no crashes if keys missing
- Windows DLL functions documented
- echo command, useful for finding values of aliases/variables
- #comments ignored (a hash/pound ignores the line)
- Fixed falure analysing overburnt ROMs (detects overburning and only loads one copy now)
- Added 3.2 and 3.2.1 ROM definitions and updates (and completed a couple of 3.2.1)
- You can now load files based on their CRC32 hash rather than their location
18/6/2021 Added basic ADF support, tidy up GUI information handling; CapitolineV0.30(Beta3.ADF).zip
- Virtual ADF in the GUI, right-click to "Load ADF", then right click the individual files to add to the current Kickstart or extract to file
- In capcli you can "loadadf /path/to/adffile.adf" then "add ADF:/path/in/adf/to/filename.library"
- I seem to have forgotten to add the ability to extract files directly from the ADF in capcli (Windows GUI only) - I'll do that next time
- The Windows GUI is much tidier now, with fewer "unknown file" warnings, better icon handling
The ADF functionality is very, very limited as I'm not sure what I'm going to do with it yet, ADFs are read-only, only 880k OFS/FFS supported, but I'll add more ADF features as I need them - or if people request them.
8/6/2021 Minor updates, 3.2 Definitions; CapitolineV0.21(Beta2)-fixed-2.zip
11/6/2021 - update, 32bit version accidentally included which broke the Windows GUI (replaced with 64bit version now).
14/6/2021 - update, Missed the kickstart definitions for 3.2 (all modules were there, but not the main Kickstart definition).
- New 3.2 definitions added (and some other 3.1.4 plus a couple of other random/rare ones)
- New Windows binary (compiled with Visual Studio, hopefully to stop false positive virus warnings)
- HI/LO ROM name reverse bug (found by Simon Wilkie)
- Logfile bug fixed (found by Ian Court)
- Loglevel command added to reduced noise
- Various missassembler fixes (better extension word handling - but not complete) - usable but not as good as a commercial disassembler
- capcli commands slightly renamed for clarity/architecture
- New way of bundling code
- "test bed" of repeatable tests being built - not included in zip yet, but will speed up testing
- Website documents updated
13/10/2020 Roll-up of fixes; CapitolineV0.2(Beta2).zip
- New MacOS compile (Catalina), if you need an older version then I can add High Sierra
- Extended number of source files to 9999 and hash files to 9999, should make this automatic, but I'm too lazy
- Missassember fixes (it ignored some mnemonic differences)
- Added more inbuilt aliases, better checksum, ranges etc. I should probably document these
- New patching functions, copying chunks etc.
- Fixed a patching issue which always component 0
- Lots of new hash files for some remaining v3 kickstarts and most v2 kickstarts, might do some v1 if I can be arsed
Moved the code to a beta designation since finding and removing some initialization bugs
16/4/2020 Significant update, various bugs fixed;
- A serious one (not being able to save a ROM!)
- A serious one (patching only did half the job, and mostly to he wrong location)
- Not clearing deleted components (logical, not physical deletion)
- GUI now checksums automatically if you save a ROM
- Ability to checksum was accidentally removed!
Enhancements to the patching language, means you can directly access the current checksum ($CHECKSUM) and you can search for opcodes (it even calculates relative displacement) e.g. findopcode $exec.library "LEA F80352(PC),A0", you can also substring aliases (variables).
9/4/2020 Linux command line compiled and posted, same as MacOS version, changes need backporting to Windows
9/4/2020 MacOS command line compiled and posted, slightly newer version, changes need backporting
3/4/2020 Significant update to the disassembler, decodes Brief Extension Words, plus a load more 68000 mnemonics
26/3/202 Bugfix copying directly from an existing ROM to a working image (mishandled ROMBASE)
4/3/2020 First public release
To install;
- Unzip the archive anywhere
It's best to copy your ROMs and any modules into a folder under Capitoline before you run
To run;
- Run "capitoline.exe"
- Select the "Capitoline" folder that contains "Capitoline Hashes"
It will scan the files and folders under this directory structure each time you start Capitoline, so if you add any new ROMs etc. you will need to exit and re-run (there's no refresh function).
1Mb Hyperion ROM
- Create an empty boot ROM ($F8)
- Add exec module
- Add 1Mb scan table
- Patch exec to use the 1Mb table
- Add the rest of the boot ROM module
- Create an empty expansion ROM ($E0)
- Add 1Mb ROM header
- Add Workbench and Icon libraries
- Save new ROM
Why? the Hyperion (3.1.4/3.2) ROM is 512k, this is not enough space for all of the traditional components, so they decided to leave workbench.library out (like some A4000 ROMs) but they also leave out icon.library, so these must be loaded from disk, by using a 1Mb ROM you can load these missing components into ROM, save some RAM and boot a bit quicker - there's also space to add more stuff (if you want).
First a bit of background, the Amiga supports 3 ROM "banks", two of 512k and one 1Mb chunk, the first 512k "boot" bank is located at $F80000, then an extended 512k bank at $E00000 and finally another 1Mb bank at $A80000, when exec starts it looks in the first bank for ROMTAG's which are like library headers (scsi.device etc.), the 3.1 ROM on the CD32 also searches the second bank at $E00000, but most ROMs don't do this as most are designed for 512k, so to force exec to search $E00000 we have to patch the list of areas it searches. We're kind of lucky because it also searches another bank used for expansion ROMs (e.g. A590) at $F00000) so there's already a mechanism to search additional banks which we can hijack.
The original 3.1 ROM does this slightly differently to Hyperion as it appears to have an "exclude" area, so this patch is specifically for Hyperion and won't work on 3.1. And of course, this is also different to the early 256k ROMs which actually load at $FC0000, but that's another story...
Click on [ROMs] then [New ROM], use the defaults and click [Create]
You can delete the kickity-split as it's not needed for later kickstarts
Go back to your object browser, find your source ROM, expand then right-click on exec.library to "Add to ROM 0"
Browse to the [Components] folder and add the 1Mb_Scantable.3.1.4 (not the one ending in .bin), [Add to ROM 0] again
Click on the CLI tab, apply the patch to exec;
#Select ROM 0, this is very important in the GUI as it will crash if you don't specify it! rom 0 #Grab ENDSKIP of exec, alert.hook forms part of the module but must not be skipped alias ENDSKIP romdata $exec.library.(ROMTAG.ENDSKIP) 4 #Chop off the first two byes of ENDSKIP "0x" this address includes the ROMBASE alias ENDSKIP mid 2 #Make the start of the loaded Scantable took like the old one (it's the later bits that are important) patch $1Mb_Scantable.3.1.4.(START) 0x00F80000$ENDSKIP #Get the address of the new Scantable alias STSTART $1Mb_Scantable.3.1.4.(START) #Add the ROMBASE to this address alias STSTART add $ROMBASE #Find the existing Scantable find $exec.library 0x00F80000$ENDSKIP00F800000100000000F0000000F80000FFFFFFFF #Add the ROMBASE to get a proper Amiga address after the ROM is loaded alias FIND add $ROMBASE #Find where the old address is mentioned, in theory this could be just random data, but that's very unlikely. find $exec.library $FIND #Patch the old Scantable reference to the new address patch $FIND $STSTART
Note: This patch as been updated to work generically for all scantables for all the various 3.1.4/3.2/3.2.1 execs as these are often different, luckily, they only differ in the first "exclude" section, and that's related the the ENDSKIP of the exec module, so we just copy that address from the ROMHEADER.
This patch;
- Selects ROM 0 to work on
- Creates a variable $STSTART which is the address of the new scan table as it will appear in the ROM once loaded (note, the name "1Mb_Scantable.3.1.4" must match the file you added above)
- Finds the existing scan table, which is a list of areas in the memory to search, it's pairs of long words, start/finish the first pair being an exclude, then the $F8 bank ($F8->$10), then the $F0 bank (expansion roms such as A590), then a terminating $FFFFFFFF. The find command creates a variable (alias) "$FIND" which will hold the location where it found it.
- The "alias .. ADD" command will add the value of $ROMBASE (from the current selected ROM) to the FIND alias as all addresses in ROM will be their offset in the ROM + the ROMBASE
- Then we find where this address is referenced, this is a pointer to the scan table ($FIND will now hold the address of the old scan table)
- So then we patch the pointer to point to the new scan table (which also contains the $E0 bank)
Go back to your object browser, and add the rest of the components you want in the boot ROM, basically everything except the module that loads workbench (WBFind/system-startup) - the whole point of this is to put Workbench and Icon in kickstart
Create a new (extended) ROM, don't use the default settings, this time you need to create an $E00000 ROM, without the default components, name it something different.
Add the $E0 romheader and the Workbench and Icon libraries, you've quite a lot of space, so you can add whatever you like here.
Click on the "Amiga Profile" tab, select the target architecture, your two ROMs "banks", whether you want the output split (e.g. for a TL866), byteswap etc. and click [Save]
Patching 3.1 EXEC for 1Mb
The process to create a 1Mb 3.1 (pre 3.1.4) ROM is exactly the same as a 3.1.4 ROM except the patch is more complex because in pre 3.1.4 exec used a scan table that that is referenced by a relative address (i.e. not an absolute address, "LEA nnnn(PC).A0"), luckily by using the disassember functions Capitoline can search for effective address opcodes to save you disassembling it yourself.
So here's the run-through to get a ROM capable of 1Mb using the CLI
Create an empty ROM;
newrom 512k
rombase 0xF80000
add "ROMs\TOSEC.Firmware\Kickstart v3.0 r39.106 (1992-09)(Commodore)(A1200)[!].rom" exec.library
add components\BinaryChunks\1Mb_Scantable
Locate the old scan table (this is pretty much the same for all 3.1 ROMs except CD32 which is already 1Mb capable)
find $exec.library 0x00F800000100000000F0000000F80000FFFFFFFF
alias FIND add $ROMBASE
alias FIND mid 4
alias OPCODE "LEA $FIND(PC),A0"
Locate the opcode (which will include the relative displacement reference)
findopcode $exec.library "$OPCODE"
alias FIND add 2
alias REL $1Mb_Scantable.(START)
alias REL subtract $FIND
alias REL mid 6
Patch the opcode to have the new relative displacement;
patch $FIND 0x$REL
Repeat for the second reference;
findopcode $exec.library "$OPCODE"
alias FIND add 2
alias REL $1Mb_Scantable.(START)
alias REL subtract $FIND
alias REL mid 6
patch $FIND 0x$REL
And you're done, you can now add the rest of the components.
The other big difference between 3.1 exec and 3.1.4 exec is that because an absolute displacement is used in 3.1.4, you can place the new scan table anywhere is ROM (as opposed to relative displacements using "words" can only be +/- 32k jumps), this means that the new scan table in 3.1 must be directly after exec.
Bootable 1.3
This guide lets to create a bootable SCSI 1.3 ROM just using Capitoline, you will however need a 256k Kickstart 1.3 ROM (the size is important, an "overburnt" 512k ROM will not work) and a scsi.library which you an extract from the 3.1 library of your choice, I used the one from the A1200 ROM.
Note, if you haven't extracted the library from the ROM, but you have the 3.1 ROM, you can add it directly from the ROM without extracting;
instead of
add "E:\Capitoline\Components\os-source\v40\0x75094a7b.scsidisk_40.12_(21.12.93)You can;
add "/location/of/3.1 Kickstart" scsi.device
e.g. add "E:\Capitoline\ROMs\TOSEC.Firmware\Kickstart v3.1 r40.068 (1993-12)(Commodore)(A1200)[!].rom" scsi.device
Part 1 - Create the "lower" 0xF8000 ROM for SCSI
Create an empty ROM with a 0xF80000 ROMBASE, add the 0cFC0000 ROMHEADER (or it won't boot)
Add the scsidisk library (in this case from the A1200 40.68 KS3.1)
Add the extra code which creates a "boot node" to allow the disk to boot
newrom 256k 255
rombase 0xf80000
add Components\BinaryChunks\ROMHeader_FC.bin
add Components\os-source\v40\0x75094a7b.scsidisk_40.12_(21.12.93)
add Components\binarychunks\add_boot_node.binPatch the SCSI library so that it calls the new code - there's two locations to patch.
findopcode $0x75094a7b.scsidisk_40.12_(21.12.93) "JSR FCD6(A6)"
alias OPCODE $add_boot_node.bin.(START)
alias OPCODE subtract $FIND
alias OPCODE subtract 2
alias OPCODE add 0x61000000
patch $FIND $OPCODE
findopcode $0x75094a7b.scsidisk_40.12_(21.12.93) "JSR FFDC(A6)"
alias OPCODE $add_boot_node.bin.(START)
alias OPCODE subtract $FIND
alias OPCODE add 26
alias OPCODE add 0x61000000
patch $FIND $OPCODENext add the code to initialise Gayle (assuming you have a Gayle or emulate Gayle)
add Components\binarychunks\init_gayle.binPatch the scsi.library INIT (ROMTAG.INIT) call to jump into the new code
alias SCSIINIT romdata $0x75094a7b.scsidisk_40.12_(21.12.93).(ROMTAG.INIT) 4
alias GAYLE $init_gayle.bin.(START)
alias GAYLE add $ROMBASE
patch $0x75094a7b.scsidisk_40.12_(21.12.93).(ROMTAG.INIT) $GAYLEPatch the Gayle init code to jump to the original address of the scsi.library INIT which we saved in SCSIINIT
alias GAYLE $init_gayle.bin.(END)
alias GAYLE subtract 4
patch $GAYLE $SCSIINITFinally, add the standard ROM components, and checksum it - then we're all done for $F80000
add checksum
add size
add vectors
checksumPart 2 - Patch the original 1.3 ROM the "upper" $FC0000 ROM
Next we need to load the original KS1.3 and patch its library scan table to look at $F80000-$FC0000 as it normally doesn't - luckily, for 1.3 it seems to scan $FC0000-$10000000 twice, so we can overwrite the second one (makes the patch simple), analyserom is used to find exec, in case you don't have the full kickstart definition file, don't forget to checksum.
loadrom "ROMs\TOSEC.Firmware\Kickstart v1.3 r34.005 (1987-12)(Commodore)(A500-A1000-A2000-CDTV)[!].rom
analyserom
find $exec.library 0x00FC00000100000000FC00000100000000F0000000F80000FFFFFFFF
patch $FIND 0x00FC00000100000000F8000000FC000000F0000000F80000FFFFFFFF
checksumPart 3 - Save your work!
Join the two ROMs together and save the file, you might want to use "saveprofile test_ks1.3scsi.rom byteswap" if you're buring a real ROM
romprofile 0 1
saveprofile test_ks1.3scsi.romAcknowledgements
I didn't develop the code that creates the boot node, I found it in the Commodore docs when it talked about manually creating a boot node, this and the code for checking the version of expansion.library was in the GetSCSI11 code developed by Torbjörn Andersson which you can find Here on Aminet.
The code to initialise Gayle was found Here and written by user A10001986 (who I think is still active on Aminet) the thread was started by dJOS (offering a bounty to fix the issue) and kipper2k matched the bounty.
Furia PCMCIA 3.1
If you want to use PCMCIA and the full 8Mb on an original 3.1 Kickstart, you can replace the original cardres.device with a patched one from EAB.
Because the patch is smaller than the original, all you have to do is delete the original module from the ROM and then when you add the patched one, it will just fit into the new space, no issue.
First get the patched cardres.ld.strip from EAB (you'll need to extract the file from the .lha) then fire up capcli;
loadrom kick31.rom delete 28 add cardres.ld.strip checksum saverom kick31.patched.rom
And you're done, note - I'm assuming you're using the same ROM as me - so cardres.device is component number 28, you might want to check this first by using the "rom" command.
This was requested by/identified for Tom Walker on Facebook.
Terrible Fire
To use the onboard IDE of the Terriblefire cards you need to add the ehide.device, either using loadmodule after booting from an internal drive or you can build a custom ROM, if you have a 3.2.1 ROM this is super easy as there's (just) enough space to add it without removing anything or creating a 1Mb ROM.
loadrom "ROMs/Hyperion/3.2.1/A1200.47.102.rom" add "Components/TerribleFire/ehide IDE Driver 1.1 (18.6.21)/ehide.device" checksum saverom Kickstart.3.2.1.withehide
If you have a twin ROM system (e.g. A1200) and want to create files for burning to 27c400 eproms (e.g. you need to split/byteswap), then instead of "saverom" you can create a profile and save that instead;
romprofile 0 0 saveprofile 512 byteswap Kickstart.3.2.1.withehide
The romprofile 0 0 just adds two copies of the ROM "overburning" to fill the ROMs - you may get unexpected results if you only partially burn EPROMs.
This will create two files "Kickstart.3.2.1.withehide.0.bin" and "Kickstart.3.2.1.withehide.1.bin" for burning.
Using the command line (CapCLI)
The command line gives you everything that the GUI can do (plus some other commands), but it's a bit more laborious, you can use the Windows CMD window (capcli.exe), the MacOS terminal (capcli.MacOs) and the Linux shell (capcli.Linux), they all work the same I've tried to list the command in the order you might use them.
CapCLI>
commands:
help
Not always that much help as I haven't kept it up to date - I'll come back to this
loadrom /path/to ROM
Loads a file as if it was a Kickstart file, if you have a hash file for the kickstart then it will also understand all the individual components
roms
List the roms that you have loaded (or created)
rom [n]
Display the current ROM (if you don't give a number) or switch to "ROM n" if you do, the ROM numbers are given by the "roms" command
savecomponent [n]
Extracts a component (n) to your current savepath, if you don't specify a number, then it will save them all, this is similar to the "romsplit" tool
newrom [size]
Create a new (empty) ROM, valid sizes are nnnn (a number of bytes), nk (n kb, e.g. 512k - the most useful), nm (n mb, e.g. 1m)
add /path/to/component
Add a component (like one you saved earlier, or any loadable, romable library)
add [kickity-split|size|checksum|vectors]
Add a standard component, note these aren't library components so don't have relocs, it's best to add these before you add any libraries
saverom [filename]
Saves the current ROM, note this is just the current ROM, no byteswap or split, if you want to do more complex things like multiple ROM banks for dual eprom machines with byte swap etc. then you need to create a rom profile and save that instead, this just saves the raw data of one ROM bank.
romprofile [single|dual|cd32] [ROM numbers]
This defines which ROMs you want to select and the number of ROMs (i.e. your particular physical Amiga).
So, an A600 with a $F8 ROM and a $E0 ROM could be "romprofile single 0 1" (assuming you have two ROMs loaded)
saveprofile [512] [byteswap] /path/to/outputfile
To save the ROM(s) ready for burning (or an emulator), for an emulator you might not need any options, as a single file with no byteswap might be OK, but if your burner can only burn in 512k chunks you might need to add the "512" option, and you can byterswap for burning
exit
Quit from the capcli tool
There's a load more commands, analyserom, analysecomponent, savecomponenthash, saveromhash, addreloc, editcomponent, loadadf, adflist, adfsavefile plus all the patching commands, so I'll add some more stuff here when I can be arsed.
The MIssAssembler
There's a built in 68000 disassembler, it's very basic but it's a start...
From the CLI, just select the ROM you want
CapCLI> loadrom "ROMs\TOSEC.Firmware\Kickstart v1.2 r33.180 (1986-10)(Commodore)(A500-A1000-A2000)[!].rom"
You must either have a definition file for the ROM in your Capitoline Hashes or use "analyserom" to find the components
Then you can run the disassembler, just use the component number;
CapCLI> missassemble 0FC0000 11 11 .. FC0002 JMP FC00D2 ;ROM Boot address FC0008 00 00 FF FF .... FC000C 0x0021 ;Major version 33 FC000E 0x00B4 ;Minor version 180 FC0010 00 21 00 C0 FF FF FF FF .!...... RT_IDSTRING FC0018 "exec 33.192 (8 Oct 1986)\r\n\0" FC0033 00 FF FF FF FF 0D 0A 0A 41 4D 49 47 41 20 52 4F ........AMIGA RO FC0043 4D 20 4F 70 65 72 61 74 69 6E 67 20 53 79 73 74 M Operating Syst FC0053 65 6D 20 61 6E 64 20 4C 69 62 72 61 72 69 65 73 em and Libraries FC0063 0D 0A 43 6F 70 79 72 69 67 68 74 20 28 43 29 20 ..Copyright (C) FC0073 31 39 38 35 2C 20 43 6F 6D 6D 6F 64 6F 72 65 2D 1985, Commodore- FC0083 41 6D 69 67 61 2C 20 49 6E 63 2E 0D 0A 41 6C 6C Amiga, Inc...All FC0093 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 Rights Reserved FC00A3 2E 0D 0A 00 00 ..... RT_NAME FC00A8 "exec.library\0" FC00B5 00 . FC00B6 0x4AFC ;RT_MATCHWORD FC00B8 0xFC00B6 ;RT_MATCHTAG FC00BC 0xFC323A ;RT_ENDSKIP FC00C0 0x00 ;RT_FLAGS FC00C1 0x21 ;RT_VERSION FC00C2 0x09 ;RT_TYPE FC00C3 0x78 ;RT_PRI FC00C4 0xFC00A8 ;RT_NAME FC00C8 0xFC0018 ;RT_IDSTRING FC00CC 0xFC00D2 ;RT_INIT FC00D0 4E 70 Np RT_INIT FC00D2 LEA 40000,SP FC00D8 MOVE.L #$20000,D0 FC00DE SUBQ.L #1,D0 FC00E0 BGT FC00DE FC00E2 LEA FC0000(PC),A0 FC00E6 LEA F00000,A1 FC00EC CMPA.L A1,A0 FC00EE BEQ FC00FE FC00F0 LEA FC00FE(PC),A5 FC00F4 CMPI.W #$1111,(A1) FC00F8 BNE FC00FE FC00FA JMP 2(A1) ; Complex relative branch or jump FC00FE MOVE.B #$3,BFE201 FC0106 MOVE.B #$2,BFE001 FC010E LEA DFF000,A4 FC0114 MOVE.W #$7FFF,D0 FC0118 MOVE.W D0,9A(A4) FC011C MOVE.W D0,9C(A4) FC0120 MOVE.W D0,96(A4) FC0124 MOVE.W #$200,100(A4) FC012A MOVE.W #$0,110(A4) FC0130 MOVE.W #$444,180(A4) FC0136 MOVEA.W #$8,A0 FC013A MOVE.W #$2D,D1 FC013E LEA FC05B4(PC),A1 FC0142 MOVE.L A1,(A0)+ FC0144 DBF D1,$FC0142(PC) FC0148 BRA FC30C4 FC014C MOVE.L 4,D0 FC0150 BTST #0,D0 FC0154 BNE FC01CE FC0156 MOVEA.L D0,A6 FC0158 ADD.L 26(A6),D0 FC015C NOT.L D0 FC015E BNE FC01CE FC0160 MOVEQ #0,D1 FC0162 LEA 22(A6),A0 FC0166 MOVEQ #18,D0 FC0168 ADD.W (A0)+,D1 FC016A DBF D0,$FC0168(PC) FC016E NOT.W D1 FC0170 BNE FC01CE FC0172 MOVE.L 2A(A6),D0 FC0176 BEQ FC0184 FC0178 MOVEA.L D0,A0 FC017A LEA FC0184(PC),A5 FC017E CLR.L 2A(A6) FC0182 JMP (A0) ; Complex relative branch or jump FC0184 BCHG #1,BFE001 FC018C MOVE.L FC0010(PC),D0 FC0190 CMP.L 14(A6),D0 FC0194 BNE FC01CE FC0196 MOVEA.L 3E(A6),A3 FC019A CMPA.L #$80000,A3 FC01A0 BHI FC01CE FC01A2 CMPA.L #$40000,A3 FC01A8 BCS FC01CE FC01AA MOVEA.L 4E(A6),A4 FC01AE MOVE.L A4,D0 FC01B0 BEQ FC0240
The disaasember attempts to identify entrypoints by trying to understand the library structure, but this rarely gives you a full disassembly of the code (although it doesn't try to interpret text as code, so it's tidier).
If you want to run the disassembler without using entrypoints then add the parameter "onepass" you'll get more code disassembled, but also more garbage.
CapCLI> missassemble 0 onepass MissAssembling exec 33.192 (8 Oct 1986) ROMBase 00fc0000 Current allocation (0xFC0000-0xfc34cc) potential maximum allocation (0xFC0000-0xfc34cc) FC0000 MOVE.B (A1),-(A0) FC0002 JMP FC00D2 FC0008 ORI.B #$FFFF,D0 FC000C ORI.B #$B4,-(A1) FC0010 ORI.B #$C0,-(A1) FC0014 (unknown ffffFFFF) 68881/68882? IDSTRING: FC0018 "exec 33.192 (8 Oct 1986)\r\n\0\0" FC0034 (unknown ffffFFFF) 68881/68882? FC0038 BTST D6,A2 FC003A MOVEA.? D1,A5 FC003C (unknown 4d49) FC003E (unknown 4741) FC0040 MOVEA.L (A2),A0 FC0042 (unknown 4f4d) FC0044 MOVEA.L SP,A0 FC0046 MOVEQ #65,D0 FC0048 MOVEQ #61,D1 FC004A MOVEQ #69,D2 FC004C BGT FC00B5 FC004E MOVEA.L (A3),A0 FC0050 (unknown 7973) FC0052 MOVEQ #65,D2 FC0054 BLT FC0076 FC0056 BSR FC00C6 FC0058 BCC FC007A FC005A (unknown 4c69) FC005C BHI FC00D0 FC005E BSR FC00D2 FC0060 BVS FC00C7 FC0062 (unknown 730d) FC0064 MOVEA.? D3,A5 FC0066 BLE FC00D8 FC0068 (unknown 7972) FC006A BVS FC00D3 FC006C BVC FC00E2 FC006E MOVE.L 4329(A0),D0 FC0072 MOVE.L [X:3938]352C2043(A1,[X:3938]D3),D0 FC007A BLE FC00E9 FC007C BLT FC00ED FC007E BCC FC00EF FC0080 MOVEQ #65,D1 FC0082 MOVE.L D1,6D69(A6) FC0086 BEQ FC00E9 FC0088 MOVE.L -(A0),D6 FC008A (unknown 496e) FC008C BLS FC00BC
...
