        ======================
        DOS Notes & Pointers..
        ======================

        -=> By THE FREEZE <=-

Suggested reading: Beneath Apple DOS
                   The DOS Manual

Needed equipment: Apple, Drive
                  IQ > 60

  I will start this article by giving
you an overview of what is in DOS and
what it does. First of all there is
the RWTS. This allows you to read or
write a sector at a time. All oper-
ations are done either directly or
indirectly through this. Starting at
$B600 and ending at $BFFF RWTS takes
up about 2.5K. Next is the File
Manager. This goes from $AAC9 to $B5FF
This is a bunch of subroutines which
execute your commands from basic.
Then there are the main DOS routines.
These interpret your commands and tell
the file manager what to do, which in
turn uses the RWTS to do them. These
routines go from $9D00 to $AAC8.
When you have MAXFILES set to 3, DOS
reserves memory from $9600 to $9CFF.
Setting MAXFILES higher will take up
more memory, lower than $9600.
There is another part of DOS, which
resides in the latter part of page 3
or from $3D0 to $3FF. This is called
the Dos Vector Table. I will go into
detail on that later.

 Well now, lets say you put a disk in
the drive and turned your computer on.
Then you loaded a file, edited it and
saved it. Why don't we take a look and
see exactly what is happening.

 When you turn your computer on (if
you have autostart) the code on your
drive controller prom takes over.
This loads in a routine at $800.
This is called Boot 0. Then it jumps
to $801 and executes that code (boot
1). That code loads in sectors 1
through 9 which in turn loads in the
rest of DOS. Then it looks to see if
you have a HELLO program and jumps
to it. The first thing it does when
loading in a program, in this case
the HELLO program, is look at the
catalog track. Then after it finds
the file and the track and sector it
starts on, it reads in the first
sector. The first sector of a program
is called the Track Sector List or
TSL. This is a listing of all tracks
and sectors that have data for that
program. DOS reads this into memory
and then starts loading the program
in. But where does it know where to
load the program in and how does it
know what file type it is?
The file type was back on the catalog,
more (lots more) on that later...
On the first sector of data, not the
TSL, in the first two bytes is the
address to start loading in at. These
bytes as usual are in reverse order.
Well, now you know a little of how
DOS works. Lets go into more detail.

 Here is where I will probably lose
you. If it gets confusing hang on.
 Now we will look at track $11, which
is the catalog track. The VTOC or
Volume Table Of Contents is stored
at track $11, sector $00. This tells
DOS such things as: what sectors are
free, volume #, DOS version, first
link to catalog sector...
Bytes $01 & $02 of the VTOC tells us
 where to find the
first catalog sector. This usually is
track $11, sector $0F. Byte $02 is
the DOS version. Either a "1", "2",
"3", for DOS 3.1, 3.2, 3.3, consec-
utively. Byte $07 is the volume #
usually $FE (254). The next thing of
interest is the Bit Map. Starting at
byte $38 you will see "FFFF0000".
For now, ignore the last two bytes.
The "FFFF" is a binary representation
of what sectors are free on a certain
track. In the two bytes there are
16 bits. Makes sense doesn't it, 16
bits and 16 sectors. If the bit is
set or a "1" then that sector is free.
If it is a "0" then it's used.
Now lets look at the catalog link.
On track $11, sector $0F, byte $01,
are two bytes that tell what track
and sector to find the first catalog
sector. This is almost always track 11
sector $0F. On track $11, sector $0F,
bytes 1 and 2, is a pointer to the
next sector, track $11, sector $0E.
The links continue until sector $01
where you will see zero's in those
bytes. I have been asked many times
how to get more than 105 files onto
a disk. If you edit the second and
third bytes on track $11, sector $01
to "100F", you will be able to use
track $10, sector $0F for a catalog
sector. You can continue on track
10 sector F and make a link to the
next sector and so on. Be sure to
mark it on the bit map or it will
get wiped out when DOS has to write
there. Well, we have covered most
of the VTOC, lets look at how the
catalog sectors are formatted.

 Starting at byte $0B on any catalog
sector, is the entry for a file.
The first two bytes after that, tells
what track and sector the program
starts on. Then is the file type (more
on that later). Next comes the file
name, up to 30 characters. The last
byte before the next entry tells us
how many sectors the file takes.
This usually never goes over 255
sectors, however text files can take
more than 255 sectors. Now we can
look at the file type. We have to look
at this at the binary level. If the
first bit is set, it is a text file.
If the second is set, it's Integer.
Third is applesoft, fourth is binary.
If the eigth or MSB is set, the file
is locked. It's really quite simple.
$00 means a text file. $80 means a
locked text file. If it is a $84,
we have a locked binary file.

 Now for the complicated stuff, how
DOS writes sectors, INITs a disk,
the "6 & 2" split. Lets say you put a
blank disk in the drive, initialized
it, and saved a file onto it. Lets see
what happens. First off, at $A54F is
the INIT routine. If you did A54FG
from monitor, it would INIT your disk
without a hello program. This lets
your disk boot faster because it does
not have to load in that file.
Ok. So you type in "INIT HELLO". DOS
takes over and starts formatting your
disk starting with track 0 and ending
with track $23. Then it writes the
catalog track and VTOC. Last it writes
in DOS. Lets take a close look at a
disk at the track level. First off we
have what is called a GAP. This is made
up of "FF"'s. Then we have the prolouge
marks, ye olde "D5 AA 96". After that
comes the volume, track, sector, check-
sum, epilouge "DE AA EB". Then comes a
smaller GAP with a different prolouge
"D5 AA AD". Then $342 bytes of user
data. Oops! $342 bytes of user data?
I thought there were only $FF or 255
bytes per sector! (more on this later).
Then we have the checksum. And last
we have the epilouge "DE AA EB".
There are certain bytes that DOS
doesn't write as data. These bytes are
used in proulouge and epilouge marks.
DOS looks for these when trying to find
a sector. Now for the "6 & 2" split.
The hardware on the apple doesn't allow
for more than $3F different bytes to
be written. That's why they used the
"5 & 3" split on 3.2 disks. What that
means is that from one byte, five bits
are taken out and form one byte. The
other three bits form one byte also.
The six and two split is the same thing
as the five and three but allows for
more combinations.

 Now for a little on copy protection.
Back in the good 'ol days we could just
demuffin everything. All they had was
a modified DOS or changed address marks
etc. After that they got a little
smarter and some wrote their own DOS
or used a modified RWTS. But nothing
stops us pirates, all you had to do
is read in data through their RWTS and
write it back out standard. Then they
got dirty, using the text page and the
input buffer for data or code. They
even used the stack (page 1) for code.
To get around this, NMI card like
crackshot and cracking chips were made.
these dumped all memory to disk allow-
ing the text page and the input buffer
to be undisturbed. The newest thing
seems to be SPIRAL TRACKING. The first
game I saw this on was Maze Craze.
Cracking it was quite easy though. All
you had to do is cut out one part of
disk access (at $855) that wasn't even
needed. But who knows what we will be
up against in the future.

 I suggest you read "Beneath Apple DOS"
 and look at the DOS manual supplied
with your Apple. This is for beginners
or people who are too lazy to read
a book...

 I would appreciate lots of questions,
I may not have made myself too clear
or you may want to know more about
a certain area. Just leave me e-mail.

   The Freeze