As I've
mentioned previously, the Mega Drive has a ROM address space of 32 megabits, or four megabytes. What this means is the console can only "see" a maximum of four megabytes of ROM storage on the cartridge; later games such as Street Fighter II used bank switching techniques which are beyond the scope of this discussion.
The point is moot though, because for most of the console's lifecycle, very few games ever came close to reaching this limit. For instance, Sonic 1, released in 1991, weighed in at a scant 4 megabits, or 512 kilobytes.
When it boots up, the Mega Drive's hardware maps the ROM contents of the cartridge directly to the start of its address space, as illustrated in the following diagram:
| 0x000000 |
| 0x080000 |
| 0x400000 |
|
| Sonic 1 Main ROM |
| empty space |
|
As a result, the ROM's
vector table, a list containing pointers to the game's interrupt and exception handlers, as well as the main entry point into the game's code, is allocated at address zero, right where the 68000 processor can find it. It is followed by the
Mega Drive ROM header at address $100, which can be used to identify the game cartridge.
0x000100 SEGA MEGA DRIVE
0x000110 (C)SEGA 1991.APR
0x000120 SONIC THE
0x000130 HEDGEHOG
0x000140
0x000150 SONIC THE
0x000160 HEDGEHOG
0x000170
0x000180 GM 00001009-00
Meanwhile, the Sonic & Knuckles cartridge's main ROM is 16 megabits long. The Mega Drive's hardware maps it to the start of the ROM address space as usual, where it takes up exactly half of the available addresses.
| 0x000000 |
| 0x200000 |
| 0x400000 |
|
Sonic & Knuckles
Main ROM |
| empty space |
|
When another cartridge is locked on, special hardware inside the Sonic & Knuckles cartridge maps the second ROM to the second half of the Mega Drive's address space, starting at address $200000:
| 0x000000 |
| 0x200000 |
| 0x280000 |
| 0x400000 |
|
Sonic & Knuckles
Main ROM |
| Sonic 1 Main ROM |
| empty space |
|
As a consequence of this configuration, the vector table in the Sonic 1 ROM is now completely useless, because all the pointers refer to addresses in the 0-$80000 range, which is now mapped to arbitrary content from the Sonic & Knuckles ROM, rather than the intended Sonic 1 game code.
The ROM header, on the other hand, is safe and sound at address $200100, and can be used to identify the locked-on cartridge. Code at Sonic & Knuckles' entry point compares the contents of this address with a couple of known headers and boots up into different modes based on whether it detects Sonic 3, Sonic 2, Sonic 1, or an unknown cartridge.
Next time, we'll look at the first of these modes – Sonic 3 & Knuckles – as well as the exact limits of lock-on technology.
Is it possible to use Lock-On Technology on emulators?
ReplyDeleteyes
DeleteThanks. I know that the NES game Little Red Hood and the SNES game Super Noah's Ark 3D also use Lock-On Technology, but in order to bypass the lockout for unlicensed cartridges.
DeleteI'm nerding out this is all amazing ^_^
ReplyDeleteSo, what's happening when you stack multiple Sonic & Knuckles carts on top of each other? Why does topping a stack with another game still work, to a point? Are the extra carts actively doing anything other than acting as a pass-through, and if not, which cart is actually running?
ReplyDeleteI didn't even know you could do that! I have no idea how it works from a hardware standpoint, but if the game is booting up then both the S&K ROM and the lock-on ROM are being mapped to the correct addresses.
DeleteWhich cart is actually running: that's an extremely good question! Unfortunately, to my knowledge all S&K carts have the same exact data, so I can't think of a way to determine this empirically other than purposely breaking one of them -- maybe by removing the Knuckles in Sonic 2 patch ROM and seeing which configuration still boots.
Hello nice blog.
ReplyDelete