As I've
mentioned previously, the Mega Drive has a ROM address space of 32 megabits, or four megabytes. What this means is the console can only "see" a maximum of four megabytes of ROM storage on the cartridge; later games such as Street Fighter II used bank switching techniques which are beyond the scope of this discussion.
The point is moot though, because for most of the console's lifecycle, very few games ever came close to reaching this limit. For instance, Sonic 1, released in 1991, weighed in at a scant 4 megabits, or 512 kilobytes.
When it boots up, the Mega Drive's hardware maps the ROM contents of the cartridge directly to the start of its address space, as illustrated in the following diagram:
| 0x000000 |
| 0x080000 |
| 0x400000 |
|
| Sonic 1 Main ROM |
| empty space |
|
As a result, the ROM's
vector table, a list containing pointers to the game's interrupt and exception handlers, as well as the main entry point into the game's code, is allocated at address zero, right where the 68000 processor can find it. It is followed by the
Mega Drive ROM header at address $100, which can be used to identify the game cartridge.
0x000100 SEGA MEGA DRIVE
0x000110 (C)SEGA 1991.APR
0x000120 SONIC THE
0x000130 HEDGEHOG
0x000140
0x000150 SONIC THE
0x000160 HEDGEHOG
0x000170
0x000180 GM 00001009-00
Meanwhile, the Sonic & Knuckles cartridge's main ROM is 16 megabits long. The Mega Drive's hardware maps it to the start of the ROM address space as usual, where it takes up exactly half of the available addresses.
| 0x000000 |
| 0x200000 |
| 0x400000 |
|
Sonic & Knuckles
Main ROM |
| empty space |
|
When another cartridge is locked on, special hardware inside the Sonic & Knuckles cartridge maps the second ROM to the second half of the Mega Drive's address space, starting at address $200000:
| 0x000000 |
| 0x200000 |
| 0x280000 |
| 0x400000 |
|
Sonic & Knuckles
Main ROM |
| Sonic 1 Main ROM |
| empty space |
|
As a consequence of this configuration, the vector table in the Sonic 1 ROM is now completely useless, because all the pointers refer to addresses in the 0-$80000 range, which is now mapped to arbitrary content from the Sonic & Knuckles ROM, rather than the intended Sonic 1 game code.
The ROM header, on the other hand, is safe and sound at address $200100, and can be used to identify the locked-on cartridge. Code at Sonic & Knuckles' entry point compares the contents of this address with a couple of known headers and boots up into different modes based on whether it detects Sonic 3, Sonic 2, Sonic 1, or an unknown cartridge.
Next time, we'll look at the first of these modes – Sonic 3 & Knuckles – as well as the exact limits of lock-on technology.
Is it possible to use Lock-On Technology on emulators?
ReplyDeleteyes
DeleteThanks. I know that the NES game Little Red Hood and the SNES game Super Noah's Ark 3D also use Lock-On Technology, but in order to bypass the lockout for unlicensed cartridges.
DeleteI'm nerding out this is all amazing ^_^
ReplyDeleteSo, what's happening when you stack multiple Sonic & Knuckles carts on top of each other? Why does topping a stack with another game still work, to a point? Are the extra carts actively doing anything other than acting as a pass-through, and if not, which cart is actually running?
ReplyDeleteI didn't even know you could do that! I have no idea how it works from a hardware standpoint, but if the game is booting up then both the S&K ROM and the lock-on ROM are being mapped to the correct addresses.
DeleteWhich cart is actually running: that's an extremely good question! Unfortunately, to my knowledge all S&K carts have the same exact data, so I can't think of a way to determine this empirically other than purposely breaking one of them -- maybe by removing the Knuckles in Sonic 2 patch ROM and seeing which configuration still boots.
Well, it's a pretty easy answer if you think about how it works. Mapping in mega drive hardware is not some process done by any special hardware, it's just the result of how memory mapping works physically, but tl;dr is is that chips get enabled based on decoding logic that's usually a combinatorial circuit that sends chip enable signals to specific bits of hardware based on what address lines are set certain ways.
DeleteThe S&K cartridge does pretty much the same thing as the address decode logic does in the Mega Drive/Genesis. The address space in the region allocated to the cartridge can be decoded pretty much however the cart chooses, which is why bank switching works. In S&K's case, it just enables the ROM on the attached cart once the address lines encode something past the end of its main ROM.
What does this mean? It means that the cart that "runs" will be the S&K directly attached to the console, as it's actually what's physically attached to the bus of the console, and only extends the remaining address space it can to the other ROM to be addressed past that address.
Now, I'm not sure why it would not do a "NO WAY!" screen at this point since I don't believe the ROM has itself in the list of known headers, but it might be for the same reason as Street Fighter II and it might just think there's nothing valid there and boot S&K mode.
Of course, even if we were to somehow jump execution down to the attached ROM, it'd last until the first interrupt, then execution would just fall back to the directly attached ROM. The good news is since the code's identical, state will still be valid for the first ROM.
Hello nice blog.
ReplyDelete