For anyone working on decoding the BIOS, here's my list of variables
definitions so far. Sorry, but I can't provide the source code yet
without violating SEGA's copyright of the object code. I've got to
figure out a way to do this. I remember the BIG MAC assembler for the
APPLE II (it was all upercase back then!) had someone's source code
disassembly comments... they got around the copyright by only
distributing the comments... a provided program would disassemble your
ROM and match up the comments (of course, there was only one version of
ROM back then). Until then, these labels should help (and I plan on
incorporating them into LCDIS).

** STUPID VMU TRICK **
In looking at the BIOS code, I found only one "secret" thing so far.
(Actually two, but I'm not sure of the second one yet). It's pretty
lame, but here goes:

SECRET KEY SEQUENCE ON POWER-UP STOPS MEMORY-ERASE ROUTINE!!!
On power up (or reset), the software blacks-out the screen and beeps for
two seconds. It then checks for the secet button presses-- if the
buttons are pressed and the RAM contains the magic "initialized"
sequence (at $02C-$02F, see below), then the total memory clear is
aborted.

How does it help you? Not too much. As I said, it is a stupid trick.
About all it gets you out of is re-setting the time. The User's ram is
cleared after the VMU game exits, but not before, so if your program
crashes (or gets reset), the variables won't get lost. Of course, when
you run the game again your program may reset it's own variables, but
that's it's fault, not the BIOS's.

Example: Turn on the VMU and set the time. Now press the A,B, mode, and
select buttons and hold them down. Insert the battery tab for a second
or press the reset button . Now keep the buttons pressed until after the
beeping stops. Release. The old time won't be erased. Whohoo!

-- John




Ram bank 0 (the "OS" bank):
000-003 Index registers, bank 0 [default]
004-007 Index registers, bank 1 [doesn't seem used
by BIOS]
008-00b Index registers, bank 2 [doesn't seem used
by BIOS]
00c-00f Index registers, bank 3 [doesn't seem used
by BIOS]
010-015 Buffer used by clock mode to convert current
date and time to BCD (Binary Coded Decimal)
010 TEMP_BCD_YEARHI
011 TEMP_BCD_YEARLO
012 TEMP_BCD_MONTH
013 TEMP_BCD_DAY
014 TEMP_BCD_HOUR
015 TEMP_BCD_MINUTE
016 TEMP_BCD_SECOND never used?

017 CD_YEARHI Current date, year (high byte, binary)
018 CD_YEARLO Current date, year (low byte, binary)
019 CD_MONTH Current date, month
01A CD_DAY Current date, day
01B CD_HOUR Current time, hour
01C CD_MINUTE Current time, minute
01D CD_SECOND Current time, second
01E CD_HALFSEC Current time, halfsecond (0 or 1)
01F CD_LEAPYR odd=leapyear, even=not leapyear

020 has a decoded value (0-3==>1,2,4,8) of bits 2&3
of P7 (MEM023)
021 MEM020 and MEM021 also have a value that is
written to work RAM

022
023 stores bits 2&3 of P7
024 some sort of code used in a switch statement

02B MEM02B indicates FLASH initialized?
02C..02F Tested to see if it contains "REST" during reset
If this magic number is there and the
sleep+mode+A+B
buttons are pressed on reset, then memory isn't
cleared.

030 VMU_MODE 0=File mode, 1=Game mode, 2=Clock mode
031 CD_CLOCKSET FF=date set, 00=not

033 AUTO_SLEEP_TIMER Auto power-off timer incremented at 2 Hz by
T1
034 T1SoftCtr2 General purpose counter incremented at 2 Hz
by T1
used to time the 2 second beep, blink icons,
[autorepeat timer?]
035 SLEEP_MODE Bit-mapped: Bit 0 toggles when user presses
sleep
Bit 6: 1=disables sleep (both
auto and user)
Bit 7: 1=GetBtn will return $FE
instead of autosleeping

036-037 Total free blocks
038-039 Game blocks free (?)

03E-03F Free "extra" blocks in fat table (entries
200-230)

050 CD_YRDIV4HI Current date, year divided by four (high byte)
051 CD_YRDIV4LO Current date, year divided by four (low byte)

052 used by BCD routines. Also used as flash block
number
053 used by BCD routines.

054 - msb Address read from value at flash location 01FE46 (see
code @ 2296)
055 - mid
056 - low

060 CURSOR_X Cursor position, column (0-7)
061 CURSOR_Y Cursor position, row (0-3)
064 CURSOR_XBNK Bank drawn character will be in
065 CURSOR_X_BYTE byte offset of calculated X position
066 CURSOR_X_BIT bit offset of calculated X position
067 LCD_BKGROUND Screen background color (0 or 0xFF). This affects
clearscreen and printing characters.
068 Scratch pad for rotating character (left) (big
and small characters)
069 Scratch pad for rotating character (right)
(small characters only)
06A drawing mask left (looked up in table @ 1b56
from CURSOR_X_BIT)
06B drawing mask right (looked up in table @ 1b5e
from CURSOR_X_BIT)

06C BIG_CHAR_FONT font type (0=ital, 1=bold, 2=normal) [not
changeable in US version]

06D GAME_LASTBLK Last block used by mini-game
06E BATT_CHECK_DISABLE
Battery check flag. $FF = disable automatic
battery check,
$00 = enable automatic
battery check.
06F FLASHA16_SHADOW Save a FLASH bank that is saved and restored

Used by P3 interrupt handler @ $1f3f:
070 BUTTONS_PRESSED ;P3 xor'ed with $FF; 1=button pressed
072 BUTTONS_LAST ;bitmap:1=ignore because we've seen before,
0=active
071 BUTTONS_READ ;bitmap:1=selected button is pressed & not
masked

080-0FF Stack

addresses 0x100-0x1ff are in the user bank: ---------------------

0x110 - string to compare?
0x128 - string to compare?

0x125 Number of bytes to compare?
0x126 SIO0_BYTECOUNT serial i/o byte count (bidirectional)
0x13e SIO1_BYTECOUNT serial i/o byte count (input only)

17C FL_FINAL 1=wait for last byte to finalize writing
17D FL_ADDR_MSB Flash read/write start address (24 bits big
endian)
17E FL_ADDR_MED
17F FL_ADDR_LSB
17F FL_BUFFER 0x180-0x1FF