TRS-80 DOS - NEWDOS/80 v2.0 for the Model III - SYS7/SYS Disassembled

SYS7/SYS

Other Navigation

SYS7/SYS — NEWDOS/80 v2.0 Library Command Executor (Model III)

SYS7/SYS is a DOS overlay module for NEWDOS/80 v2.0 on the TRS-80 Model III. It is loaded into the overlay area at 4D00H-51E7H when any of its associated commands are invoked from the DOS READY prompt. The overlay is identified by SVC function code E9H and uses IY=4280H as its base pointer to the DOS system variable area.

Purpose: SYS7 implements the following NEWDOS/80 library commands:

Command	Sub-Fn	Entry	Description
TIME	C=1	4D68H	Display or set the system time (hh:mm:ss format)
DATE	C=2	4D7DH	Display or set the system date (mm/dd/yy format)
AUTO	C=3	4D6CH	Set auto-start command for a disk drive
ATTRIB	C=4	4DDBH	Modify file attributes (INV, VIS, PROT=, ACC=, UPD=, ASE=, ASC=, UDF=, LRL=)
PROT	C=5	4DFAH	Modify diskette protection (PW=, NAME=, DATE=, RUF, LOCK, UNLOCK)
DUMP	C=6	4ECCH	Write memory block to disk in CMD (load module) or raw format
HIMEM	C=7	50F4H	Display or set the highest usable memory address
PURGE/SYSTEM/PDRIVE (first part)	C=8	5149H	DUMP output callback / initial setup for PURGE, SYSTEM, PDRIVE
(sub-function 9)	C=9	4D70H	SVC dispatch helper (loads B from IY+FEH)
(parameter parser 1)	C=10	4D3EH	Self-modifying code setup for date parser (stores 2FH delimiter, error 36H)
(parameter parser 2)	C=11	4D34H	Self-modifying code setup for time parser (stores 3AH delimiter, error 33H)

Command Dispatcher: The entry point at 4D00H uses a cascading DEC C / JP Z pattern to dispatch to one of 11 sub-functions based on the value in Register C. This is a compact jump table alternative commonly used in Z80 code when the number of cases is moderate and sequential.

Architecture: SYS7 relies heavily on three architectural patterns:

1. Keyword Table Dispatch — Both the ATTRIB and PROT commands parse their options using null-terminated keyword tables (at 5054H and 50C7H). The search routine at 4F84H walks the table, comparing each keyword against the command line text, and extracts either a 1-byte data value (for PROT= access levels) or a 2-byte handler address (for option dispatch via the PUSH/RET computed jump at 4F78H).

2. Self-Modifying Code — SYS7 uses instruction operand overwriting extensively. The date/time parser shares a single code path (4DAEH) that is configured at runtime by overwriting the delimiter character at 4DD2H and the error code at 4D4FH. The PROT directory iteration uses self-modified operands at 4F1AH (accumulated flags) and 4F6DH (sector limit). The DUMP output routine overwrites addresses at 51BEH, 51C5H, and 51CCH to store parameters between callback invocations.

3. Password Hashing — The password encoding algorithm at 5023H converts 8-character text passwords into 2-byte hashes using a chain of RLCA rotations, XOR operations, and nibble swaps. The hash is non-reversible and the source buffer is zeroed after encoding (at 504DH) to prevent password text from remaining in memory. This same algorithm encodes both file passwords (ACC=, UPD=) and diskette passwords (PW=).

Overlay Size: 1,256 bytes (4D00H-51E7H). The last 5 bytes (51E3H-51E7H) are NOP padding. The byte at 51E8H begins a scratch display buffer used during command execution but is not part of the stored overlay image.

System variables, IY-based offsets, and self-modifying code locations referenced by SYS7. Variables are organized into three categories: SYS0 system variables accessed by SYS7, IY-relative references, and self-modifying code operands within SYS7 itself.

SYS0 System Variables (External)

Address	Size	Description	Referenced By
4219H	2	Destination address for sub-function 10 parameter setup	4D3EH
4280H	—	IY base pointer for DOS system variable area	Throughout (IY+offset references)
428CH	1	System option flags. Bit 7 = AR option (password checking enforcement). If bit 7 set, password match is required; if clear, password mismatches are ignored.	4EC2H
4296H	2	Default drive number / null password encoding. Used as the UNLOCK replacement password (blank password) and as the default drive reference when no explicit drive number is specified.	4E9AH, 4F25H
42C9H	2	Maximum allowable date value (16-bit). Used to clamp the system date during DATE set operations.	4DA2H
431FH	1	Number of directory sectors on the current diskette (minus one). Used to calculate the PROT directory iteration limit.	4F2EH
43CEH	2	Encoded diskette password for the currently-opened drive. Read from the control sector (GAT). Written by PROT PW= handler; read for LOCK operations and password verification.	4EBAH, 4F0CH, 4F1EH
43D0H	8	Diskette date string field (8 characters, mm/dd/yy format) in the control sector buffer. Written by PROT DATE= handler.	4EDDH
43D8H	8	Diskette name field (8 characters) in the control sector buffer. Written by PROT NAME= handler.	4ED8H
4411H	2	System date value (16-bit). Read for DATE display; written for DATE set.	4D7DH, 4DABH
4480H	—	SYS0 output parameter control block. Base address of the structure used by file write routines during DUMP operations.	513BH
4483H	2	Function pointer / return vector. HIMEM/DUMP stores the TIME handler address (4D68H) here as a callback.	50F7H
448AH	2	DUMP output record size. Stores the calculated CMD record length for file write operations.	5138H

IY-Relative References

Offset	Absolute	Description	Referenced By
(IY+FEH)	427EH	Drive parameter byte for SVC calls. Loaded into Register B before RST 28H dispatch.	4D70H
(IY+60H)	42E0H	Base address of working buffer for ATTRIB command. 32 bytes of command line text are copied here from the original command buffer.	4DE7H

Self-Modifying Code Operands (within SYS7)

Address	Instruction	Description	Written By
4D4FH	LD A,nn	Error code operand. Set to 36H (out of range) by sub-function 10 at 4D3EH, or 33H (parameter error) by sub-function 11 at 4D34H. Read at 4D4EH when a parse error occurs.	4D3EH, 4D34H
4DD2H	CP nn	Delimiter character for date/time 3-byte parser. Set to 3AH (colon) for time format (hh:mm:ss) by sub-function 11, or 2FH (slash) for date format (mm/dd/yy) by sub-function 10. Checked at 4DD0H after each pair of digits.	4D42H (via 4D34H/4D3EH)
4F1AH	LD A,nn	Accumulated PROT operation flags. Bit 0 = UNLOCK, bit 1 = LOCK, bit 2 = RUF. ORed with new flag bits at 4F05H. Read at 4F19H at the start of directory iteration; if zero, iteration is skipped.	4F05H (via 4F00H)
4F6DH	CP nn	Directory iteration sector limit. Set to (431FH) + 08H at 4F33H. The sector counter (Register C) is compared against this limit at 4F6CH to determine when all directory sectors have been processed.	4F33H
51BEH	LD HL,nnnn	DUMP end address. Stored at 5157H from the alternate register context. Read by the load address calculation at 51BDH during CMD record header output.	5157H
51C5H	LD DE,nnnn	DUMP entry/transfer address. Stored at 515BH. Read at 51C4H during CMD record output to calculate the relocated load address.	515BH
51CCH	LD HL,nnnn	DUMP remaining byte count. Stored at 5153H. Read at 51CBH during address calculation for output records.	5153H

Internal routine addresses serve as hyperlink targets within the disassembly. External routines (SYS0 and ROM) are listed for reference; their code resides in other overlays or ROM.

Internal Routines (within SYS7: 4D00H-51E7H)

External Routines Called by SYS7

Address	Module	Description
001BH	ROM	Character output vector. In DUMP context, redirected to file write DCB.
RST 18H	ROM	System comparison/table lookup operation. Used in drive parsing and DUMP address calculations.
RST 28H	DOS	SVC dispatch. Function code in A, parameter in B. Used for TIME, AUTO, and sub-function 9.
3036H	ROM	Convert binary value to ASCII decimal and display.
4409H	SYS0	Error handler. Register A contains error code.
4428H	SYS0	Close file and return to DOS READY (DUMP successful completion).
4439H	SYS0	Dispatch/setup for file output. Uses parameters on stack (SVC code and handler address).
443FH	SYS0	Output status check. Returns Z if output should continue, NZ if complete or error.
4467H	SYS0	Display string from buffer (terminated by 0DH).
44D2H	SYS0	Format date value to ASCII mm/dd/yy string.
4723H	SYS0	Parse filespec from command line and locate file in directory.
4791H	SYS0	Validate and initialize drive. A = drive number. Returns Z if valid.
48AFH	SYS0	Open sector buffer and read directory/control sector. A = mode (0=read-only, 1=read-write).
48C4H	SYS0	Write directory/control sector back to disk from buffer.
48DBH	SYS0	Read specific directory sector (number in C) into buffer.
48F0H	SYS0	Read control sector (GAT — Granule Allocation Table) from diskette.
4C59H	SYS0	Buffer allocation / size calculation for DUMP output.
4C6AH	SYS0	Case-insensitive string comparison. BC = table entry, HL = command line. Returns Z on match.
4C7AH	SYS0	Skip whitespace and check for delimiter (space, comma, CR). Returns Carry = valid char, NC = delimiter, Z = end of line.
4C7EH	SYS0	Parse next token from command line. Returns Carry if valid token found, NC if end of line.

Error Codes Used by SYS7

Code	Decimal	Meaning	Generated At
19H	25	Access denied — PROT drive access level is not 0 (FULL)	4E07H
20H	32	Attribute/specification error — drive number too large	4D57H, 4EA9H
2AH	42	General error	4D53H
2FH	47	Invalid parameter value — number out of range or invalid hex format	4DD7H, 4EA0H, 4FC3H
33H	51	Parameter error (time format) — self-modified via sub-function 11	4D4EH (operand at 4D4FH)
34H	52	Parse error — no keyword match or invalid filespec	4D63H, 4F97H
36H	54	Parameter out of range (date format) — self-modified via sub-function 10	4D4EH (operand at 4D4FH)
37H	55	Incorrect password — diskette password mismatch with AR option enforced	4EC7H

4D00H - SYS7 Entry Point and Library Command Dispatcher

SYS7 is the Library Command Executor for NEWDOS/80 v2.0. It is entered from SYS1 after a DOS library command has been parsed. On entry, Register A contains the SVC function code, Register C contains the sub-function number (1-based index identifying which command within this overlay), and Register HL points to the remainder of the command line text. This dispatcher routes execution to the correct handler for TIME, DATE, AUTO, ATTRIB, PROT, DUMP, HIMEM, and the first part of PURGE, SYSTEM, and PDRIVE.

4D34H - Alternate SVC / Sub-function 11 Handler

This code handles either the alternate SVC function code (when A was not E9H at 4D04H) or sub-function 11 when it falls through from the dispatcher. It loads error code 2AH (general error) and checks if the sub-function matched. If not, it jumps to the error handler at 4D65H. If it matched, it sets up parameters for a different command with E=1CH, B=2FH, A=33H and falls through to 4D3EH.

4D3EH - Common Parameter Store and Command Line Check

This routine is reached by sub-functions 10 and 11 after setting up their parameters. It stores the error code (Register A) and the maximum value (Register B) as self-modifying code targets, then checks whether the command line has additional parameters. If the command line is terminated (0DH = carriage return), it displays the current value; otherwise it parses the new value from the command line.

4D53H - Error Code Return Points

These are short entry points that load specific error codes into Register A and then jump to the common error handler at 4D65H. They are used as quick exits when various validation checks fail throughout SYS7.

4D5BH - Skip Spaces and Validate Next Parameter

This utility routine skips whitespace in the command line, then checks whether the next character is a carriage return (end of line) or not. It is called between parameter parsing operations to advance to the next parameter. Returns with Z FLAG set if end of command line, NZ FLAG set with error code 34H if unexpected characters remain.

4D65H - Common Error Exit

All error exits throughout SYS7 converge here. Register A contains the NEWDOS/80 error code. This routine jumps to the SYS0 error handler at 4409H which displays the error message and returns to DOS READY.

4D68H - TIME Command Entry Point

The TIME command displays or sets the system clock time. Syntax: TIME to display the current time, or TIME,hh:mm:ss to set a new time. On entry from the dispatcher, Register HL points to the command line text following the "TIME" keyword. This entry point sets Register B to 33H (the SYS0 sub-function code for TIME) and falls into the common SVC call at 4D73H.

4D6CH - AUTO Command Entry Point

The AUTO command stores a DOS command string in the system diskette's directory for automatic execution at subsequent reboots. Syntax: AUTO,doscmd to set an auto-boot command, or AUTO alone to clear the auto-boot command. On entry, Register HL points to the command line text following the "AUTO" keyword. This entry point sets Register B to 32H (the SYS0 sub-function code for AUTO) and falls into the common SVC call.

4D70H - Sub-function 9 Entry Point

This is the entry point for sub-function 9 from the command dispatcher. It loads Register Pair BC with E506H — Register B gets E5H (the SYS0 sub-function code) and Register C gets 06H (an additional parameter). It then falls through to the common SVC dispatch at 4D73H.

4D73H - Common SVC Dispatch (TIME, AUTO, DATE, Sub-function 9)

This common routine is used by the TIME, AUTO, DATE, and sub-function 9 handlers. It saves Register Pair BC (containing the SVC function code in B), calls the command line parser/filespec handler at 4E90H, then restores BC, moves the function code to Register A, loads a value from (IY+FEH), and executes RST 28H to invoke the SVC handler. On entry: B = SVC sub-function code, HL = pointer to command line text.

4D7DH - DATE Command Handler

The DATE command displays or sets the system date. Syntax: DATE to display the current date, or DATE,mm/dd/yy to set a new date. On entry from the dispatcher, Register HL points to the command line text following the "DATE" keyword. If no parameters are given (carriage return), it displays the current date. Otherwise, it parses and sets the new date via a call to the date entry routine at 4FA5H and then uses the SYS0 date store/display routines.

4D8DH - Terminate Display Buffer and Output

This short routine terminates the formatted display string with a carriage return (0DH), restores the buffer start address from the stack, and then jumps to the SYS0 display routine at 4467H to output the string to the screen.

4D93H - DATE Set: Parse and Store New Date

This routine handles the case where the user provided a date parameter (e.g., "DATE,02/27/82"). It parses the date string using the numeric parser at 4FA5H, validates the parsed value, checks if it is within the valid range for a system date, and stores it in the system date variable at 4411H.

4DAEH - Decimal Numeric Parser (3-Byte Date/Time Entry)

This routine parses a decimal numeric string from the command line and stores the result as three separate bytes into a destination buffer pointed to by Register Pair DE (stored in descending order). It handles date format (mm/dd/yy) or time format (hh:mm:ss) — three pairs of decimal digits separated by delimiters (the delimiter character is checked as 00H). Register B is loaded with 03H for the three-pair count. Interrupts are disabled during the parse to prevent interference. On entry: HL points to the command line text, DE points to the destination storage address.

4DD6H - Numeric Parse Error Exit

This exit point is reached when the numeric parser encounters an invalid character (not a decimal digit or wrong delimiter). It re-enables interrupts and loads error code 2FH, then jumps to the common error handler at 4D65H.

4DDBH - ATTRIB Command Entry Point

The ATTRIB command changes file attributes. Syntax: ATTRIB,filespec,options where options include INV, VIS, PROT=level, ACC=password, UPD=password, ASE=Y/N, ASC=Y/N, UDF=Y/N, and LRL=value. This entry point exchanges DE and HL (so DE now points to the command line and HL is freed), clears Register A, and calls the SYS0 file open routine (4723H) to locate the file specified on the command line. If the file is found, it proceeds to parse and apply the attribute options.

4DFAH - PROT Command Entry Point

The PROT command alters diskette control information. Syntax: PROT,password:drive[,options] where options include NAME=name, DATE=date, RUF, PW=password, LOCK, and UNLOCK. This entry point pops the return address and command context from the stack, calls the filespec/drive parser at 4F72H, then sets up for option processing using the PROT option keyword table at 50C7H. On entry, the stack contains the return address and parameters pushed by SYS1.

4E17H - ATTRIB LRL= Option Handler (Logical Record Length)

This handler is invoked when the ATTRIB command's option parser matches the "LRL=" keyword. It parses the logical record length value from the command line and stores it in the file's directory entry. The LRL value must be 00H-FFH (0-255 decimal). On entry, HL points to the command line text following "LRL=", and the stack contains the sector buffer pointer for the directory entry.

4E2AH - ATTRIB ASE=, ASC=, UDF= Y/N Option Handlers

These entry points handle the ATTRIB options that accept a Y/N (Yes/No) boolean value and modify specific bit flags in the file's directory entry. Each entry point loads Register C with the bit mask for the flag to modify and Register Pair DE with the values for the Y and N states, then falls into common code that reads the Y/N character and applies the change.

4E2AH: ASE= — bit 5 (mask 20H), Y=FF00H, N=00FFH. This parameter has been added to allow DOS to automatically allocate diskette space to a file if ASE=Y or to disallow further allocation if ASE=N. ASE=Y is the default condition when a file is created.
4E31H: UDF= — bit 7 (mask 80H), same DE pattern. This parameter has been added to mark the file as updated if UDF=Y is specified or to clear the updated mark if UDF=N is specified. The DOS system marks a file as updated whenever it is about to update a sector to that file and it finds the file's directory entry not marked as updated.
4E35H: ASC= — bit 6 (mask 40H), same DE pattern. This parameter has been added to allow DOS to automatically deallocate file diskette space beyond the EOF during a CLOSE operation if ASC=Y is specified, and to disallow this deallocation if ASC=N. ASC=Y is the default setting when a file is created

4E3AH - Common Y/N Parser and Bit Modifier

This common routine reads a single character (Y or N) from the command line and modifies a specific bit in the file's directory entry accordingly. On entry: HL points to the Y/N character in the command line, C contains the bit mask, D contains the value for "N" response, E contains the value for "Y" response. The directory entry pointer is on the stack.

4E51H - ATTRIB Option Loop Continue

This is the re-entry point for the ATTRIB option processing loop. After each option handler completes, execution arrives here to restore the command line pointer, check for more options, and either continue processing or finalize the changes.

4E54H - ATTRIB UPD= Flag Handler (Update/Access Password or Flag)

This handler processes the UPD= option. It can handle either a boolean flag (UPD=Y/N to set/clear the file's "updated" flag) or a password value (UPD=password to set the update password). The code modifies bit 3 of the directory entry's first byte to set or clear the "updated" flag.

4E62H - ATTRIB Option Loop: Check for More Options

This routine checks whether there are more options on the command line. It calls the "skip spaces and check for more parameters" routine at 4D5BH. If more options exist, it loops back to 4E11H to match the next keyword. If the command line is exhausted, it falls through to write the modified directory entry back to disk.

4E6AH - ATTRIB PROT= Option Handler (Protection Level)

This handler is invoked when the ATTRIB command's option parser matches the "PROT=" keyword. It uses the protection level keyword table at 5093H to match the user's text (LOCK, EXEC, READ, WRITE, RENAME/NAME, KILL, FULL) against the known protection level names. Each keyword in that table is followed by a single byte containing the numeric access level (0-7). The matched level byte is then used to modify the file's directory entry. On entry, HL points to the command line text following "PROT=", and the stack contains the directory entry pointer.

4E78H - ATTRIB ACC= and UPD= Password Option Handlers

These handlers process the ACC= (access password) and UPD= (update password) options for the ATTRIB command. They parse a password string from the command line, encode it using the NEWDOS/80 password encoding algorithm (at 5005H), and store the resulting 2-byte encoded password into the appropriate offset within the file's directory entry. ACC= stores at offset +12H/+13H, UPD= stores at offset +10H/+11H.

4E90H - Parse Drive Number from Command Line

This routine parses a drive number specification from the command line. It first calls 5005H to parse a filespec/name, then checks if the text contains a colon-separated drive number (e.g., ":0"). If a valid drive number (0-7) is found followed by a colon, it is accepted. If no drive number is present, the routine falls back to reading the default system drive number from 4296H. On entry: HL points to the command line text. On return: the drive number context is set up for the calling command.

4EA3H - Parse and Validate Drive Number Digit

This routine parses a single-digit drive number (0-7) from the command line and validates it by calling the SYS0 drive validation routine. On entry: HL points to the drive number digit, DE contains context from the filespec parser. On return: the drive is validated and its parameters are loaded.

4ECCH - DUMP Command Entry Point

The DUMP command writes memory contents to a disk file. Syntax: DUMP,filespec,startaddr,endaddr[,entryaddr[,reladdr]]. This entry point begins by parsing the drive number (via 4E90H), then the filespec (via 4F72H), and sets up the DUMP option keyword table at 50C7H for additional parameters. The DUMP command shares the same option processing mechanism as ATTRIB and PROT, using the keyword table dispatch at 4F78H.

4ED8H - PROT NAME= and DATE= Option Helpers: Copy Name/Date to Directory

These entry points handle filename or date string copying into directory entry fields. 4ED8H copies a diskette name (8 characters) to the name field at 43D8H, and 4EDDH copies a date string (8 characters) to the date field at 43D0H. Both fall into the common 8-byte copy loop at 4EE0H. These addresses are referenced by the PROT option table (NAME= and DATE= entries).

4EE0H - Copy Up to 8 Characters from Command Line to Buffer

This utility routine copies up to 8 characters from the command line (pointed to by HL) into a destination buffer (pointed to by DE). Characters are copied until a delimiter is found (via the SYS0 space-skip at 4C7AH) or the 8-character limit is reached. If fewer than 8 characters are provided, the remaining positions are filled with spaces (20H). On entry: HL = command line pointer, DE = destination buffer, B = 08H (character count).

4EF6H - PROT RUF, LOCK, and UNLOCK Flag Handlers

These handlers set flags for the PROT command's RUF (Reset Update Flag), LOCK, and UNLOCK options. Each loads a specific bit value into Register A and jumps to the common flag-set routine at 4F00H, which ORs the value into a flag byte at 4F1AH. This accumulated flag byte is later examined during the directory iteration at 4F19H to determine which operations to perform on each file. The flag byte at 4F1AH uses: bit 0 = UNLOCK, bit 1 = LOCK, bit 2 = RUF.

4F00H - Accumulate PROT Flag Bits

This routine ORs a flag bit (in Register A) into the accumulated PROT operation flags byte stored at 4F1AH. Multiple PROT options (RUF, LOCK, UNLOCK) can be combined, so their flags are ORed together. After storing, execution continues to check for more options.

4F09H - PROT PW= Option Handler (Change Diskette Password)

This handler processes the PW= option for the PROT command, which changes the diskette's password. It parses the password string and encodes it, then stores the encoded password in the diskette control variable at 43CEH.

4F10H - PROT Option Loop: Check for More Options

This is the continuation point for the PROT option processing loop. It calls the parameter check routine at 4D5BH, and if more options exist, loops back to 4ED2H to match the next keyword from the PROT option table. When all options are exhausted, it writes the control sector back to disk and then processes the accumulated RUF/LOCK/UNLOCK flags by iterating through the directory.

4F19H - PROT Directory Entry Iteration (RUF/LOCK/UNLOCK Processing)

This routine iterates through all directory entries on the diskette and applies the accumulated PROT operations (RUF, LOCK, UNLOCK) to each qualifying user file. The flag byte at 4F1AH (self-modified during option parsing) controls which operations are performed. The routine reads each directory sector, examines each 32-byte FPDE, and modifies the file's protection level and passwords as needed. Register C tracks the current sector number, and Register L walks through the 32-byte entries within each sector.

4F5EH - Advance to Next Directory Entry

This routine advances the FPDE pointer to the next 32-byte directory entry within the current sector. If the end of the sector is reached (8 entries processed), it writes the modified sector back and reads the next directory sector. The iteration continues until all directory sectors have been processed.

4F72H - Parse Password-Protected Filespec

This routine parses a password-protected filespec from the command line (format: password:drive or just :drive). It calls the SYS0 routine at 4C7EH to check for a colon delimiter. If no valid filespec is found, it jumps to the error handler. On entry: HL points to the command line text.

4F78H - Option Keyword Table Dispatch

This routine dispatches command processing based on a keyword table. It calls the keyword matching routine at 4F84H with D=02H (indicating 2 bytes of data follow each keyword — a 16-bit handler address). When a match is found, the 2-byte handler address is extracted from the table and used as a jump target via PUSH/RET. On entry: BC = address of keyword table, HL = command line pointer, D will be set to 02H.

4F84H - Keyword Table Search

This routine searches a null-terminated keyword table for a match against the current command line text. Each table entry consists of a keyword string followed by a 00H terminator and D bytes of associated data. The routine calls 4C6AH to compare the command line against each keyword. If no match is found, the table is exhausted (00H sentinel) and the routine jumps to error at 4D63H. On entry: BC = table pointer, D = number of data bytes per entry, HL = command line pointer. On return: BC points to the data bytes following the matched keyword, HL advanced past the matched text.

4F9AH - Skip Spaces and Require Filespec

This utility routine skips whitespace and checks that a valid filespec parameter follows. If no valid parameter is found after the comma/space, it jumps to the error handler. Used to ensure required parameters are present on the command line.

4FA0H - Parse Required Numeric Parameter

This entry point calls the SYS0 colon/token parser at 4C7EH and checks if a valid parameter follows. If the Carry flag is set (valid token found) but it is not what was expected, it falls through to the error jump at 4F97H.

4FA5H - Parse Decimal or Hexadecimal Number from Command Line

This routine parses a numeric value from the command line, supporting both decimal and hexadecimal formats. Hexadecimal numbers end with H (e.g., "5200H"). Decimal numbers are just digits (e.g., "1234"). The routine first attempts a decimal parse; if the terminating character is a letter A-H, it re-parses in hex mode. Returns the parsed value as a 16-bit number in Register Pair DE. On entry: HL points to the command line text. On return: DE = parsed 16-bit value, HL advanced past the number, B bit 1 set if digits found.

4FC6H - Core Number Accumulator (Decimal or Hex)

This is the core digit-by-digit number parsing loop. It reads characters from the command line, converts them to numeric values, and accumulates a 16-bit result in Register Pair DE using either base-10 (decimal) or base-16 (hexadecimal) arithmetic depending on bit 0 of Register B. The multiplication uses shift-and-add: for decimal, DE = DE×4 + DE (×5) then ×2 (=×10); for hex, DE = DE×4×2 (×8) then ×2 (=×16). On entry: HL = command line pointer, B bit 0 = mode (0=decimal, 1=hex). On return: DE = accumulated value, HL at first non-digit, B bit 1 set if digits found.

4FFCH - Validate Filename Characters (Digits and Letters)

This routine checks whether the current command line character is a valid filename character (ASCII digits 30H-39H or uppercase letters 41H-5AH). It is called within the filename copy loop. If the character is below the digit range, the name is terminated and remaining positions are padded with spaces.

5005H - Parse Password/Filename String and Encode

This routine parses a password or filename string (up to 8 characters) from the command line, copies valid characters into a working buffer at 51E7H (stored backwards from high to low address), pads short names with spaces, and then passes the buffer through the NEWDOS/80 password encoding algorithm at 502AH. Valid characters are digits 0-9 and uppercase letters A-Z. On entry: HL = command line pointer. On return: DE = 2-byte encoded password/hash, HL advanced past the parsed text.

5023H - Password Encoding Algorithm

This routine encodes an 8-character password/filename string into a 2-byte hash value. The algorithm processes each character through a series of bit rotations, XOR operations, and accumulation steps that produce a pseudo-random 16-bit hash in Register Pair DE. The hash is used for password comparison — the actual password text is never stored on disk, only this 2-byte encoded form. On entry: HL = command line pointer (saved), the 8-byte string is in the buffer ending at (DE). On return: DE = 2-byte encoded password hash.

4FA5H - Parse Decimal or Hexadecimal Number from Command Line

This routine parses a numeric value from the command line, supporting both decimal and hexadecimal formats. Hexadecimal numbers end with H (e.g., "5200H"). Decimal numbers are just digits (e.g., "1234"). The routine first attempts a decimal parse; if the terminating character is a letter A-H, it re-parses in hex mode. Returns the parsed value as a 16-bit number in Register Pair DE. On entry: HL points to the command line text. On return: DE = parsed 16-bit value, HL advanced past the number, B bit 1 set if digits found.

4FC6H - Core Number Accumulator (Decimal or Hex)

This is the core digit-by-digit number parsing loop. It reads characters from the command line, converts them to numeric values, and accumulates a 16-bit result in Register Pair DE using either base-10 (decimal) or base-16 (hexadecimal) arithmetic depending on bit 0 of Register B. The multiplication uses shift-and-add: for decimal, DE = DE×4 + DE (×5) then ×2 (=×10); for hex, DE = DE×4×2 (×8) then ×2 (=×16). On entry: HL = command line pointer, B bit 0 = mode (0=decimal, 1=hex). On return: DE = accumulated value, HL at first non-digit, B bit 1 set if digits found.

4FFCH - Validate Filename Characters (Digits and Letters)

This routine checks whether the current command line character is a valid filename character (ASCII digits 30H-39H or uppercase letters 41H-5AH). It is called within the filename copy loop. If the character is below the digit range, the name is terminated and remaining positions are padded with spaces.

5005H - Parse Password/Filename String and Encode

This routine parses a password or filename string (up to 8 characters) from the command line, copies valid characters into a working buffer at 51E7H (stored backwards from high to low address), pads short names with spaces, and then passes the buffer through the NEWDOS/80 password encoding algorithm at 502AH. Valid characters are digits 0-9 and uppercase letters A-Z. On entry: HL = command line pointer. On return: DE = 2-byte encoded password/hash, HL advanced past the parsed text.

5023H - Password Encoding Algorithm

This routine encodes an 8-character password/filename string into a 2-byte hash value. The algorithm processes each character through a series of bit rotations, XOR operations, and accumulation steps that produce a pseudo-random 16-bit hash in Register Pair DE. The hash is used for password comparison — the actual password text is never stored on disk, only this 2-byte encoded form. On entry: HL = command line pointer (saved), the 8-byte string is in the buffer ending at (DE). On return: DE = 2-byte encoded password hash.

5054H - ATTRIB Command Option Keyword Table

This is the keyword lookup table used by the ATTRIB command's option dispatcher (loaded at 4E11H into BC and searched by the routine at 4F84H). Each entry consists of an ASCII keyword string terminated by 00H, followed by a 2-byte handler address (low byte first). The table is terminated by a 00H sentinel byte at 5092H. The handler addresses are the routines that process each specific attribute option.

5093H - ATTRIB PROT= Protection Level Keyword Sub-Table

This sub-table is used by the PROT= option handler at 4E6AH. It maps protection level keyword strings to their corresponding numeric access level values (0-7). The access level is stored as a single byte following each keyword's null terminator (D=01H was set at 4E6DH to indicate 1 data byte per entry). The table is terminated by a 00H sentinel at 50C6H.

50C7H - PROT Command Option Keyword Table

This keyword lookup table is used by the PROT command's option dispatcher (loaded at 4ED2H into BC and searched by the routine at 4F78H). Each entry consists of an ASCII keyword string terminated by 00H, followed by a 2-byte handler address (low byte first). The table is terminated by a 00H sentinel at 50F3H. These handlers modify diskette-level control information (name, date, password, lock state).

50F4H - HIMEM Command Handler / DUMP Parameter Setup

This code handles the HIMEM command and also serves as the DUMP command's parameter setup routine. HIMEM displays or sets the highest usable memory address. DUMP writes a block of memory to a disk file. The code stores the address of the TIME handler (4D68H) into the system variable at 4483H (which may serve as a return vector), then pops the command context from the stack, parses the start address, end address, and optional entry/relocation addresses from the command line. It validates that end address ≥ start address, calculates the memory block size, sets up the output parameters at 448AH, and initiates the file write operation.

5149H - DUMP Output / PURGE-SYSTEM-PDRIVE First Part Handler

This is sub-function 8 from the command dispatcher — the DUMP output routine that writes memory data to the file, and also serves as the first-part handler for PURGE, SYSTEM, and PDRIVE. It is re-entered via SVC callback after the initial file setup at 5146H. On each callback entry, it calls 443FH to check if the operation should continue. If so, it pops parameters from the alternate register set (EXX), retrieves the memory block boundaries (start, end, entry addresses), and outputs the data in CMD file format records. Each record consists of a type byte, length, load address, and data bytes, sent character-by-character via the output routine at 51DAH.

51A4H - Raw Memory Dump (SUPERZAP-Readable Format)

This routine outputs raw memory bytes without CMD file record headers. It is used when the entry address is FFFFH, producing a file readable by SUPERZAP in DBDM (Direct Block Dump) mode. It outputs each byte from the source memory block sequentially, decrementing a byte counter until all data has been written.

51B3H - Output CMD Record Header (Type + Length + Address)

This routine outputs a CMD file record header consisting of the record type byte (in B), the record length byte (in C), and then calls 51BBH to output the 2-byte load/transfer address. It is called for both data records (type 01H) and entry point records (type 02H).

51BBH - Output Load Address from Self-Modified Storage

This routine saves the current registers, loads the 2-byte load address and byte count from self-modified memory locations, performs an address-to-offset calculation (subtracting the block size from the end address to get the load address), and outputs the 2-byte load address. The self-modified locations at 51BEH, 51C5H, and 51CCH were written at 5157H, 515BH, and 5153H respectively.

51DAH - Output Single Byte to File

This routine outputs a single byte (in Register A) to the output file. It switches to the alternate register set (EXX), calls the ROM character output routine at 001BH, switches back, and checks the return status. If the output failed (NZ), it jumps to the error handler.

51E0H - Output Error Exit

Reached when a file output operation fails. Jumps to the common error handler at 4D65H to report the error and return to DOS READY.

51E3H - NOP Padding / Scratch Buffer Area

The final 5 bytes of the SYS7 overlay (51E3H-51E7H) are NOP padding. These bytes are unused code space that fills the remainder of the overlay to its required sector boundary. The adjacent byte at 51E8H is the start of the scratch buffer used by the display formatting routines (DATE display, TIME display, etc.).