TRS-80 DOS - TRSDOS v1.3 - XFERSYS/CMD Disassembled

Entry point of XFERSYS/CMD. The supervisor has just finished loading the CMD file from disk; HL holds the next character on the DOS command line (unused), DE holds the system DCB pointer (unused), and the rest of the registers are undefined. The first job is to set the CLEAR-RAM FLAG so that when this utility eventually returns to DOS READY via SYS1IN, the loader knows it has to reinitialize the overlay area for the next command.

This is the user-prompt loop. It clears the screen, prints the title and the "Diskette to Convert Ready in Drive 1? (Y/Q)" message, then reads exactly one character from the keyboard into BUFFR. If the user presses BREAK, ROM 0040H returns with CARRY set and we abort. If the user presses ENTER with no character (B returned as 0), we re-prompt. If the character is anything other than Y or Q, we re-prompt. Q aborts to DOS READY without doing any work; Y falls through to the disk-version sniff.

On exit from this section, BUFFR has just been overwritten by the source-disk's BOOT/SYS sector (the first XREAD call sits inside this block) — that's why START2 reads its protection counter and version byte directly out of BUFFR.

Common landing pad for the data-disk path (jumped to from line 524AH because the source has FFH at SYSOFF) and the not-already-1.3 path (jumped to from 5251H after the version check). On entry, BUFFR (5600H) still holds the 256-byte BOOT/SYS sector that was just read at 522FH — so the protection counter and serial number can be read out of it directly.

This block fetches the LSB of the protection counter from BUFFR+C1LOC (the TRSDOS 1.2 location at offset 22H), saves it into COUNT, then re-loads the version byte from the SVER self-modifying-operand byte and compares it against 12H. If it really is 1.2, we skip ahead to VER12 because TRSDOS 1.2 boot sectors don't have a serial number block worth copying. Otherwise it's 1.1, so we re-fetch the protection counter from offset 252 (the 1.1 location) and call MOVSER to capture the 10-byte serial number.

One-instruction routine. NOPE is the entry point for the TRSDOS 1.1 serial-number capture; the source's ADISP 'Address to Patch out is ^NOPE' directive (which emits no bytes) made this label important enough at build time to print to the assembler listing — so a developer applying a binary patch to disable serial-number copying could find the byte to NOP out.

VER12 is reached by three different paths: by direct JR from 5266H (1.2 source — skipped MOVSER), by fall-through from NOPE (1.1 source — just ran MOVSER), and indirectly by the data-disk path which set SYSFLG to zero. The job of VER12 is to look at the system-disk flag (encoded into the SYSFLG self-modifying byte at 5272H) and decide what to do next:

If SYSFLG is zero, the source is a data-only disk. In that case, MOVBOT is called (which copies just the boot sector, preserving the patched protection counter and serial number on the destination), and the JR Z then skips the bulk-OS copy by jumping to NOTSYS.

If SYSFLG is non-zero, the source is a SYSTEM disk. Both Z-conditional instructions are skipped, and the program falls through to call MOVE three times — once for the BOOT/SYS area (track 0, 40 sectors), once for the RENUMBER area (track 15 = 0FH, 36 sectors), and once for the SYS-files area (track 18 = 12H, 66 sectors).

Reached by all paths: data-disk (after MOVBOT), system-disk (after the three MOVEs), and the original 1.2 / 1.1 paths. The first job here is to call CORDIR if the source isn't already 1.3 — because TRSDOS 1.3 stores the directory's end-record-numbers (ERNs) one less than 1.1 / 1.2 did, and every ERN in the destination's directory needs to be decremented to compensate.

After CORDIR returns, we re-read the destination drive's HIT (drive 0 — the destination is in drive 0 in this version of the program) and copy the entire 256-byte HIT into the BUFFR area as a working snapshot. The per-system-file walk that follows uses BUFFR as its master list of LFNs to process, zeroing each entry's byte after it's processed so we never double-process.

This is the top of the outer loop that walks every SYSTEM-flagged file in the destination's saved HIT (the snapshot we just made in BUFFR). For each one, it builds two filespec strings — one for the source DCB at DCB1 (with drive specifier ":0") and one for the destination DCB at DCB2 (with drive specifier ":1") — by copying the directory-entry's filename and extension fields. Once both DCBs hold valid filespec strings ending in 0DH, the SETPRO/OPEN/INIT sequence opens both files and we drop into the GET/PUT copy loop at STAR10.

The loop continues until GETFIL exhausts the saved HIT and returns CARRY=1, at which point we JP to MEND for the success exit. Non-system files are skipped via the BIT 6,(HL) test.

Tight loop that copies one character of the filename per iteration into both DCB strings simultaneously. Terminated either by hitting a SPACE (control character ≤ 20H, treated as end-of-name) or by exhausting the 8-character count.

Common landing pad whether the filename loop exited via the early-out (CARRY at 52C8H), the count-exhaustion (DJNZ at 52D5H), or the unconditional JR at 52D7H. The first job is to restore HL from the stack — so HL once again points at the start of the directory entry — and then add DEXT (= 0DH = 13 decimal) to land at the 3-byte extension field.

If the extension's first byte is < 21H (SPACE or control), the file has no extension and we skip the "/" emit and the extension copy loop, jumping directly to START9 to emit the drive specifier.

Mirror of START5, but for the 3-byte extension instead of the 8-byte filename. Same SPACE-terminated, count-bounded copy.

Common landing pad whether we got here from a no-extension early-out (52E1H), an extension-mid-loop early-out (52F4H), or by falling out of START8 with a full 3-character extension. Now emit the ":" drive separator, then the drive digit ("0" for source DCB1, "1" for destination DCB2), then the 0DH carriage-return terminator that TRSDOS file-system calls require at the end of a filespec string.

Tight inner loop that drains the source file into the destination file. The loop calls SYS0's GET on DCB1 to fetch one byte (or one record, depending on how SYS0's GET-by-DCB pseudo-vector resolves; on TRSDOS 1.3 it's a record-mode read sized by the DCB's LRL). When GET returns NZ, that signals end-of-file on the source — at which point we jump to STAR11 to close out and mark the directory entry. Otherwise we call PUT on DCB2 to write the same byte/record to the destination, then loop.

Note on the GET/PUT addresses: The CALLs at 5348H (CALL 0013H) and 5350H (CALL 001BH) are the ROM-vector dispatch addresses for GET and PUT respectively. ROM 0013H and 001BH are documented entry points that route through the SYS0 dispatch table.

Reached when source EOF was hit at STAR10. We need to close the destination DCB (which flushes its last record and updates the directory's EOF/LRL/ERN), then re-read the destination directory entry, OR 4EH into the attribute byte (which sets the SYSTEM/INVISIBLE/READ-ONLY bits — making this a hidden system file like its source counterpart), zero out the UPD password word so no password is required, write the directory back, and loop to the next file.

The PUSH BC / POP BC dance around the CLOSE call preserves the LFN we just read from the destination's DCB across the CLOSE — because CLOSE clobbers BC.

Subroutine called by START4 once per system-file iteration. Walks the saved HIT in BUFFR looking for the next entry whose hash byte is non-zero (meaning that LFN is occupied). Once found, it clears that entry's byte (so the same LFN won't be returned next call), reads the matching directory entry into BUFF1 via RDDIR, and returns with HL pointing at the directory entry, B = LFN, C = drive 0, and CARRY = 0.

If the HIT is exhausted (all bytes seen are zero), it sets CARRY=1 and returns immediately — the caller treats CARRY=1 as the "no more files" signal.

Called by NOTSYS at 5296H whenever the source isn't already 1.3. CORDIR's purpose is to fix up the destination's directory entries: TRSDOS 1.1 and 1.2 stored each file's End-Record-Number (ERN) one MORE than 1.3 does, so every directory entry's ERN needs to be decremented by 1 to make sense in the 1.3 directory layout.

The implementation re-reads the source disk's HIT (drive 1) into BUFF1, then copies it to BUFF2 as a working snapshot (because RDDIR will reuse BUFF1). Then it walks every byte of the BUFF2 HIT snapshot. For each occupied entry, it CALLs into CORDI3 which RDDIR's the directory entry, checks whether its EOF byte is non-zero (meaning the file actually has data — empty/zero-length files don't need ERN adjustment), decrements the ERN if so, and writes the entry back via WRDIR.

Called from CORDI1 (via JR NZ) when an occupied HIT slot is found. The job is to read the directory entry, look at its EOF byte (offset 03H = DEOF), and if EOF is non-zero, decrement the 16-bit ERN field (offset 14H = DERN) by 1 and write the directory back. If EOF is zero, the file has no actual records and the ERN is already meaningless, so we skip the WRDIR.

The SAVE/RSTR macros bracket this routine because RDDIR/WRDIR clobber registers we'd lose — including HL (our HIT walk pointer) and BC (our DJNZ counter). The LFNSAV self-modifying-code operand provides a way to preserve B (LFN) and C (drive) across the RDDIR/WRDIR pair: we store BC into the operand byte of an LD BC,0 instruction at 53E5H, and the operand is reloaded into BC just before WRDIR runs.

Success exit. Reached only when GETFIL has exhausted the saved HIT — meaning every SYSTEM file from the source has been copied to the destination, and every destination directory entry has been marked SYSTEM-invisible with its UPD password zeroed and (if applicable) its ERN decremented by CORDIR.

Called by VER12 at 5274H on the data-disk path. MOVBOT is a simple wrapper that calls MOVE with parameters set to copy exactly one sector — track 0, sector 1, the boot sector. The PUSH AF / POP AF preserves the Z FLAG that VER12's OR A set, because the very next instruction at 5277H is a JR Z,NOTSYS that needs that same Z flag.

The workhorse copy routine. On entry: DE = (track,sector) packed as D=track, E=sector; B = sector count. MOVE reads B sectors from drive 1 (the source) starting at the given track/sector into BUFFR (and, if more than one sector, into successive 256-byte pages above BUFFR — i.e., 5600H, 5700H, 5800H, etc.). Then it special-cases the boot sector: if the very first sector read was track 0 sector 1 (boot), it patches the saved protection counter (COUNT) and (if SERFLG is FFH) the saved serial number (SERBUF) into BUFFR before the destination write. Finally it writes B sectors back to drive 0 (the destination) at the same track/sector.

The track-rollover logic uses TRACK+1 = 13H = 19 as the test (TRSDOS 1.x has 18 sectors per track, numbered 1–12H, so sector 13H means "we've gone one past the last sector — bump the track and reset to sector 1").

Called by NOPE at 526EH on the TRSDOS 1.1 path. MOVSER copies the 9-byte serial-number block from BUFFR+243 (the 1.1-format serial-number location) into the SERBUF storage area, then sets the SERFLG self-modifying-byte at 543CH to FFH. The next time MOVE runs (during the bulk-OS copy), the test at 543DH (OR A on the SERFLG byte) will see NZ and trigger the LDIR at 5444H–544CH that patches the saved serial number into the destination boot sector.

The source-comment at line 368 says "BUFFR+243," but the assembled byte-address is 56F3H = BUFFR+F3H = BUFFR+243 — confirming the offset.

Called by START9 at 5323H and 5332H to bypass TRSDOS's protection-counter check before opening source and destination files. SETPRO sets the byte at SCAFLG (42FFH from SYS0.GBL) to a non-zero value; SYS0's OPEN and INIT paths read SCAFLG and skip the protection-counter decrement when it's non-zero.

Important note about the binary at this address: The source listing for SETPRO contains DEC (IY) followed by LD IY,0, but the binary actually loaded at 5487H–5494H uses a slightly different byte sequence than what those source mnemonics encode. The disassembler shows a redundant FD prefix at 548DH (which the Z80 silently ignores in favor of the next FD prefix), and the actual encoding at 548EH is LD (IY+0),01H (FD 36 00 01) — which has the same effect as DEC (IY) followed by an immediate non-zero store, achieving the goal of putting a non-zero byte into SCAFLG. The 00 00 at 5492H–5493H are NOPs filling the space the source's LD IY,0 would have occupied; the comment "CLEAR THE VALUE" in the source has no observable effect on this build because IY is loaded again by the next call site. This is the kind of binary-vs-source divergence noted in the Cross-References list at the top of this page.

Three packed message strings, all terminated by 0DH (CR) bytes. The disassembler interprets the ASCII bytes as Z80 instructions because there's no metadata telling it these bytes are data — but reading the hex bytes as ASCII recovers the original strings. Each string is displayed by SYS0's PRINT routine, which prints characters from (HL) until it encounters a 03H (or, in this case, a 0DH that PRINT also recognizes as terminator on TRSDOS 1.3).

Per the source listing, ALREDY's string ends with ~ in the source, which the Tandy assembler converted to 0DH on assembly (the ~ character is the assembler's convention for embedding 0DH inside a DEFM string). Same for COMPLT.

From 5528H onward, the program reserves uninitialized storage areas. Of these, only COUNT (1 byte at 559BH, value 00H) is emitted into the load file — everything else is uninitialized DEFS that the program populates at runtime. After COUNT, the source uses ORG $,256 to align the location counter up to the next 256-byte page boundary, putting BUFFR at 5600H, SBUFF at 5700H, and DBUFF at 5800H. The page alignment matters because the high byte of HL alone identifies which page-aligned buffer is being addressed at any moment, simplifying several of MOVE's pointer adjustments.