(Comp.sys.handhelds) Item: 3567 by ftg0673 at tamsun.TAMU.EDU Author: [Rick Grevelle] Subj: HP48 HACKIT, version 4 (BYTES: #F675h, 2712) Date: Tue Jun 25 1991 [Note: This "HACKIT" Library is truly a 48 hacker's dream come true. It was developed by Rick Grevelle over a long period of time. The following documentation was pieced together as best I could from snippits that were attached to each posted revision. Its COPY function is not documented, which is just as well, because only true hackers should have access to its power, and only they will be patient enough to use the tools herein to figure out what it does and how to use it. It's worth it! Many thanx to Rick for this excellent library. Every "real programmer" will keep this permanently in a port. -jkh-] This is an enhanced version of the HACKIT thing. It includes several new features which further facilitate hacking in the 48, and are as follows: o Multifunctional PEEK will now allow the normally hidden 32k of ROM to be peeked. When flag 14 is clear the 32k of memory between #70000h and #7FFFFh is RAM. When the flag is set this is shifted to #F0000h through #FFFFFh, and #70000h through #7FFFFh becomes what was previously covered by RAM; this configuration is identical to that of the built in memory scanner. o Bank switching capabilities have also been incorporated in the SEEK scheme, functioning exactly as described in the PEEK routine. o DIR-> is a new addition to the OUT-> command; it allows a directory in level 1 to be decomposed on the stack in to its constituent parts. Due to this change, it's not necessary to include the RCLDR scheme in the library as it was added to the original HACKIT post only after all first attempts to produce a successful DIR-> had failed. o Flag 15 affects the way in which the ->ASCI, and ASCI-> routines handle code objects. Currently a ->STR, and STR-> scheme is being conceived that will provide a superior editing scheme for queer objects. At the risk of being reiterative, I'm including an improved version of the documentation which appeared in the original posting of this library. It should be a bit more articulate, and contain examples for those whose time is allowing. Much work still remains to be done regarding the completely bullet proof hacking library, but since all the fun seems to be in getting there, hopefully it will take a long time. A final word of caution; do *not* attempt to implement a bank shift using either PEEK, or SEEK, if this library is stored in port 0, or anywhere in the address space being displaced. This means both of the 32k banks that are affected by setting flag 14 are off limits, as far as this feature is concerned, for the storing of this library. Should there be any question about this, or anything else, feel free to call, or write, and I shall be glad to provide any answers of which I might be capable :-). Rick Grevelle (409) 774-1169 ftg0673@tamsun.tamu.edu HACKIT ============================================================================== HACKIT is a library of utilities designed to facilitate hacking in the HP48SX. The fourteen programs it contains were conceived for two fundamental purposes: o Exploration, documentation, and accessing of the machine code, and RPL operating system contained in the 48's vast ROM. o Construction, and manipulation of the various object types not supported by the 48's editor, user language commands, functions, or operations. ->ASCI This is a generalized binary-to-ascii conversion scheme that returns a string of hexadecimal characters which are the equivalent internal representation of the argument. When USER FLAG 15 is set both the prolog and the length of code objects are truncated meaning that the result string contains in-line machine code only. When this flag is clear, which is the default, truncation does not occur. All other object types are unaffected by the flag setting. ASCI-> Reversing the result of the previous routine is made possible with this scheme, which converts ascii-to-binary, taking as its argument a string of hexadecimal characters. When USER FLAG 15 is set all strings are treated as in-line machine code, whereby a code object would be the result. When flag 15 is clear one of two things happens depending on the string argument itself, and is explained in the following summary. IMPORTANT POINTS o The above routines were intended to provide a means for *toggling* stack objects back between their internal string representation and immediately executable form, which means ROM objects must be dealt with differently. An important attribute associated with these two schemes is their ability to differentiate between ROM and RAM objects. o When an argument taken by the ->ASCI routine is a ROM object, a character string representing the five nibble address where that object is located in ROM is returned. Strings containing only five characters that are used as arguments for ASCI-> are treated as pointers; solitary prologs are not permitted though (i.e. "D9D20", "C2A20", "11920"). Future versions should be more than capable of dealing with such complexities as this. o Spaces and newline carriage returns are allowed in strings that are to be converted by ASCI->. This helps to alleviate some of the confusion when looking at long strings of hexadecimal characters in that spaces can now be used to separate groups of characters, and newline carriage returns to segment the string into several lines when editing. [Comments are also deleted; see note below. -jkh-] o Any object encoded using ->ASC can be unencoded using ASCI->. There's no longer a need for these silly schemes to delete newline carriage returns, or calculate a new checksum to tack onto an ->ASC encoded object that has been altered in order to get ASC-> to work. ->ASC, and ASC-> were written to provide a safe means of transferring data, and not for hacking. It is therefore not recommended to use these two schemes in place of ->ASC, and ASC->. o ASCI-> performs equally well on strings of odd number lengths because the RPL segments of the program correctly utilize the block allocate routine at #61C1Ch. But because of its very nature, it's still quite possible to suffer a memory loss from abusing this routine; so be careful. Example: Construct the DUP command from its ASCII string representation. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³{HOME} ³ ³{HOME} ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³4: ³ ³4: ³ ³3: ³ ³3: ³ ³2: ³ ³2: ³ ³1: "78BF1"³ ³1: DUP³ ³### ### ### ### ### ###³ ³### ### ### ### ### ###³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ 1) Enter the string "78DF1". 2) Implement ASCI-> to obtain the command DUP. Note: New Version of HP48 HACKIT: ASCI-> Accepts Strings With Comments This new version of the HACKIT library takes a significant step forward. Now, when preparing strings of hex nibbles for use with ASCI-> (to build the various types of HP48 ob- jects), one may include comments in a manner similar to those in regular HP48 program objects. Strings of nibbles containing not only spaces and carriage returns but also embedded comments which fall between a leading "@" symbol and a line-terminating carriage return are now handled like strings containing only nibble characters 0 through F. For example, a simple RPL object to contain the ROM number 1 can be represented by the the string "D9D209C2A2B2130". (The string "9C2A2" by itself would also suffice, but we are including the "begin RPL" and "end marker" addresses here to simply embellish the example.) Passing "D9D209C2A2B2130" as an argument to ASCI-> will yield a 1. In addition, this version of ASCI-> will also accept a string like the following: "D9D20 @ Begin RPL 9C2A2 @ 1 B2130 @ End Marker" This means that system RPL code developed on PC screens may be commented, with the source code available directly for HACKIT. It also means that HACKIT can accept input virtually identical to the output of Voyager (if the "@" signs are added to each commented line). Now, HP's PDL becomes a valid development platform for system RPL code. SCRC Calculates the checksum of a string of hexadecimal characters as if they were in immediately executable form. So objects which have been converted to their internal hexadecimal character string form (ASCII) using ->ASCI will have the same checksum when SCRC is used on the ASCII string, as they would have had in their binary form using the BYTES command. This allows queer objects such as libraries and backups that contain checksums which do not include the complete data structure to be altered, or even constructed from scratch, in the 48. So for an example a trivial backup object will be built utilizing SCRC, ->ASCI, and the ASCI-> routines. Example: Build a backup object named "Hex" containing the hexadecimal integer, # 123456789ABCDEF0h. o Construct the backup object's appropriate name. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³{HOME} ³ ³{HOME} ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³4: ³ ³4: ³ ³3: ³ ³3: ³ ³2: ³ ³2: ³ ³1: 'Hex'³ ³1: "84E2030845687"³ ³### ### ### ### ### ###³ ³### ### ### ### ### ###³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ 1) Enter the name 'Hex'. 2) Implement ->ASCI on the name. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³{HOME} ³ ³{HOME} ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³4: ³ ³4: ³ ³3: ³ ³3: ³ ³2: ³ ³2: ³ ³1: "30845687"³ ³1: "3084568730"³ ³### ### ### ### ### ###³ ³### ### ### ### ### ###³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ 3) Edit the string to delete 4) Concatenate "30" by using the first five characters. the plus (+) key. o Prepare the backup object's contents for concatenation. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³{HOME} ³ ³{HOME} ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³4: ³ ³4: ³ ³3: ³ ³3: ³ ³2: "3084568730"³ ³2: "3084568730"³ ³1: # 123456789ABCDEF0h³ ³1: "E4A20510000FEDCBA..³ ³### ### ### ### ### ###³ ³### ### ### ### ### ###³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ 1) Enter the integer data. 2) Implement ->ASCI once again. o Make final preparations for checksumming. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³{HOME} ³ ³{HOME} ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³4: ³ ³4: ³ ³3: ³ ³3: ³ ³2: ³ ³2: "3084568730E3A2051..³ ³1: "3084568730E4A2051..³ ³1: "33000"³ ³### ### ### ### ### ###³ ³### ### ### ### ### ###³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ 1) Concatenate the previous 2) DUP the result string, and two result strings using use SIZE to obtain its size. the plus (+) key again. Add 10 to the size, convert the result to a hexadecimal number, and enter backwards as a five character string. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³{HOME} ³ ³{HOME} ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³4: ³ ³4: ³ ³3: ³ ³3: ³ ³2: ³ ³2: "330003084568730E4..³ ³1: "330003084568730E4..³ ³1: "119200"³ ³### ### ### ### ### ###³ ³### ### ### ### ### ###³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ 3) Perform a SWAP, and using 4) Append the string "119200" the plus (+) key, prepend to the end of the string, the length onto the front DUP the result, and using of the string. SCRC calculate the object's proper checksum. o Make final preparations for coverting the string. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³{HOME} ³ ³{HOME} ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³4: ³ ³4: ³ ³3: ³ ³3: ³ ³2: "330003084568730E4..³ ³2: "26B20"³ ³1: "0B41"³ ³1: "330003084568730E4..³ ³### ### ### ### ### ###³ ³### ### ### ### ### ###³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ 1) Enter the four hexadecimal 2) Enter the prolog for the characters of the checksum backup object backwards, backwards in a string, and and perform another SWAP. append this to the string for which the checksum was calculated. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³{HOME} ³ ³{HOME} ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³4: ³ ³4: ³ ³3: ³ ³3: ³ ³2: ³ ³2: ³ ³1: "26B20330003084568..³ ³1: Backup Hex³ ³### ### ### ### ### ###³ ³### ### ### ### ### ###³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ 3) Prepend the prolog using 4) Convert the string using the plus (+) key one last ASCI-> to its binary form. time. SEEK Appearing first in his Processor Notes, SEEK is in fact a modified version of Alonzo Gariepy's FIND routine. SEEK was specifically modified to run in the 48; it's one third the size of the original version for the 28, and should run a bit quicker too. Alonzo's predominately register, rather than memory oriented algorithm remains unchanged. Recall the overall increase in speed was only about 10% over that of the brute force approach, which he attributed to an increased time spent in the looping structures. Because it demonstrates several programming features specific to the 48, I've taken the liberty of renaming the routine. The way to use this program is to specify a memory pattern and a place to start looking. A memory pattern can be sequence of up to fifteen nibbles, and a one nibble length (the number of nibbles in the pattern minus one). An application for SEEK could be to locate the occurrences of the instruction 808C in memory. To do this enter # C8083h in level two, and a starting place such as # 0h. All that remains to be done is to implement SEEK, and to continue doing so to find any subsequent instances. This is because the result returned will be a binary integer which is the address one higher than where the pattern exist in memory. IMPORTANT POINTS o Bank shifting capabilities have been incorporated into SEEK, allowing the normally hidden 32k bank of ROM to be searched. With USER FLAG 14 clear, the 32 kilobytes of memory between #70000h, and #7FFFFh, is RAM. Setting flag 14 shifts the RAM to #F0000h through #FFFFFh, and reconfigures what was previously hidden ROM in its place. o This version does not stop until it finds an instance, or scans the entire address space. So even though the routine is fast, due to the size of the 48's address space, matching certain patterns could take several seconds. Example: Determine the first occurrence of the ARRAY prolog, # 029E8h, in the normally hidden 32k bank of ROM. (flag 14 set) ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³{HOME} ³ ³{HOME} ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³4: ³ ³4: ³ ³3: ³ ³3: ³ ³2: # 29E84h³ ³2: # 29E84h³ ³1: # 70000h³ ³1: # 72001h³ ³### ### ### ### ### ###³ ³### ### ### ### ### ###³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ 1) Enter the bit pattern with 2) The result returned is the the number of nibbles minus one higher than where the one, and the address where actual pattern was found. to begin searching. PEEK Speed is still an essential attribute of this dual functioning PEEK. Only the variable length version will slow slightly when large result strings hundreds of characters long are returned. The routine is smart enough to know which of the PEEKs to implement based on the arguments it's given. When string results are preferred, level two should contain a binary integer that's the address to be peeked, while level one should be a real number representing the length of the result string. The bank shifting features as described in SEEK scheme are also available in this version of PEEK; an example follows. Example: Using PEEK and ASCI->, recover the message array from the hidden ROM found in the previous example. (flag 14 set) ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³{HOME} ³ ³{HOME} ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³4: ³ ³4: ³ ³3: # 29E84h³ ³3: ³ ³2: # 72000h³ ³2: # 29E84h³ ³1: 641³ ³1: Array of String³ ³### ### ### ### ### ###³ ³### ### ### ### ### ###³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ 1) Subtract one from the above 2) Now implement ASCI-> on the result, enter the number of result to obtain the ARRAY. nibbles to be returned, and implement PEEK. POKE Complimenting PEEK is this dual functioning variable length POKE scheme which will accept either a string of hexadecimal characters, or a binary integer for the level two argument that represents the data to be poked. Level one should be a binary integer that is the address to poke. It is important to note that when the level two argument is a binary integer, the wordsize of that specific integer will be used to determine the number of nibbles to poke, and isn't in any way dependent upon the current wordsize returned by RCWS. OUT-> Multifunctioning OUT-> encompasses several of the object types on which OBJ-> will not work. In addition, and analogous to the LIST-> command, ALG-> and PRG-> are intended to function on algebraics, and programs. ARR-> functions identically to ARRY->, but works on all the various array types such as the array of string, algebraic, list, etc. DIR-> decomposes a directory that is in level one into its constituent parts. XLIB-> has also been included; it decomposes visible, and hidden XLIBs into their library and command numbers. Example: Decompose the Array of String obtained in previous example into its constituent parts. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³{HOME} ³ ³{HOME} ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³4: ³ ³4: "Try To Recover Me..³ ³3: ³ ³3: "Replace RAM, Pres..³ ³2: # 29E84h³ ³2: "No Mem To Config ..³ ³1: Array of String³ ³1: { 16 }³ ³### ### ### ### ### ###³ ³### ### ### ### ### ###³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ 1) Using the array obtained 2) Recompose the array again in the previous example, by using the ->ARR routine. implementing OUT-> will The result will look like reveal the strings. that of frame 1). ->ALG Be careful with this one; the stack arguments must be in strict RPN order. As before, ->ALG is analogous to ->LIST, only the result is an algebraic, rather than a list. ->ARR This is my version of ->ARRY; it will build an array of any kind providing all stack arguments are of the same type. (i.e. strings, reals, algebraics, etc.) It functions identically to ->ARRY, except that real and complex numbers can't be mixed. Level one can be either a real number, a list containing a real, or a list containing two reals that is the size the resulting array is to be. ->DIR Builds a directory from the stack on the stack. Level one must contain a real which is the total number of variables that the directory is to contain, level two a global name, and level three the contents of that global name. Because the entire process utilizes dynamic RAM, it is relatively fast for moderately sized directories, but slows substantially on very large ones. Using both the DIR-> feature found in the OUT-> command along with this routine, a directory on the stack can be effectively toggled between its constituent parts, and its composite form. ->PRG Functions identically to ->LIST, only the result is a program, and not a list. ->XLIB Builds an XLIB from two stack arguments. Level two can be either a real number or a binary integer that's the number of the library to which the XLIB belongs. Level one must be the same argument type as level two and should be the command number of the desired XLIB. ADDR Returns the address where the following stack arguments are located in memory: any ROM object, any XLIB belonging to a library stored in a port, any TAGGED that's either a BACKUP object or a LIBRARY stored a port. One final attribute associated with ADDR that merits mentioning, regards those XLIBs that belong to the three intrinsic ROM libraries with a link table. This routine can just as easily locate these address, as it can those in port memory. Even if the memory location happens to be that of the hidden ROM, ADDR will determine its address. RCLIB This multifunctional routine is to a library what RCL is to a directory. RCLIB will recall a library as a fully operational directory. All that is necessary to do is to put either the library's name or (real) number in level one. Again this is slowed greatly on very large libraries. RCLIB will work on any library including ROM (i.e. 2, 240, 1792). Finally, the contents of any library's XLIB can be recalled to the stack; simply put the appropriate XLIB in level one, and the result will be comparable to using RCL on variable stored in a directory. ---------- A final word of caution; do *not* attempt to implement a bank shift using either PEEK, or SEEK, if this library is stored in port 0, or anywhere in the address space being displaced. This means both of the 32k banks that are affected by setting flag 14 are off limits, as far as this feature is concerned, for the storing of this library. Should there be any question about this, or anything else, feel free to call, or write, and I shall be glad to provide any answers of which I might be capable :-). Rick Grevelle (409) 774-1169 ftg0673@tamsun.tamu.edu