Ok, chapter one.
First of all I have to explain a little how the GeoRam-NeoRam cartridge works. It takes advantage of a little zone in the C64 memory map used for I/O with interface extensions, from DE00h to DFFFh. The cartridge implements a 256b window on DE00h-DEFFh to read/write the extra memory. To select the visible 256b area two memory registers are provided, DFFFh to select the 16kb block and DFFEh to select the 256b page inside the 16kb block.
A typical cartridge has 512k of memory inside, but can grow up to 4M, i.e. DFFFh will contain from 0 to 31 or up to 255. On the other side DFFEh will hold 0 to 63, the number of possible 256b pages on a 16k block. Both registers are write-only, so the values have to be maintained on the program's variable zone.
------------
Launcher: just at block 0, page 0, there is a little launcher that copies a loader on main memory. The game can be started with SYS 57000, SYS 57E3 OR SYS DE00(I don't know why all the possibilities).
DE00 78 SEI ;disable interrupt
DE01 A2 1A LDX #$1A ;load index register X inmediate with 1Ah
DE03 BD 00 DE LDA $DE00,X ;load A absolute indexed with X, (base address $DE00+X)
DE06 8D 00 08 STA $0800 ;store A absolute on ($0800)
DE09 E8 INX ;increment X
DE0A F0 06 BEQ $DE12 ;branch if 0 so, copy from $DE1A to $DEFF
DE0C EE 07 DE INC $DE07 ;automodified code increments byte at $DE07
DE0F 4C 03 DE JMP $DE03 ;loop ;jump to absolute address
DE12 A9 00 LDA #$00 ;ld A inmediate with $00
DE14 8D 07 DE STA $DE07 ;automodified code restores a $00 byte at $DE07
DE17 4C 00 08 JMP $0800 ;jump to the copied code at $0800
This copies the following 230b chunk from the 256b window to 0800h in main memory and then jumps at it.
Loader:
0800 A9 00 LDA #$00 ;ld A inmediate with $00
0802 8D FF DF STA $DFFF ;selects NeoRam 16k block 0
0805 8D FE DF STA $DFFE ;selects NeoRam 256b page 0
0808 AD CE DE LDA $DECE ; still unknown
080B 85 02 STA $02 ;this address is left unused on stock configuration
080D AD 11 D0 LDA $D011 ;Screen control register #1
0810 29 EF AND #$EF ;11101111b Bit #4: 0 = Screen off
0812 8D 11 D0 STA $D011 ;Screen control register #1
0815 AD 91 08 LDA $0891 ;middle byte address of NeoRam ?
0818 8D 93 08 STA $0893 ;store intermediary value
081B 29 3F AND #$3F ;00111111b 0 to 63 256b pages
081D 8D FE DF STA $DFFE ;selects NeoRam 256b page
0820 AD 92 08 LDA $0892 ;high byte address of NeoRam ?
0823 0E 93 08 ASL $0893 ;\
0826 2A ROL A ; \ take two higher bits of the intermediary byte and
0827 0E 93 08 ASL $0893 ; / put them on the two lower bits of the accumulator
082A 2A ROL A ;/
082B 8D FF DF STA $DFFF ;selects NeoRam 16k block
082E A2 00 LDX #$00
0830 BD 00 DE LDA $DE00,X ;\ transfer 256bytes chunks always from the $DE00-$DEFF
0833 9D 00 10 STA $1000,X ; \ cartridge window, to $1000-$3FFF the code starts
0836 E8 INX ; / at $60C00-$63BFF on the cartridge memory always 16kb
0837 D0 F7 BNE $0830 ;/ block 18h, 24d, and 256b pages from 0Ch-3Bh, 12d-59d
0839 EE 35 08 INC $0835 ; this increases 256b the destination pointer
083C EE 91 08 INC $0891 ; this increases the page on the cartridge pointer
083F D0 03 BNE $0844 ; end of pages on the 16kb block
0841 EE 92 08 INC $0892 ;next 16kb block
0844 AD 35 08 LDA $0835 ;
0847 C9 40 CMP #$40 ;check if end of count
0849 D0 B5 BNE $0800 ;loop
084B 4C 00 10 JMP $1000 ;start the game
084E to 088D:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
088E 4C 00 DE JMP $DE00
0891 0C
0892 06
0893 00
0894 to 08B2:
65 6E 74 68 75 73 69 20 6F 66 20 6F 6E 73 6C 61
75 67 68 74 20 20 20 6F 70 74 69 6F 6E 73 3A
"enthusi of onslaught options:"
08B3 7C
08B4 00
08B5 00
08B6 7C
08B7 to 08E5:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Basically what it does is to load a contiguous zone from the cartridge to main memory at 1000h. This is very good news, because then I can take directly the chunk from the cartridge image and disassembly it externally of WinVice, the emulator and de-bugger I am using.