DMA theft? Sure, why not.Memblers wrote:The OAM data shows up on the data bus, so a cart can interact with it. I think that would be a neat way to copy data to the mapper, but that's for another topic.
pseudocode for verilog
0. wait for enable/ 0b. wait for write of destination to mapper
1. on next write of #$xx to $4014 (requires all CPU address lines!! And data lines, since we want to spy.)...
2. for yy = 0...$ff
3. wait for CPU_ADDR = $xxyy [alternately, $2004]
4. copy CPU_DATA to [destination]+yy on cart
===
Meanwhile, register-spying, as it would mainly require memory space, having included all of
on read/write to 1'b001x_xxxx_xxxx_xyyy
--copy to memory
(If 2005/6, twiddle address latch; on 2002 read, clear it)
on read/write to 1'b0100_0000_000y_yyyy
--copy to memory
Then, make accessible (on $4018? $4019? $4009? $400D?) after writing for which register you want (there are only 30, but with several have multiple modes- 2005/6 have two bytes, 4016/7 have reads and writes with different meaning, plus we might want what the internal-scroll variables are or something)