1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<?asciidoc-toc?>
<?asciidoc-numbered?>
<refentry lang="en">
<refentryinfo>
<title>ndisasm(1)</title>
</refentryinfo>
<refmeta>
<refentrytitle>ndisasm</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">NASM</refmiscinfo>
<refmiscinfo class="manual">The Netwide Assembler Project</refmiscinfo>
</refmeta>
<refnamediv>
<refname>ndisasm</refname>
<refpurpose>the Netwide Disassembler, an 80x86 binary file disassembler</refpurpose>
</refnamediv>
<refsynopsisdiv id="_synopsis">
<simpara><emphasis role="strong">ndisasm</emphasis> [ <emphasis role="strong">-o</emphasis> origin ] [ <emphasis role="strong">-s</emphasis> sync-point […]] [ <emphasis role="strong">-a</emphasis> | <emphasis role="strong">-i</emphasis> ]
[ <emphasis role="strong">-b</emphasis> bits ] [ <emphasis role="strong">-u</emphasis> ] [ <emphasis role="strong">-e</emphasis> hdrlen ] [ <emphasis role="strong">-p</emphasis> vendor ]
[ <emphasis role="strong">-k</emphasis> offset,length […]] infile</simpara>
</refsynopsisdiv>
<refsect1 id="_description">
<title>DESCRIPTION</title>
<simpara>The <emphasis role="strong">ndisasm</emphasis> command generates a disassembly listing of the binary file
infile and directs it to stdout.</simpara>
</refsect1>
<refsect1 id="_options">
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>
<emphasis role="strong">-h</emphasis>
</term>
<listitem>
<simpara>
Causes <emphasis role="strong">ndisasm</emphasis> to exit immediately, after giving a summary
of its invocation options.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-r</emphasis>|<emphasis role="strong">-v</emphasis>
</term>
<listitem>
<simpara>
Causes <emphasis role="strong">ndisasm</emphasis> to exit immediately, after displaying its
version number.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-o</emphasis> <emphasis>origin</emphasis>
</term>
<listitem>
<simpara>
Specifies the notional load address for the file. This
option causes <emphasis role="strong">ndisasm</emphasis> to get the addresses it lists
down the left hand margin, and the target addresses
of PC-relative jumps and calls, right.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-s</emphasis> <emphasis>sync-point</emphasis>
</term>
<listitem>
<simpara>
Manually specifies a synchronisation address, such that
<emphasis role="strong">ndisasm</emphasis> will not output any machine instruction which
encompasses bytes on both sides of the address. Hence
the instruction which starts at that address will be
correctly disassembled.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-e</emphasis> <emphasis>hdrlen</emphasis>
</term>
<listitem>
<simpara>
Specifies a number of bytes to discard from the beginning
of the file before starting disassembly. This does not
count towards the calculation of the disassembly offset:
the first <emphasis>disassembled</emphasis> instruction will be shown starting
at the given load address.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-k</emphasis> <emphasis>offset,length</emphasis>
</term>
<listitem>
<simpara>
Specifies that <emphasis>length</emphasis> bytes, starting from disassembly
offset <emphasis>offset</emphasis>, should be skipped over without generating
any output. The skipped bytes still count towards the
calculation of the disassembly offset.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-a</emphasis>|<emphasis role="strong">-i</emphasis>
</term>
<listitem>
<simpara>
Enables automatic (or intelligent) sync mode, in which
<emphasis role="strong">ndisasm</emphasis> will attempt to guess where synchronisation should
be performed, by means of examining the target addresses
of the relative jumps and calls it disassembles.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-b</emphasis> <emphasis>bits</emphasis>
</term>
<listitem>
<simpara>
Specifies 16-, 32- or 64-bit mode. The default is 16-bit
mode.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-u</emphasis>
</term>
<listitem>
<simpara>
Specifies 32-bit mode, more compactly than using ‘-b 32’.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-p</emphasis> <emphasis>vendor</emphasis>
</term>
<listitem>
<simpara>
Prefers instructions as defined by <emphasis>vendor</emphasis> in case of
a conflict. Known <emphasis>vendor</emphasis> names include <emphasis role="strong">intel</emphasis>, <emphasis role="strong">amd</emphasis>,
<emphasis role="strong">cyrix</emphasis>, and <emphasis role="strong">idt</emphasis>. The default is <emphasis role="strong">intel</emphasis>.
</simpara>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="_restrictions">
<title>RESTRICTIONS</title>
<simpara><emphasis role="strong">ndisasm</emphasis> only disassembles binary files: it has no understanding of
the header information present in object or executable files.
If you want to disassemble an object file, you should probably
be using <emphasis role="strong">objdump</emphasis>(1).</simpara>
<simpara>Auto-sync mode won’t necessarily cure all your synchronisation
problems: a sync marker can only be placed automatically if a
jump or call instruction is found to refer to it <emphasis>before</emphasis>
<emphasis role="strong">ndisasm</emphasis> actually disassembles that part of the code. Also,
if spurious jumps or calls result from disassembling
non-machine-code data, sync markers may get placed in strange
places. Feel free to turn auto-sync off and go back to doing
it manually if necessary.</simpara>
</refsect1>
<refsect1 id="_see_also">
<title>SEE ALSO</title>
<simpara><emphasis role="strong">objdump</emphasis>(1)</simpara>
</refsect1>
</refentry>
|
