|
10554
|
1 '\" t
|
|
|
2 .\" Title: ndisasm
|
|
|
3 .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
|
|
|
4 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
|
|
|
5 .\" Date: 03/28/2017
|
|
|
6 .\" Manual: The Netwide Assembler Project
|
|
|
7 .\" Source: NASM
|
|
|
8 .\" Language: English
|
|
|
9 .\"
|
|
|
10 .TH "NDISASM" "1" "03/28/2017" "NASM" "The Netwide Assembler Project"
|
|
|
11 .\" -----------------------------------------------------------------
|
|
|
12 .\" * Define some portability stuff
|
|
|
13 .\" -----------------------------------------------------------------
|
|
|
14 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
15 .\" http://bugs.debian.org/507673
|
|
|
16 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
|
|
|
17 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
18 .ie \n(.g .ds Aq \(aq
|
|
|
19 .el .ds Aq '
|
|
|
20 .\" -----------------------------------------------------------------
|
|
|
21 .\" * set default formatting
|
|
|
22 .\" -----------------------------------------------------------------
|
|
|
23 .\" disable hyphenation
|
|
|
24 .nh
|
|
|
25 .\" disable justification (adjust text to left margin only)
|
|
|
26 .ad l
|
|
|
27 .\" -----------------------------------------------------------------
|
|
|
28 .\" * MAIN CONTENT STARTS HERE *
|
|
|
29 .\" -----------------------------------------------------------------
|
|
|
30 .SH "NAME"
|
|
|
31 ndisasm \- the Netwide Disassembler, an 80x86 binary file disassembler
|
|
|
32 .SH "SYNOPSIS"
|
|
|
33 .sp
|
|
|
34 \fBndisasm\fR [ \fB\-o\fR origin ] [ \fB\-s\fR sync\-point [\&...]] [ \fB\-a\fR | \fB\-i\fR ] [ \fB\-b\fR bits ] [ \fB\-u\fR ] [ \fB\-e\fR hdrlen ] [ \fB\-p\fR vendor ] [ \fB\-k\fR offset,length [\&...]] infile
|
|
|
35 .SH "DESCRIPTION"
|
|
|
36 .sp
|
|
|
37 The \fBndisasm\fR command generates a disassembly listing of the binary file infile and directs it to stdout\&.
|
|
|
38 .SH "OPTIONS"
|
|
|
39 .PP
|
|
|
40 \fB\-h\fR
|
|
|
41 .RS 4
|
|
|
42 Causes
|
|
|
43 \fBndisasm\fR
|
|
|
44 to exit immediately, after giving a summary of its invocation options\&.
|
|
|
45 .RE
|
|
|
46 .PP
|
|
|
47 \fB\-r\fR|\fB\-v\fR
|
|
|
48 .RS 4
|
|
|
49 Causes
|
|
|
50 \fBndisasm\fR
|
|
|
51 to exit immediately, after displaying its version number\&.
|
|
|
52 .RE
|
|
|
53 .PP
|
|
|
54 \fB\-o\fR \fIorigin\fR
|
|
|
55 .RS 4
|
|
|
56 Specifies the notional load address for the file\&. This option causes
|
|
|
57 \fBndisasm\fR
|
|
|
58 to get the addresses it lists down the left hand margin, and the target addresses of PC\-relative jumps and calls, right\&.
|
|
|
59 .RE
|
|
|
60 .PP
|
|
|
61 \fB\-s\fR \fIsync\-point\fR
|
|
|
62 .RS 4
|
|
|
63 Manually specifies a synchronisation address, such that
|
|
|
64 \fBndisasm\fR
|
|
|
65 will not output any machine instruction which encompasses bytes on both sides of the address\&. Hence the instruction which starts at that address will be correctly disassembled\&.
|
|
|
66 .RE
|
|
|
67 .PP
|
|
|
68 \fB\-e\fR \fIhdrlen\fR
|
|
|
69 .RS 4
|
|
|
70 Specifies a number of bytes to discard from the beginning of the file before starting disassembly\&. This does not count towards the calculation of the disassembly offset: the first
|
|
|
71 \fIdisassembled\fR
|
|
|
72 instruction will be shown starting at the given load address\&.
|
|
|
73 .RE
|
|
|
74 .PP
|
|
|
75 \fB\-k\fR \fIoffset,length\fR
|
|
|
76 .RS 4
|
|
|
77 Specifies that
|
|
|
78 \fIlength\fR
|
|
|
79 bytes, starting from disassembly offset
|
|
|
80 \fIoffset\fR, should be skipped over without generating any output\&. The skipped bytes still count towards the calculation of the disassembly offset\&.
|
|
|
81 .RE
|
|
|
82 .PP
|
|
|
83 \fB\-a\fR|\fB\-i\fR
|
|
|
84 .RS 4
|
|
|
85 Enables automatic (or intelligent) sync mode, in which
|
|
|
86 \fBndisasm\fR
|
|
|
87 will attempt to guess where synchronisation should be performed, by means of examining the target addresses of the relative jumps and calls it disassembles\&.
|
|
|
88 .RE
|
|
|
89 .PP
|
|
|
90 \fB\-b\fR \fIbits\fR
|
|
|
91 .RS 4
|
|
|
92 Specifies 16\-, 32\- or 64\-bit mode\&. The default is 16\-bit mode\&.
|
|
|
93 .RE
|
|
|
94 .PP
|
|
|
95 \fB\-u\fR
|
|
|
96 .RS 4
|
|
|
97 Specifies 32\-bit mode, more compactly than using \(oq\-b 32\(cq\&.
|
|
|
98 .RE
|
|
|
99 .PP
|
|
|
100 \fB\-p\fR \fIvendor\fR
|
|
|
101 .RS 4
|
|
|
102 Prefers instructions as defined by
|
|
|
103 \fIvendor\fR
|
|
|
104 in case of a conflict\&. Known
|
|
|
105 \fIvendor\fR
|
|
|
106 names include
|
|
|
107 \fBintel\fR,
|
|
|
108 \fBamd\fR,
|
|
|
109 \fBcyrix\fR, and
|
|
|
110 \fBidt\fR\&. The default is
|
|
|
111 \fBintel\fR\&.
|
|
|
112 .RE
|
|
|
113 .SH "RESTRICTIONS"
|
|
|
114 .sp
|
|
|
115 \fBndisasm\fR only disassembles binary files: it has no understanding of the header information present in object or executable files\&. If you want to disassemble an object file, you should probably be using \fBobjdump\fR(1)\&.
|
|
|
116 .sp
|
|
|
117 Auto\-sync mode won\(cqt necessarily cure all your synchronisation problems: a sync marker can only be placed automatically if a jump or call instruction is found to refer to it \fIbefore\fR \fBndisasm\fR actually disassembles that part of the code\&. Also, if spurious jumps or calls result from disassembling non\-machine\-code data, sync markers may get placed in strange places\&. Feel free to turn auto\-sync off and go back to doing it manually if necessary\&.
|
|
|
118 .SH "SEE ALSO"
|
|
|
119 .sp
|
|
|
120 \fBobjdump\fR(1)
|
