|
10554
|
1 ndisasm(1)
|
|
|
2 ==========
|
|
|
3 :doctype: manpage
|
|
|
4 :man source: NASM
|
|
|
5 :man manual: The Netwide Assembler Project
|
|
|
6
|
|
|
7 NAME
|
|
|
8 ----
|
|
|
9 ndisasm - the Netwide Disassembler, an 80x86 binary file disassembler
|
|
|
10
|
|
|
11 SYNOPSIS
|
|
|
12 --------
|
|
|
13 *ndisasm* [ *-o* origin ] [ *-s* sync-point [...]] [ *-a* | *-i* ]
|
|
|
14 [ *-b* bits ] [ *-u* ] [ *-e* hdrlen ] [ *-p* vendor ]
|
|
|
15 [ *-k* offset,length [...]] infile
|
|
|
16
|
|
|
17 DESCRIPTION
|
|
|
18 -----------
|
|
|
19 The *ndisasm* command generates a disassembly listing of the binary file
|
|
|
20 infile and directs it to stdout.
|
|
|
21
|
|
|
22 OPTIONS
|
|
|
23 -------
|
|
|
24 *-h*::
|
|
|
25 Causes *ndisasm* to exit immediately, after giving a summary
|
|
|
26 of its invocation options.
|
|
|
27
|
|
|
28 *-r*|*-v*::
|
|
|
29 Causes *ndisasm* to exit immediately, after displaying its
|
|
|
30 version number.
|
|
|
31
|
|
|
32 *-o* 'origin'::
|
|
|
33 Specifies the notional load address for the file. This
|
|
|
34 option causes *ndisasm* to get the addresses it lists
|
|
|
35 down the left hand margin, and the target addresses
|
|
|
36 of PC-relative jumps and calls, right.
|
|
|
37
|
|
|
38 *-s* 'sync-point'::
|
|
|
39 Manually specifies a synchronisation address, such that
|
|
|
40 *ndisasm* will not output any machine instruction which
|
|
|
41 encompasses bytes on both sides of the address. Hence
|
|
|
42 the instruction which starts at that address will be
|
|
|
43 correctly disassembled.
|
|
|
44
|
|
|
45 *-e* 'hdrlen'::
|
|
|
46 Specifies a number of bytes to discard from the beginning
|
|
|
47 of the file before starting disassembly. This does not
|
|
|
48 count towards the calculation of the disassembly offset:
|
|
|
49 the first 'disassembled' instruction will be shown starting
|
|
|
50 at the given load address.
|
|
|
51
|
|
|
52 *-k* 'offset,length'::
|
|
|
53 Specifies that 'length' bytes, starting from disassembly
|
|
|
54 offset 'offset', should be skipped over without generating
|
|
|
55 any output. The skipped bytes still count towards the
|
|
|
56 calculation of the disassembly offset.
|
|
|
57
|
|
|
58 *-a*|*-i*::
|
|
|
59 Enables automatic (or intelligent) sync mode, in which
|
|
|
60 *ndisasm* will attempt to guess where synchronisation should
|
|
|
61 be performed, by means of examining the target addresses
|
|
|
62 of the relative jumps and calls it disassembles.
|
|
|
63
|
|
|
64 *-b* 'bits'::
|
|
|
65 Specifies 16-, 32- or 64-bit mode. The default is 16-bit
|
|
|
66 mode.
|
|
|
67
|
|
|
68 *-u*::
|
|
|
69 Specifies 32-bit mode, more compactly than using `-b 32'.
|
|
|
70
|
|
|
71 *-p* 'vendor'::
|
|
|
72 Prefers instructions as defined by 'vendor' in case of
|
|
|
73 a conflict. Known 'vendor' names include *intel*, *amd*,
|
|
|
74 *cyrix*, and *idt*. The default is *intel*.
|
|
|
75
|
|
|
76 RESTRICTIONS
|
|
|
77 ------------
|
|
|
78 *ndisasm* only disassembles binary files: it has no understanding of
|
|
|
79 the header information present in object or executable files.
|
|
|
80 If you want to disassemble an object file, you should probably
|
|
|
81 be using *objdump*(1).
|
|
|
82
|
|
|
83 Auto-sync mode won't necessarily cure all your synchronisation
|
|
|
84 problems: a sync marker can only be placed automatically if a
|
|
|
85 jump or call instruction is found to refer to it 'before'
|
|
|
86 *ndisasm* actually disassembles that part of the code. Also,
|
|
|
87 if spurious jumps or calls result from disassembling
|
|
|
88 non-machine-code data, sync markers may get placed in strange
|
|
|
89 places. Feel free to turn auto-sync off and go back to doing
|
|
|
90 it manually if necessary.
|
|
|
91
|
|
|
92 SEE ALSO
|
|
|
93 --------
|
|
|
94 *objdump*(1)
|
