<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<?asciidoc-toc?>
<?asciidoc-numbered?>
<refentry lang="en">
<refentryinfo>
<title>ndisasm(1)</title>
</refentryinfo>
<refmeta>
<refentrytitle>ndisasm</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">NASM</refmiscinfo>
<refmiscinfo class="manual">The Netwide Assembler Project</refmiscinfo>
</refmeta>
<refnamediv>
<refname>ndisasm</refname>
<refpurpose>the Netwide Disassembler, an 80x86 binary file disassembler</refpurpose>
</refnamediv>
<refsynopsisdiv id="_synopsis">
<simpara><emphasis role="strong">ndisasm</emphasis> [ <emphasis role="strong">-o</emphasis> origin ] [ <emphasis role="strong">-s</emphasis> sync-point […]] [ <emphasis role="strong">-a</emphasis> | <emphasis role="strong">-i</emphasis> ]
[ <emphasis role="strong">-b</emphasis> bits ] [ <emphasis role="strong">-u</emphasis> ] [ <emphasis role="strong">-e</emphasis> hdrlen ] [ <emphasis role="strong">-p</emphasis> vendor ]
[ <emphasis role="strong">-k</emphasis> offset,length […]] infile</simpara>
</refsynopsisdiv>
<refsect1 id="_description">
<title>DESCRIPTION</title>
<simpara>The <emphasis role="strong">ndisasm</emphasis> command generates a disassembly listing of the binary file
infile and directs it to stdout.</simpara>
</refsect1>
<refsect1 id="_options">
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>
<emphasis role="strong">-h</emphasis>
</term>
<listitem>
<simpara>
Causes <emphasis role="strong">ndisasm</emphasis> to exit immediately, after giving a summary
of its invocation options.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-r</emphasis>|<emphasis role="strong">-v</emphasis>
</term>
<listitem>
<simpara>
Causes <emphasis role="strong">ndisasm</emphasis> to exit immediately, after displaying its
version number.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-o</emphasis> <emphasis>origin</emphasis>
</term>
<listitem>
<simpara>
Specifies the notional load address for the file. This
option causes <emphasis role="strong">ndisasm</emphasis> to get the addresses it lists
down the left hand margin, and the target addresses
of PC-relative jumps and calls, right.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-s</emphasis> <emphasis>sync-point</emphasis>
</term>
<listitem>
<simpara>
Manually specifies a synchronisation address, such that
<emphasis role="strong">ndisasm</emphasis> will not output any machine instruction which
encompasses bytes on both sides of the address. Hence
the instruction which starts at that address will be
correctly disassembled.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-e</emphasis> <emphasis>hdrlen</emphasis>
</term>
<listitem>
<simpara>
Specifies a number of bytes to discard from the beginning
of the file before starting disassembly. This does not
count towards the calculation of the disassembly offset:
the first <emphasis>disassembled</emphasis> instruction will be shown starting
at the given load address.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-k</emphasis> <emphasis>offset,length</emphasis>
</term>
<listitem>
<simpara>
Specifies that <emphasis>length</emphasis> bytes, starting from disassembly
offset <emphasis>offset</emphasis>, should be skipped over without generating
any output. The skipped bytes still count towards the
calculation of the disassembly offset.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-a</emphasis>|<emphasis role="strong">-i</emphasis>
</term>
<listitem>
<simpara>
Enables automatic (or intelligent) sync mode, in which
<emphasis role="strong">ndisasm</emphasis> will attempt to guess where synchronisation should
be performed, by means of examining the target addresses
of the relative jumps and calls it disassembles.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-b</emphasis> <emphasis>bits</emphasis>
</term>
<listitem>
<simpara>
Specifies 16-, 32- or 64-bit mode. The default is 16-bit
mode.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-u</emphasis>
</term>
<listitem>
<simpara>
Specifies 32-bit mode, more compactly than using ‘-b 32’.
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>
<emphasis role="strong">-p</emphasis> <emphasis>vendor</emphasis>
</term>
<listitem>
<simpara>
Prefers instructions as defined by <emphasis>vendor</emphasis> in case of
a conflict. Known <emphasis>vendor</emphasis> names include <emphasis role="strong">intel</emphasis>, <emphasis role="strong">amd</emphasis>,
<emphasis role="strong">cyrix</emphasis>, and <emphasis role="strong">idt</emphasis>. The default is <emphasis role="strong">intel</emphasis>.
</simpara>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="_restrictions">
<title>RESTRICTIONS</title>
<simpara><emphasis role="strong">ndisasm</emphasis> only disassembles binary files: it has no understanding of
the header information present in object or executable files.
If you want to disassemble an object file, you should probably
be using <emphasis role="strong">objdump</emphasis>(1).</simpara>
<simpara>Auto-sync mode won’t necessarily cure all your synchronisation
problems: a sync marker can only be placed automatically if a
jump or call instruction is found to refer to it <emphasis>before</emphasis>
<emphasis role="strong">ndisasm</emphasis> actually disassembles that part of the code. Also,
if spurious jumps or calls result from disassembling
non-machine-code data, sync markers may get placed in strange
places. Feel free to turn auto-sync off and go back to doing
it manually if necessary.</simpara>
</refsect1>
<refsect1 id="_see_also">
<title>SEE ALSO</title>
<simpara><emphasis role="strong">objdump</emphasis>(1)</simpara>
</refsect1>
</refentry>