Mac OS X Developer Tools Manual Page For ndisasm(1)

ADC Home > Reference Library > Reference > Mac OS X > Mac OS X Man Pages

This document is a Mac OS X manual page. Manual pages are a command-line technology for providing documentation. You can view these manual pages locally using the man(1) command. These manual pages come from many different sources, and thus, have a variety of writing styles.

This manual page is associated with the Mac OS X developer tools. The software or headers described may not be present on your Mac OS X installation until you install the developer tools package. This package is available on your Mac OS X installation DVD, and the latest versions can be downloaded from developer.apple.com.

For more information about the manual page format, see the manual page for manpages(5).

NDISASM(1) NDISASM(1)

NAME
ndisasm - the Netwide Disassembler, an 80x86 binary file disassembler

SYNOPSIS
ndisasm [ -o origin ] [ -s sync-point [...]] [ -a | -i ] [ -b bits ] [ -u ] [ -e hdrlen ] [ -k off-set,length offset,length
set,length [...]] infile
ndisasm -h
ndisasm -r

DESCRIPTION
The ndisasm command generates a disassembly listing of the binary file infile and directs it to std-out. stdout.
out.

OPTIONS
-h Causes ndisasm to exit immediately, after giving a summary of its invocation options.

-r Causes ndisasm to exit immediately, after displaying its version number.

-o origin
Specifies the notional load address for the file. This option causes ndisasm to get the
addresses it lists down the left hand margin, and the target addresses of PC-relative jumps
and calls, right.

-s sync-point
Manually specifies a synchronisation address, such that ndisasm will not output any machine
instruction which encompasses bytes on both sides of the address. Hence the instruction which
starts at that address will be correctly disassembled.

-e hdrlen
Specifies a number of bytes to discard from the beginning of the file before starting disas-sembly. disassembly.
sembly. This does not count towards the calculation of the disassembly offset: the first dis-assembled disassembled
assembled instruction will be shown starting at the given load address.

-k offset,length
Specifies that length bytes, starting from disassembly offset offset, should be skipped over
without generating any output. The skipped bytes still count towards the calculation of the
disassembly offset.

-a or -i
Enables automatic (or intelligent) sync mode, in which ndisasm will attempt to guess where
synchronisation should be performed, by means of examining the target addresses of the rela-tive relative
tive jumps and calls it disassembles.

-b bits
Specifies either 16-bit or 32-bit mode. The default is 16-bit mode.

-u Specifies 32-bit mode, more compactly than using `-b 32'.

-p vendor
Prefers instructions as defined by vendor in case of a conflict. Known vendor names include
intel, amd, cyrix, and idt. The default is intel.

RESTRICTIONS
ndisasm only disassembles binary files: it has no understanding of the header information present in
object or executable files. If you want to disassemble an object file, you should probably be using
objdump(1).

Auto-sync mode won't necessarily cure all your synchronisation problems: a sync marker can only be
placed automatically if a jump or call instruction is found to refer to it before ndisasm actually
disassembles that part of the code. Also, if spurious jumps or calls result from disassembling non-machine-code nonmachine-code
machine-code data, sync markers may get placed in strange places. Feel free to turn auto-sync off and
go back to doing it manually if necessary.

ndisasm can only keep track of 8192 sync markers internally at once: this is to do with portability,
since DOS machines don't take kindly to more than 64K being allocated at a time.