x86dis(1) [debian man page]

X86DIS(1)							     libdisasm								 X86DIS(1)

NAME

       x86dis - disassemble a bytestream of Intel x86 instructions

SYNTAX

       x86dis [-a offset|--addr=offset]
	      [-r offset len|--range=offset len]
	      [-e offset|--entry=offset]
	      [-s name|--syntax=name]
	      [-d name|--desc=name]
	      [-f file|--file=file]
	      [-o file|--out=file]
	      [-l file|--log=file]
	      [-p num|--pagesize=num]
	      [-h|-?|--help]
	      [-v|--version]

DESCRIPTION

       A command-line interface to the libdisasm disassembler library.

OPTIONS

       At least one option from the list -a, -e, -r must be given.

       -f, --file=file
	      Read input bytes from file instead of stdin

       -o, --out=file
	      Write output to file instead of stdout

       -l, --log=file
	      Log errors to file instead of stderr

       -p, --pagesize=num
	      Set page size for buffering STDIN to num (default 512K)

       -s, --syntax=name
	      Set output syntax to name, where name is one of intel
	      (Intel syntax), att (AT&T syntax), raw (libdisasm syntax)

       -d, --desc=name
	      Print a description of syntax name

       -a, --addr=offset
	      Disassemble single instruction at offset

       -e, --entry=offset
	      Disassemble forward from offset

       -r, --range=offset len
	      Disassemble len bytes starting at offset

       All  offset  and  len  parameters  are expected to follow the conventions used in strtoul(3), where hexadecimal numbers have the prefix 0x,
       octal numbers have the prefix 0, and decimal numbers have no prefix. A value of 0 for len indicates that that range extends to the  end	of
       the file.

EXAMPLES

       cat `which ls` | x86dis -s intel -e 0x00 -r 0x00 -1 -a 0xEEEE
       x86dis -e 0 -s intel < bootsect.img
       x86dis -d -s raw -f a.out -e `readelf -h a.out |
	     grep  Entry  |   awk  '{ printf( "0x%%x",	     strtonum($4) - 0x8048000 ) }` echo '55 89 e5 83 EC 08' | perl -ane 'foreach(@F){print
       pack("C",hex);}'| x86dis -e 0 -s att

NOTES

       x86dis performs no file format parsing, nor any verification that its input is in fact executable binary code. All offsets are  assumed	to
       be  from  the  start  of the file, with no load addresses applied. The intent is to provide a bytestream disassembler rather than an object
       file disassembler.

       Descriptions of the various output formats can be obtained using the -d option.

AUTHORS

       mammon_ <mammon_@users.sourceforge.net>

SEE ALSO

       bastard(1), libdisasm(7), x86_disasm(3), x86_format_insn(3), x86_init(3)

mammon_ 							       0.21								 X86DIS(1)

NDISASM(1)						   The Netwide Assembler Project						NDISASM(1)

NAME

       ndisasm - the Netwide Disassembler, an 80x86 binary file disassembler

SYNOPSIS

       ndisasm [ -o origin ] [ -s sync-point [...]] [ -a | -i ] [ -b bits ] [ -u ] [ -e hdrlen ] [ -p vendor ] [ -k offset,length [...]] infile

DESCRIPTION

       The ndisasm command generates a disassembly listing of the binary file infile and directs it to stdout.

OPTIONS

       -h
	   Causes ndisasm to exit immediately, after giving a summary of its invocation options.

       -r|-v
	   Causes ndisasm to exit immediately, after displaying its version number.

       -o origin
	   Specifies the notional load address for the file. This option causes ndisasm to get the addresses it lists down the left hand margin,
	   and the target addresses of PC-relative jumps and calls, right.

       -s sync-point
	   Manually specifies a synchronisation address, such that ndisasm will not output any machine instruction which encompasses bytes on both
	   sides of the address. Hence the instruction which starts at that address will be correctly disassembled.

       -e hdrlen
	   Specifies a number of bytes to discard from the beginning of the file before starting disassembly. This does not count towards the
	   calculation of the disassembly offset: the first disassembled instruction will be shown starting at the given load address.

       -k offset,length
	   Specifies that length bytes, starting from disassembly offset offset, should be skipped over without generating any output. The skipped
	   bytes still count towards the calculation of the disassembly offset.

       -a|-i
	   Enables automatic (or intelligent) sync mode, in which ndisasm will attempt to guess where synchronisation should be performed, by
	   means of examining the target addresses of the relative jumps and calls it disassembles.

       -b bits
	   Specifies 16-, 32- or 64-bit mode. The default is 16-bit mode.

       -u
	   Specifies 32-bit mode, more compactly than using '-b 32'.

       -p vendor
	   Prefers instructions as defined by vendor in case of a conflict. Known vendor names include intel, amd, cyrix, and idt. The default is
	   intel.

RESTRICTIONS

       ndisasm only disassembles binary files: it has no understanding of the header information present in object or executable files. If you
       want to disassemble an object file, you should probably be using objdump(1).

       Auto-sync mode won't necessarily cure all your synchronisation problems: a sync marker can only be placed automatically if a jump or call
       instruction is found to refer to it before ndisasm actually disassembles that part of the code. Also, if spurious jumps or calls result
       from disassembling non-machine-code data, sync markers may get placed in strange places. Feel free to turn auto-sync off and go back to
       doing it manually if necessary.

SEE ALSO

       objdump(1)

NASM
								    06/09/2014								NDISASM(1)