GNU Info
(nasm.info)Section A.3.2
A.3.2. Code Following Data: Synchronisation
-------------------------------------------
Suppose you are disassembling a file which contains some data which
isn't machine code, and _then_ contains some machine code. NDISASM will
faithfully plough through the data section, producing machine
instructions wherever it can (although most of them will look bizarre,
and some may have unusual prefixes, e.g. ``FS OR AX,0x240A''), and
generating `DB' instructions ever so often if it's totally stumped.
Then it will reach the code section.
Supposing NDISASM has just finished generating a strange machine
instruction from part of the data section, and its file position is now
one byte _before_ the beginning of the code section. It's entirely
possible that another spurious instruction will get generated, starting
with the final byte of the data section, and then the correct first
instruction in the code section will not be seen because the starting
point skipped over it. This isn't really ideal.
To avoid this, you can specify a ``synchronisation'' point, or indeed
as many synchronisation points as you like (although NDISASM can only
handle 8192 sync points internally). The definition of a sync point is
this: NDISASM guarantees to hit sync points exactly during disassembly.
If it is thinking about generating an instruction which would cause it
to jump over a sync point, it will discard that instruction and output a
``db'' instead. So it _will_ start disassembly exactly from the sync
point, and so you _will_ see all the instructions in your code section.
Sync points are specified using the `-s' option: they are measured in
terms of the program origin, not the file position. So if you want to
synchronise after 32 bytes of a `.COM' file, you would have to do
ndisasm -o100h -s120h file.com
rather than
ndisasm -o100h -s20h file.com
As stated above, you can specify multiple sync markers if you need
to, just by repeating the `-s' option.
automatically generated by info2www version 1.2.2.9