www.fifi.org
    Documentation
        Manpages
        GNU Info
        Debian document tree
        Whole document tree
    Trigance web page
    Public services
    User info
    Mailing lists
    Secure server
    Multilingual usage
 

Copyright (C) 2000-2012
Philippe Troin
<webmaster@fifi.org>.

Validate HTML
Validate CSS

    

GNU Info

Info Node: (nasm.info)Section A.3.3

(nasm.info)Section A.3.3

Next: Section A.3.4 Prev: Section A.3.2 Up: Section A.3
Enter node , (file) or (file)node 

A.3.3. Mixed Code and Data: Automatic (Intelligent) Synchronisation
-------------------------------------------------------------------

   Suppose you are disassembling the boot sector of a `DOS' floppy
(maybe it has a virus, and you need to understand the virus so that you
know what kinds of damage it might have done you). Typically, this will
contain a `JMP' instruction, then some data, then the rest of the code.
So there is a very good chance of NDISASM being _misaligned_ when the
data ends and the code begins. Hence a sync point is needed.

   On the other hand, why should you have to specify the sync point
manually?  What you'd do in order to find where the sync point would
be, surely, would be to read the `JMP' instruction, and then to use its
target address as a sync point. So can NDISASM do that for you?

   The answer, of course, is yes: using either of the synonymous
switches `-a' (for automatic sync) or `-i' (for intelligent sync) will
enable `auto-sync' mode. Auto-sync mode automatically generates a sync
point for any forward-referring PC-relative jump or call instruction
that NDISASM encounters. (Since NDISASM is one-pass, if it encounters a
PC- relative jump whose target has already been processed, there isn't
much it can do about it...)

   Only PC-relative jumps are processed, since an absolute jump is
either through a register (in which case NDISASM doesn't know what the
register contains) or involves a segment address (in which case the
target code isn't in the same segment that NDISASM is working in, and
so the sync point can't be placed anywhere useful).

   For some kinds of file, this mechanism will automatically put sync
points in all the right places, and save you from having to place any
sync points manually. However, it should be stressed that auto-sync
mode is _not_ guaranteed to catch all the sync points, and you may
still have to place some manually.

   Auto-sync mode doesn't prevent you from declaring manual sync
points: it just adds automatically generated ones to the ones you
provide. It's perfectly feasible to specify `-i' _and_ some `-s'
options.

   Another caveat with auto-sync mode is that if, by some unpleasant
fluke, something in your data section should disassemble to a
PC-relative call or jump instruction, NDISASM may obediently place a
sync point in a totally random place, for example in the middle of one
of the instructions in your code section. So you may end up with a
wrong disassembly even if you use auto-sync. Again, there isn't much I
can do about this. If you have problems, you'll have to use manual sync
points, or use the `-k' option (documented below) to suppress
disassembly of the data area.
automatically generated by info2www version 1.2.2.9