-h

Causes ndisasm to exit immediately, after giving a summary of its invocation options.

-r

Causes ndisasm to exit immediately, after displaying its version number.

-o origin

Specifies the notional load address for the file. This option causes ndisasm to get the addresses it lists down the left hand margin, and the target addresses of PC-relative jumps and calls, right.

-s sync-point

Manually specifies a synchronisation address, such that ndisasm will not output any machine instruction which encompasses bytes on both sides of the address. Hence the instruction which starts at that address will be correctly disassembled.

-e hdrlen

Specifies a number of bytes to discard from the beginning of the file before starting disassembly. This does not count towards the calculation of the disassembly offset: the first disassembled instruction will be shown starting at the given load address.

-k offset,length

Specifies that length bytes, starting from disassembly offset offset, should be skipped over without generating any output. The skipped bytes still count towards the calculation of the disassembly offset.

-a or -i

Enables automatic (or intelligent) sync mode, in which ndisasm will attempt to guess where synchronisation should be performed, by means of examining the target addresses of the relative jumps and calls it disassembles.

-b bits

Specifies either 16-bit or 32-bit mode. The default is 16-bit mode.

-u

Specifies 32-bit mode, more compactly than using `-b 32'.

-p vendor

Prefers instructions as defined by vendor in case of a conflict. Known vendor names include intel, amd, cyrix, and idt. The default is intel.

Auto-sync mode won't necessarily cure all your synchronisation problems: a sync marker can only be placed automatically if a jump or call instruction is found to refer to it before ndisasm actually disassembles that part of the code. Also, if spurious jumps or calls result from disassembling non-machine-code data, sync markers may get placed in strange places. Feel free to turn auto-sync off and go back to doing it manually if necessary.

ndisasm can only keep track of 8192 sync markers internally at once: this is to do with portability, since DOS machines don't take kindly to more than 64K being allocated at a time.