I like to pipe commands together, especially when doing malware analysis.
ndisasm is the disassembler of NASM. I like to use it, because it’s a single executable (for major operating systems) and accepts input from stdin.
But there was an issue with Windows versions: stdin was opened in text mode, and not in binary mode. This can result in disassembly errors, like in the following example. I send 7 bytes to ndisasm via stdin, and the 4th byte is 0x1A (CTRL-Z): this is the end-of-file marker for Windows text files:
As can be seen, only the first 3 bytes are disassembled, and all bytes from 0x1A on are ignored.
I filled a bug fix with code the fix the issue, and this was integrated in version 2.15:
Article Link: https://blog.didierstevens.com/2020/07/25/ndisasm-2-15-stdin-bug-fix/