What format crash utility's disassembler uses to output assembly instructions?

Question

Crash utility can disassemble kernel functions. but what format it uses? Which is first, source or destination?

inst src, dist

or

inst dist, src

This is what I am asking about:

crash> dis sys_signal
0xc0112c88 <sys_signal>:        push   %ebp
0xc0112c89 <sys_signal+1>:      mov    %esp,%ebp
0xc0112c8b <sys_signal+3>:      sub    $0x28,%esp
0xc0112c8e <sys_signal+6>:      mov    0xc(%ebp),%eax
0xc0112c91 <sys_signal+9>:      mov    %eax,0xffffffec(%ebp)
0xc0112c94 <sys_signal+12>:     movl   $0xc0000000,0xfffffff0(%ebp)
0xc0112c9b <sys_signal+19>:     lea    0xffffffd8(%ebp),%eax

score 2 · Answer 1 · answered Jan 04 '19 at 22:15

The disassembler generates AT&T syntax assembly code, which puts the source first, destination last. (Intel syntax does the opposite, and you can distinguish them based on usage of sigils like % and $ all over the place.)

AT&T: mov %srcreg,%dstreg
Intel: mov dstreg, srcreg

More information:

https://imada.sdu.dk/Employees/kslarsen-bak/Courses/dm18-2007-spring/Litteratur/IntelnATT.htm

What format crash utility's disassembler uses to output assembly instructions?

1 Answers1