Search code examples
assemblyx86disassemblyattobjdump

Make objdump use an operand-size suffix like l on every mnemonic, even when it's not ambiguous?

Today, I found out about using objdump in Linux to find the disassembled code of programs in At&t syntax. While using objdump, the disassembled code looked fine but lacked the 'l' ending after the mnemonic (It should be "movl" not "mov"). Is there any way I can configure objdump to fix this issue?

The current disassembled program generated:


stuff:     file format elf32-i386


Disassembly of section .text:

08049000 <_start>:
 8049000:   eb 00                   jmp    8049002 <print_stuff>

08049002 <print_stuff>:
 8049002:   b8 04 00 00 00          mov    $0x4,%eax
 8049007:   bb 01 00 00 00          mov    $0x1,%ebx
 804900c:   b9 05 00 00 00          mov    $0x5,%ecx
 8049011:   ba 0b 00 00 00          mov    $0xb,%edx
 8049016:   cd 80                   int    $0x80
 8049018:   eb 00                   jmp    804901a <end_program>

0804901a <end_program>:
 804901a:   b8 01 00 00 00          mov    $0x1,%eax
 804901f:   bb 05 00 00 00          mov    $0x5,%ebx
 8049024:   cd 80                   int    $0x80

What I want it to look like:


stuff:     file format elf32-i386


Disassembly of section .text:

08049000 <_start>:
 8049000:   eb 00                   jmp     8049002 <print_stuff>

08049002 <print_stuff>:
 8049002:   b8 04 00 00 00          movl    $0x4,%eax
 8049007:   bb 01 00 00 00          movl    $0x1,%ebx
 804900c:   b9 05 00 00 00          movl    $0x5,%ecx
 8049011:   ba 0b 00 00 00          movl    $0xb,%edx
 8049016:   cd 80                   int     $0x80
 8049018:   eb 00                   jmp     804901a <end_program>

0804901a <end_program>:
 804901a:   b8 01 00 00 00          movl    $0x1,%eax
 804901f:   bb 05 00 00 00          movl    $0x5,%ebx
 8049024:   cd 80                   int     $0x80
Solution

  • To clutter your output with redundant suffixes even when it's implied by a register operand, use

    objdump -d -M suffix  foo

    From the objdump(1) man page:

    "suffix"
    When in AT&T mode and also for a limited set of instructions when in Intel mode, instructs the disassembler to print a mnemonic suffix even when the suffix could be inferred by the operands or, for certain instructions, the execution mode's defaults.

    BTW, the "limited subset of Intel syntax" includes instructions like relative jmp rel32, e.g.

    $ objdump -d -M intel /bin/ls
   ...
    436e:       e9 12 fe ff ff          jmp    4185 <__cxa_atexit@plt+0x155>

$ objdump -d -M intel,suffix /bin/ls
   ...
    436e:       e9 12 fe ff ff          jmpq   4185 <__cxa_atexit@plt+0x155>

    (Related: What is callq instruction? - objdump -Mintel prints callq / retq even without the suffix option.)

    The intel-syntax effect doesn't include instructions like add or mov or even movzx. With a memory operand, they'd explicitly indicate size as qword ptr [rdi] for example, and objdump does always include that even when it's implied by the other operand.