Supported on windows
Supported on linux
Supported on embedded
Supported on android

disassemble command

Disassembles a specified function or a function fragment.

Syntax

disassemble
disassemble [Function]
disassemble [Address]
disassemble [Start],[End]
disassemble [Function],+[Length]
disassemble [Address],+[Length]
disassemble /m [...]
disassemble /r [...]

Parameters

Function
Specifies the function to disassemble. If specified, the disassemble command will produce the disassembly output of the entire function.
Address
Specifies the address inside a function to disassemble. Note that when only one address is specified, this command will disassemble the entire function that includes the given address, including the instructions above it.
Start/End
Specifies starting and ending addresses to disassemble. If this form is used, the command won't disassemble the entire function, but only the instructions between the starting and ending addresses.
Length
Specifies the amount of bytes to disassemble starting from the given address or function.
/m
When this option is specified, the disassemble command will show the source lines that correspond to the disassembled instructions.
/r
When this option is specified, the disassemble command will show the raw byte values of all disassembled instructions.

Remarks

The default disassembly style used by GDB is the AT&T style (e.g. mov 0xc(%ebp),%eax) that can be confusing for Windows users. To switch to the Intel disassembly style (e.g. mov eax, DWORD PTR [ebp+0xc]) use the set disassembly-flavor command.

Note that the disassemble command only works for the code inside functions. If you want to disassemble memory outside any known function, use the x/i variant of the x command.

Examples

We will show several examples of the disassemble command based on the following example:

int func(int a, int b)
{
    return a + b;
}

int main()
{
    return func(1, 2);
}

We will compile this file without optimization and run several variants of the disassemble command to display the contents of both functions.

(gdb) break main
Breakpoint 1 at 0x8048400: file test.c, line 8.
(gdb) run
Starting program: /home/bazis/test

Breakpoint 1, main () at test.c:8
8 return func(1, 2);
(gdb) disassemble
Dump of assembler code for function main:
0x080483fa <+0>: push %ebp
0x080483fb <+1>: mov %esp,%ebp
0x080483fd <+3>: sub $0x8,%esp
=> 0x08048400 <+6>: movl $0x2,0x4(%esp)
0x08048408 <+14>: movl $0x1,(%esp)
0x0804840f <+21>: call 0x80483ed <func>
0x08048414 <+26>: leave
0x08048415 <+27>: ret
End of assembler dump.
(gdb) disassemble func
Dump of assembler code for function func:
0x080483ed <+0>: push %ebp
0x080483ee <+1>: mov %esp,%ebp
0x080483f0 <+3>: mov 0xc(%ebp),%eax
0x080483f3 <+6>: mov 0x8(%ebp),%edx
0x080483f6 <+9>: add %edx,%eax
0x080483f8 <+11>: pop %ebp
0x080483f9 <+12>: ret
End of assembler dump.
(gdb) disassemble func,+6
Dump of assembler code from 0x80483ed to 0x80483f3:
0x080483ed <func+0>: push %ebp
0x080483ee <func+1>: mov %esp,%ebp
0x080483f0 <func+3>: mov 0xc(%ebp),%eax
End of assembler dump.
(gdb) disassemble func+3,func+7
Dump of assembler code from 0x80483f0 to 0x80483f4:
0x080483f0 <func+3>: mov 0xc(%ebp),%eax
0x080483f3 <func+6>: mov 0x8(%ebp),%edx
End of assembler dump.
(gdb) disassemble 0x80483f0
Dump of assembler code for function func:
0x080483ed <+0>: push %ebp
0x080483ee <+1>: mov %esp,%ebp
0x080483f0 <+3>: mov 0xc(%ebp),%eax
0x080483f3 <+6>: mov 0x8(%ebp),%edx
0x080483f6 <+9>: add %edx,%eax
0x080483f8 <+11>: pop %ebp
0x080483f9 <+12>: ret
End of assembler dump.
(gdb) disassemble /m func
Dump of assembler code for function func:
2 {
0x080483ed <+0>: push %ebp
0x080483ee <+1>: mov %esp,%ebp

3 return a + b;
0x080483f0 <+3>: mov 0xc(%ebp),%eax
0x080483f3 <+6>: mov 0x8(%ebp),%edx
0x080483f6 <+9>: add %edx,%eax

4 }
0x080483f8 <+11>: pop %ebp
0x080483f9 <+12>: ret

End of assembler dump.
(gdb) disassemble /r func
Dump of assembler code for function func:
0x080483ed <+0>: 55 push %ebp
0x080483ee <+1>: 89 e5 mov %esp,%ebp
0x080483f0 <+3>: 8b 45 0c mov 0xc(%ebp),%eax
0x080483f3 <+6>: 8b 55 08 mov 0x8(%ebp),%edx
0x080483f6 <+9>: 01 d0 add %edx,%eax
0x080483f8 <+11>: 5d pop %ebp
0x080483f9 <+12>: c3 ret
End of assembler dump.

Common errors

If you try using the disassemble command to disassemble code outside any known function, it will fail. Instead use the x/i command. Here's an example of disassembling a buffer containing a copy of a function:

(gdb) start
Temporary breakpoint 1 at 0x8048463: file test2.c, line 8.
Starting program: /home/bazis/test2

Temporary breakpoint 1, main () at test2.c:8
8 void *pCopyOfFunction = malloc(512);
(gdb) next
9 memcpy(pCopyOfFunction, func, 512);
(gdb) next
10 return func(1, 2);
(gdb) disassemble pCopyOfFunction
No function contains specified address.
(gdb) x/5i pCopyOfFunction
0x804b008: push %ebp
0x804b009: mov %esp,%ebp
0x804b00b: mov 0xc(%ebp),%eax
0x804b00e: mov 0x8(%ebp),%edx
0x804b011: add %edx,%eax

Compatibility with VisualGDB

It is recommended to use the Debug->Windows->Disassembly window in Visual Studio instead of using the disassemble command explicitly. VisualGDB will issue the disassemble command automatically, parse its output and display it in a user-friendly way. Nonetheless you can run this command manually via the GDB Session window.

See also

Disassembly-related commands

,

set disassemble-next-line

,

set disassembly-flavor