Normally, Gnu tools use AT&T syntax. You can tell that it is AT&T syntax by the presence of little symbols, like the $ preceding literals, and the % preceding registers. For example, this instruction:
sub $16, %rax
is obviously using AT&T syntax. It subtracts 16 from the value in the rax register, and stores the result back in rax.
In AT&T syntax, the destination operand is on the right:
insn source, destination # AT&T syntax
There is also Intel syntax. This is ubiquitous on Windows platforms, and usually also available as an option for Gnu/Linux tools. Intel syntax is unadorned—e.g.:
sub rax, 16
which is the same as the AT&T instruction above—it subtracts 16 from the value in the rax register, and stores the result back in the rax register.
In Intel syntax, the destination operand is always on the left:
insn destination, source ; Intel syntax
To be absolutely certain of which version you've got, you'd need to check the settings for your disassembler/debugger and see what syntax it is configured to use, but it's usually dead-simple to tell at a glance just by looking to see if the symbolic adornments are there (a dead give-away for AT&T syntax).
Summary:
- If the registers have a
% prefix → AT&T syntax → src, dst order.
- Otherwise, unadorned registers → Intel syntax →
dst, src order.
If you've somehow ended up looking at code that doesn't use any registers (???), another good heuristic clue is that Intel syntax will prepend size specifiers (like DWORD, QWORD, and BYTE) to the associated operand, whereas AT&T syntax will append a suffix (l, q, b, etc.) to the instruction mnemonic itself.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
