There are 2 syntaxes that mainly used in reverse engineering. Intel and ATT. First I thought ATT was hard to read and Intel was a clean assembly syntax. But I was wrong. ATT reduces the time and abstraction by little changes in the code that It’ll be easier for humans to read. This will be a small article how to read or what is changed in ATT.
To reverse a binary in ATT syntax we have to configure radare. First load the binary file to decompile by
$ r2 -d binaryname
Then analyze the file first.
>afl Then run the command for changing the syntax >e asm.syntax=att
ATT syntax 
Intel syntax
We can see in addition to intel syntax mov,push there is a extra character in the end like movl,pushq.
What does that mean ? well if we see the full syntax of a one line in intel syntax mov qword [local_18h],rax and then the same line in ATT syntax movq %rax,local_18h.
- First mov qword is turned into movq
- In intel syntax
mov size Destination,Sourceand inmov{size letter} Source,Destination - And also transferring constants(which are prefixed using the $ operator) e.g.
movq $3 raxwould move the constant 3 to the register in Intel its just the constant.
Suffixes for data types
| Intel Data Type | ATT Suffix | Size in bytes |
| Byte | b | 1 |
| Word | w | 2 |
| Double Word | l | 4 |
| Quad Word | q | 8 |
| Single Precision | s | 4 |
| Double Precision | l | 8 |
Some instructions in ATT syntax
leaq source, destination: this instruction sets destination to the address denoted by the expression in sourceaddq source, destination: destination = destination + sourcesubq source, destination: destination = destination – sourceimulq source, destination: destination = destination * sourcesalq source, destination: destination = destination << source where << is the left bit shifting operatorsarq source, destination: destination = destination >> source where >> is the right bit shifting operatorxorq source, destination: destination = destination XOR sourceandq source, destination: destination = destination & sourceorq source, destination: destination = destination | source
Jump instructions and testing for values
As you know there is no fancy if statements in assembly but testing and comparing values of variables. There are 2 instructions that does this.
cmpq source2, source1: it is like computing a-b without return the valuetestq source2, source1: it is like computing a&b without returning the value
Jump values are used to control the flow of the program just like if conditions does.
| Jump Type | Description |
| jmp | Unconditional Jump, jump forcefully |
| je | Equal/Zero, Jump if equal |
| jne | Not Equal/Not Zero , Above but not equal |
| js | Negative |
| jns | Nonnegative |
| jg | Greater |
| jge | Greater or Equal |
| jl | Less |
| jle | Less or Equal |
| ja | Above(unsigned) |
| jb | Below(unsigned) |
This is the End!
Sala's Blog 