If I have the virtual address of system call, can I disassemble that system call? I want to do it on running kernel to find what all address are handled by the particular system call while running.
I am running 32 bit 2.6.38 kernel (x86).
I am not sure you question is very meaningful.
Please read more about system calls, kernels, operating systems, linux, and the linux kernel
Essentially, a system call is (from the application point of view) an atomic operation implemented by one machine instruction (int 0x80, syscall, etc.) with a few book-keeping instructions before (e.g. loading the system call arguments to registers) and after (e.g. setting errno). When it happens, control goes into the kernel, with a (sort-of) different address space and a different protection ring; here is the list of linux syscalls
The real code doing the system call is inside the kernel. You can get the Linux kernel code on kernel.org
See also the Linux Assembly Howto and asm.sourceforge.net
To understand what system calls a given application or process is doing, use strace
来源:https://stackoverflow.com/questions/8501828/how-to-disassemble-a-system-call