How to disassemble a system call

Question

If I have the virtual address of system call, can I disassemble that system call? I want to do it on running kernel to find what all address are handled by the particular sy

Answer 1

I am not sure you question is very meaningful.

Please read more about system calls, kernels, operating systems, linux, and the linux kernel

Essentially, a system call is (from the application point of view) an atomic operation implemented by one machine instruction (int 0x80, syscall, etc.) with a few book-keeping instructions before (e.g. loading the system call arguments to registers) and after (e.g. setting errno). When it happens, control goes into the kernel, with a (sort-of) different address space and a different protection ring; here is the list of linux syscalls

The real code doing the system call is inside the kernel. You can get the Linux kernel code on kernel.org

See also the Linux Assembly Howto and asm.sourceforge.net

To understand what system calls a given application or process is doing, use strace