Volume 2A Instruction Set Reference A-M (794101), страница 32
Текст из файла (страница 32)
2AIf a memory operand effective address is outside the CS, DS,ES, FS, or GS segment limit.BTS—Bit Test and SetINSTRUCTION SET REFERENCE, A-M#SSIf a memory operand effective address is outside the SSsegment limit.#PF(fault-code)If a page fault occurs.#AC(0)If alignment checking is enabled and an unaligned memoryreference is made.#UDIf the LOCK prefix is used but the destination is not a memoryoperand.Compatibility Mode ExceptionsSame exceptions as in protected mode.64-Bit Mode Exceptions#SS(0)If a memory address referencing the SS segment is in a noncanonical form.#GP(0)If the memory address is in a non-canonical form.#PF(fault-code)If a page fault occurs.#AC(0)If alignment checking is enabled and an unaligned memoryreference is made while the current privilege level is 3.#UDIf the LOCK prefix is used but the destination is not a memoryoperand.BTS—Bit Test and SetVol.
2A 3-119INSTRUCTION SET REFERENCE, A-MCALL—Call ProcedureOpcodeInstructionOp/En64-bitModeCompat/ DescriptionLeg ModeE8 cwCALL rel16BN.S.ValidCall near, relative,displacement relative tonext instruction.E8 cdCALL rel32BValidValidCall near, relative,displacement relative tonext instruction. 32-bitdisplacement sign extendedto 64-bits in 64-bit mode.FF /2CALL r/m16BN.E.ValidCall near, absolute indirect,address given in r/m16.FF /2CALL r/m32BN.E.ValidCall near, absolute indirect,address given in r/m32.FF /2CALL r/m64BValidN.E.Call near, absolute indirect,address given in r/m64.9A cdCALL ptr16:16AInvalidValidCall far, absolute, addressgiven in operand.9A cpCALL ptr16:32AInvalidValidCall far, absolute, addressgiven in operand.FF /3CALL m16:16BValidValidCall far, absolute indirectaddress given in m16:16.In 32-bit mode: if selectorpoints to a gate, then RIP =32-bit zero extendeddisplacement taken fromgate; else RIP = zeroextended 16-bit offset fromfar pointer referenced inthe instruction.FF /33-120 Vol.
2ACALL m16:32BValidValidIn 64-bit mode: If selectorpoints to a gate, then RIP =64-bit displacement takenfrom gate; else RIP = zeroextended 32-bit offset fromfar pointer referenced inthe instruction.CALL—Call ProcedureINSTRUCTION SET REFERENCE, A-MOpcodeInstructionOp/En64-bitModeCompat/ DescriptionLeg ModeREX.W + FF /3CALL m16:64BValidN.E.In 64-bit mode: If selectorpoints to a gate, then RIP =64-bit displacement takenfrom gate; else RIP = 64-bitoffset from far pointerreferenced in theinstruction.Instruction Operand EncodingOp/EnOperand 1Operand 2Operand 3Operand 4AOffsetNANANABModRM:r/m (r)NANANADescriptionSaves procedure linking information on the stack and branches to the called procedure specified using the target operand.
The target operand specifies the address ofthe first instruction in the called procedure. The operand can be an immediate value,a general-purpose register, or a memory location.This instruction can be used to execute four types of calls:•Near Call — A call to a procedure in the current code segment (the segmentcurrently pointed to by the CS register), sometimes referred to as an intrasegment call.•Far Call — A call to a procedure located in a different segment than the currentcode segment, sometimes referred to as an inter-segment call.•Inter-privilege-level far call — A far call to a procedure in a segment at adifferent privilege level than that of the currently executing program orprocedure.•Task switch — A call to a procedure located in a different task.The latter two call types (inter-privilege-level call and task switch) can only beexecuted in protected mode.
See “Calling Procedures Using Call and RET” in Chapter6 of the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 1,for additional information on near, far, and inter-privilege-level calls. See Chapter 7,“Task Management,” in the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A, for information on performing task switches with theCALL instruction.Near Call. When executing a near call, the processor pushes the value of the EIPregister (which contains the offset of the instruction following the CALL instruction)on the stack (for use later as a return-instruction pointer).
The processor thenCALL—Call ProcedureVol. 2A 3-121INSTRUCTION SET REFERENCE, A-Mbranches to the address in the current code segment specified by the target operand.The target operand specifies either an absolute offset in the code segment (an offsetfrom the base of the code segment) or a relative offset (a signed displacement relative to the current value of the instruction pointer in the EIP register; this valuepoints to the instruction following the CALL instruction).
The CS register is notchanged on near calls.For a near call absolute, an absolute offset is specified indirectly in a general-purposeregister or a memory location (r/m16, r/m32, or r/m64). The operand-size attributedetermines the size of the target operand (16, 32 or 64 bits). When in 64-bit mode,the operand size for near call (and all near branches) is forced to 64-bits. Absoluteoffsets are loaded directly into the EIP(RIP) register. If the operand size attribute is16, the upper two bytes of the EIP register are cleared, resulting in a maximuminstruction pointer size of 16 bits. When accessing an absolute offset indirectly usingthe stack pointer [ESP] as the base register, the base value used is the value of theESP before the instruction executes.A relative offset (rel16 or rel32) is generally specified as a label in assembly code.
Butat the machine code level, it is encoded as a signed, 16- or 32-bit immediate value.This value is added to the value in the EIP(RIP) register. In 64-bit mode the relativeoffset is always a 32-bit immediate value which is sign extended to 64-bits before itis added to the value in the RIP register for the target calculation. As with absoluteoffsets, the operand-size attribute determines the size of the target operand (16, 32,or 64 bits). In 64-bit mode the target operand will always be 64-bits because theoperand size is forced to 64-bits for near branches.Far Calls in Real-Address or Virtual-8086 Mode. When executing a far call in realaddress or virtual-8086 mode, the processor pushes the current value of both the CSand EIP registers on the stack for use as a return-instruction pointer.
The processorthen performs a “far branch” to the code segment and offset specified with the targetoperand for the called procedure. The target operand specifies an absolute faraddress either directly with a pointer (ptr16:16 or ptr16:32) or indirectly with amemory location (m16:16 or m16:32). With the pointer method, the segment andoffset of the called procedure is encoded in the instruction using a 4-byte (16-bitoperand size) or 6-byte (32-bit operand size) far address immediate.
With the indirect method, the target operand specifies a memory location that contains a 4-byte(16-bit operand size) or 6-byte (32-bit operand size) far address. The operand-sizeattribute determines the size of the offset (16 or 32 bits) in the far address. The faraddress is loaded directly into the CS and EIP registers. If the operand-size attributeis 16, the upper two bytes of the EIP register are cleared.Far Calls in Protected Mode.
When the processor is operating in protected mode, theCALL instruction can be used to perform the following types of far calls:•••Far call to the same privilege levelFar call to a different privilege level (inter-privilege level call)Task switch (far call to another task)In protected mode, the processor always uses the segment selector part of the faraddress to access the corresponding descriptor in the GDT or LDT. The descriptor3-122 Vol. 2ACALL—Call ProcedureINSTRUCTION SET REFERENCE, A-Mtype (code segment, call gate, task gate, or TSS) and access rights determine thetype of call operation to be performed.If the selected descriptor is for a code segment, a far call to a code segment at thesame privilege level is performed.
(If the selected code segment is at a different privilege level and the code segment is non-conforming, a general-protection exceptionis generated.) A far call to the same privilege level in protected mode is very similarto one carried out in real-address or virtual-8086 mode. The target operand specifiesan absolute far address either directly with a pointer (ptr16:16 or ptr16:32) or indirectly with a memory location (m16:16 or m16:32). The operand- size attributedetermines the size of the offset (16 or 32 bits) in the far address. The new codesegment selector and its descriptor are loaded into CS register; the offset from theinstruction is loaded into the EIP register.A call gate (described in the next paragraph) can also be used to perform a far call toa code segment at the same privilege level.
Using this mechanism provides an extralevel of indirection and is the preferred method of making calls between 16-bit and32-bit code segments.When executing an inter-privilege-level far call, the code segment for the procedurebeing called must be accessed through a call gate. The segment selector specified bythe target operand identifies the call gate. The target operand can specify the callgate segment selector either directly with a pointer (ptr16:16 or ptr16:32) or indirectly with a memory location (m16:16 or m16:32). The processor obtains thesegment selector for the new code segment and the new instruction pointer (offset)from the call gate descriptor.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
