3-54
INSTRUCTION SET REFERENCE
CALLCall Procedure (Continued)
For a near call, an absolute offset is specified indirectly in a general-purpose register or a
memory location (r/m16 or r/m32). The operand-size attribute determines the size of the target
operand (16 or 32 bits). Absolute offsets are loaded directly into the EIP register. If the operand-
size attribute is 16, the upper two bytes of the EIP register are cleared to 0s, resulting in a
maximum instruction pointer size of 16 bits. (When accessing an absolute offset indirectly using
the stack pointer [ESP] as a base register, the base value used is the value of the ESP before the
instruction executes.)
A relative offset (rel16 or rel32) is generally specified as a label in assembly code, but at the
machine code level, it is encoded as a signed, 16- or 32-bit immediate value. This value is added
to the value in the EIP register. As with absolute offsets, the operand-size attribute determines
the size of the target operand (16 or 32 bits).
Far Calls in Real-Address or Virtual-8086 Mode.
When executing a far call in real-
address or virtual-8086 mode, the processor pushes the current value of both the CS and EIP
registers onto the stack for use as a return-instruction pointer. The processor then performs a far
branch to the code segment and offset specified with the target operand for the called proce-
dure. Here the target operand specifies an absolute far address either directly with a pointer
(ptr16:16 or ptr16:32) or indirectly with a memory location (m16:16 or m16:32). With the
pointer method, the segment and offset of the called procedure is encoded in the instruction,
using a 4-byte (16-bit operand size) or 6-byte (32-bit operand size) far address immediate. With
the indirect method, the target operand specifies a memory location that contains a 4-byte (16-bit
operand size) or 6-byte (32-bit operand size) far address. The operand-size attribute determines
the size of the offset (16 or 32 bits) in the far address. The far address is loaded directly into the
CS and EIP registers. If the operand-size attribute is 16, the upper two bytes of the EIP register
are cleared to 0s.
Far Calls in Protected Mode.
When the processor is operating in protected mode, the CALL
instruction can be used to perform the following three types of far calls:
Far call to the same privilege level.
Far call to a different privilege level (inter-privilege level call).
Task switch (far call to another task).
In protected mode, the processor always uses the segment selector part of the far address to
access the corresponding descriptor in the GDT or LDT. The descriptor type (code segment, call
gate, task gate, or TSS) and access rights determine the type of call operation to be performed.
If the selected descriptor is for a code segment, a far call to a code segment at the same privilege
level is performed. (If the selected code segment is at a different privilege level and the code
segment is non-conforming, a general-protection exception is generated.) A far call to the same
privilege level in protected mode is very similar to one carried out in real-address or virtual-8086
mode. The target operand specifies an absolute far address either directly with a pointer
(ptr16:16 or ptr16:32) or indirectly with a memory location (m16:16 or m16:32). The operand-
size attribute determines the size of the offset (16 or 32 bits) in the far address. The new code
segment selector and its descriptor are loaded into CS register, and the offset from the instruction
is loaded into the EIP register.
