                CALL—Call Procedure

Saves procedure linking information on the stack and branches to the called procedure specified using the target
operand. The target operand specifies the address of the first instruction in the called procedure. The operand can
be an immediate value, a general-purpose register, or a memory location.
This instruction can be used to execute four types of calls:
• Near Call — A call to a procedure in the current code segment (the segment currently pointed to by the CS
register), sometimes referred to as an intra-segment call.
• Far Call — A call to a procedure located in a different segment than the current code segment, sometimes
referred to as an inter-segment call.
• Inter-privilege-level far call — A far call to a procedure in a segment at a different privilege level than that
of the currently executing program or procedure.
• Task switch — A call to a procedure located in a different task.
• Near Call——在当前代码段(目前由CS寄存器指向的段)中的一个过程调用,有时称为段内调用。
• Far Call——调用的过程位于与当前的代码段不同的段,有时称为段间调用。
• 提权far call——调用与当前特权级不同的段内的过程。
• 任务切换——对位于不同任务中的程序的调用。

The latter two call types (inter-privilege-level call and task switch) can only be executed in protected mode. See
“Calling Procedures Using Call and RET” in Chapter 6 of the Intel® 64 and IA-32 Architectures Software Developer’s
Manual, Volume 1, for additional information on near, far, and inter-privilege-level calls. See Chapter 7,“Task Management,”
in the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A, for information on performing task switches
with the CALL instruction.
后两种调用类型(提权调用和任务切换)只能在保护模式下执行。在Intel 64和ia-32架构软件开发人员手册的第6章中,请参阅“使用CALL和RET调用过程”,以获得关于近、远和权限级别调用的额外信息。请参阅第7章“任务管理”,在Intel 64和ia-32架构软件开发人员的手册卷3A中,以获得执行任务开关的信息。

Far Calls in Protected Mode. When the processor is operating in protected mode, the CALL instruction can be used to
perform the following types of far calls:
• Far call to the same privilege level
• Far call to a different privilege level (inter-privilege level call)
• Task switch (far call to another task)
保护模式下FAR Call.当处理器在保护模式下运行时,CALL指令可用于执行以下类型的远调用:
• 相同特权级别的远调用
• 不同特权级别的远调用(提权调用)
• 任务切换(到另一个任务)

In protected mode, the processor always uses the segment selector part of the far address to access the corresponding
descriptor in the GDT or LDT. The descriptor type (code segment, call gate, task gate, or TSS) and access
rights determine the type of call operation to be performed.

If the selected descriptor is for a code segment, a far call to a code segment at the same privilege level is
performed. (If the selected code segment is at a different privilege level and the code segment is non-conforming,
a general-protection exception is generated.) A far call to the same privilege level in protected mode is very similar
to one carried out in real-address or virtual-8086 mode. The target operand specifies an absolute far address either
directly with a pointer (ptr16:16 or ptr16:32) or indirectly with a memory location (m16:16 or m16:32). The
operand- size attribute determines the size of the offset (16 or 32 bits) in the far address. The new code segment
selector and its descriptor are loaded into CS register; the offset from the instruction is loaded into the EIP register.

A call gate (described in the next paragraph) can also be used to perform a far call to a code segment at the same
privilege level. Using this mechanism provides an extra level of indirection and is the preferred method of making
calls between 16-bit and 32-bit code segments.

When executing an inter-privilege-level far call, the code segment for the procedure being called must be accessed
through a call gate. The segment selector specified by the target operand identifies the call gate. The target
operand can specify the call gate segment selector either directly with a pointer (ptr16:16 or ptr16:32) or indirectly
with a memory location (m16:16 or m16:32). The processor obtains the segment selector for the new code
segment and the new instruction pointer (offset) from the call gate descriptor. (The offset from the target operand
is ignored when a call gate is used.)

On inter-privilege-level calls, the processor switches to the stack for the privilege level of the called procedure. The
segment selector for the new stack segment is specified in the TSS for the currently running task. The branch to
the new code segment occurs after the stack switch. (Note that when using a call gate to perform a far call to a
segment at the same privilege level, no stack switch occurs.) On the new stack, the processor pushes the segment
selector and stack pointer for the calling procedure’s stack, an optional set of parameters from the calling procedures
stack, and the segment selector and instruction pointer for the calling procedure’s code segment. (A value in
the call gate descriptor determines how many parameters to copy to the new stack.) Finally, the processor
branches to the address of the procedure being called within the new code segment.

Executing a task switch with the CALL instruction is similar to executing a call through a call gate. The target
operand specifies the segment selector of the task gate for the new task activated by the switch (the offset in the
target operand is ignored). The task gate in turn points to the TSS for the new task, which contains the segment
selectors for the task’s code and stack segments. Note that the TSS also contains the EIP value for the next instruction
that was to be executed before the calling task was suspended. This instruction pointer value is loaded into the
EIP register to re-start the calling task.

The CALL instruction can also specify the segment selector of the TSS directly, which eliminates the indirection of
the task gate. See Chapter 7, “Task Management,” in the Intel® 64 and IA-32 Architectures Software Developer’s
Manual, Volume 3A, for information on the mechanics of a task switch.
CALL指令还可以直接指定TSS的段选择器,从而消除了任务门的间接作用。详情参见Intel 64和ia-32架构软件开发人员的手册3A卷第7章,“任务管理”,有关任务切换的相关内容。

When you execute at task switch with a CALL instruction, the nested task flag (NT) is set in the EFLAGS register and
the new TSS’s previous task link field is loaded with the old task’s TSS selector. Code is expected to suspend this
nested task by executing an IRET instruction which, because the NT flag is set, automatically uses the previous
task link to return to the calling task. (See “Task Linking” in Chapter 7 of the Intel® 64 and IA-32 Architectures
Software Developer’s Manual, Volume 3A, for information on nested tasks.) Switching tasks with the CALL instruction
differs in this regard from JMP instruction. JMP does not set the NT flag and therefore does not expect an IRET
instruction to suspend the task.
当您使用CALL指令执行任务切换时,嵌套的任务标志(NT)将在EFLAGS寄存器中设置,新的TSS之前的任务链接字段被加载到旧任务的TSS选择器中。因为设置了NT标志,处理器可以通过执行IRET指令暂停当前嵌套任务,通过之前任务链接返回到调用任务。(请参阅Intel 64和ia-32架构软件开发人员的手册3A卷中“任务链接”,获取有关嵌套任务的信息。)使用Call指令切换任务与JMP指令不同。JMP不设置NT标志,因此不能通过IRET指令暂停嵌套任务。

