【原创】保护模式CALL指令-远跳转相关翻译资料（1）-跳转说明

兰陵月

                CALL—Call Procedure

Description
Saves procedure linking information on the stack and branches to the called procedure specified using the target
operand. The target operand specifies the address of the first instruction in the called procedure. The operand can
be an immediate value, a general-purpose register, or a memory location.
This instruction can be used to execute four types of calls:
• Near Call — A call to a procedure in the current code segment (the segment currently pointed to by the CS
register), sometimes referred to as an intra-segment call.
• Far Call — A call to a procedure located in a different segment than the current code segment, sometimes
referred to as an inter-segment call.
• Inter-privilege-level far call — A far call to a procedure in a segment at a different privilege level than that
of the currently executing program or procedure.
• Task switch — A call to a procedure located in a different task.
在堆栈中保存过程链接信息，并转移到目标操作数指向的过程。目标操作数指向被调用过程的第一条指令。操作数可以是一个立即数，或者一个通用寄存器，或者一个内存地址。
该指令可用于执行四种类型的调用:
• Near Call——在当前代码段(目前由CS寄存器指向的段)中的一个过程调用，有时称为段内调用。
• Far Call——调用的过程位于与当前的代码段不同的段，有时称为段间调用。
• 提权far call——调用与当前特权级不同的段内的过程。
• 任务切换——对位于不同任务中的程序的调用。

The latter two call types (inter-privilege-level call and task switch) can only be executed in protected mode. See
“Calling Procedures Using Call and RET” in Chapter 6 of the Intel® 64 and IA-32 Architectures Software Developer’s
Manual, Volume 1, for additional information on near, far, and inter-privilege-level calls. See Chapter 7,“Task Management,”
in the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A, for information on performing task switches
with the CALL instruction.
后两种调用类型(提权调用和任务切换)只能在保护模式下执行。在Intel 64和ia-32架构软件开发人员手册的第6章中，请参阅“使用CALL和RET调用过程”，以获得关于近、远和权限级别调用的额外信息。请参阅第7章“任务管理”，在Intel 64和ia-32架构软件开发人员的手册卷3A中，以获得执行任务开关的信息。

Far Calls in Protected Mode. When the processor is operating in protected mode, the CALL instruction can be used to
perform the following types of far calls:
• Far call to the same privilege level
• Far call to a different privilege level (inter-privilege level call)
• Task switch (far call to another task)
保护模式下FAR Call.当处理器在保护模式下运行时，CALL指令可用于执行以下类型的远调用:
• 相同特权级别的远调用
• 不同特权级别的远调用（提权调用）
• 任务切换(到另一个任务)

In protected mode, the processor always uses the segment selector part of the far address to access the corresponding
descriptor in the GDT or LDT. The descriptor type (code segment, call gate, task gate, or TSS) and access
rights determine the type of call operation to be performed.
在保护模式下，处理器总是使用远地址段选择子部分来访问GDT或LDT中相应的描述符。描述符类型(代码段、调用门、任务门或TSS)和访问权限决定要执行的调用操作的类型。

If the selected descriptor is for a code segment, a far call to a code segment at the same privilege level is
performed. (If the selected code segment is at a different privilege level and the code segment is non-conforming,
a general-protection exception is generated.) A far call to the same privilege level in protected mode is very similar
to one carried out in real-address or virtual-8086 mode. The target operand specifies an absolute far address either
directly with a pointer (ptr16:16 or ptr16:32) or indirectly with a memory location (m16:16 or m16:32). The
operand- size attribute determines the size of the offset (16 or 32 bits) in the far address. The new code segment
selector and its descriptor are loaded into CS register; the offset from the instruction is loaded into the EIP register.
如果所选的描述符是用于代码段的，那么只能在相同的特权级别上对代码段进行远调用。(如果所选的代码段处于不同的特权级别，而代码段是非一致代码段，则会发生通用保护异常。)保护模式下远程跳转到相同特权级别代码，跟实模式或虚拟8086模式下执行一样。目标操作数指向一个绝对远地址，可以是直接使用一个地址指针数值(ptr16:16或ptr16:32)，也可以是间接地使用一个内存地址(m16:16或m16:32)。默认操作尺寸（16位或者32位）决定在远地址中的偏移量是16位还是32位。新代码段选择子和它对应的描述符被加载到CS寄存器中（译者添加：描述符会被加载到CS寄存器的不可见部分-即CS描述符高速缓存器中），指令中的偏移量（偏移地址）被加载到EIP寄存器中。

A call gate (described in the next paragraph) can also be used to perform a far call to a code segment at the same
privilege level. Using this mechanism provides an extra level of indirection and is the preferred method of making
calls between 16-bit and 32-bit code segments.
调用门（在下一段中讲述）也可以被用于在相同权限级别的代码段进行远调用。使用这种机制提供了一个额外的间接的，并且是在16位和32位代码段之间进行跳转的首选方法。

When executing an inter-privilege-level far call, the code segment for the procedure being called must be accessed
through a call gate. The segment selector specified by the target operand identifies the call gate. The target
operand can specify the call gate segment selector either directly with a pointer (ptr16:16 or ptr16:32) or indirectly
with a memory location (m16:16 or m16:32). The processor obtains the segment selector for the new code
segment and the new instruction pointer (offset) from the call gate descriptor. (The offset from the target operand
is ignored when a call gate is used.)
当执行一个跨权限级别的远调用时，需要调用的过程的代码段必须通过一个调用门来访问。由目标操作数指定的段选择子标识调用门。目标操作数提供调用门选择子，可以采用直接使用一个地址指针数值(ptr16:16或ptr16:32)的方式，也可以采用间接地使用一个内存地址(m16:16或m16:32)的方式。处理器从调用门描述符中获取被调用的目标过程所在代码段的段选择子，以及指向被调用的目标过程的指令指针值（偏移量）。(当使用调用门时，将忽略指令call中提供的操作数中的偏移量。)

On inter-privilege-level calls, the processor switches to the stack for the privilege level of the called procedure. The
segment selector for the new stack segment is specified in the TSS for the currently running task. The branch to
the new code segment occurs after the stack switch. (Note that when using a call gate to perform a far call to a
segment at the same privilege level, no stack switch occurs.) On the new stack, the processor pushes the segment
selector and stack pointer for the calling procedure’s stack, an optional set of parameters from the calling procedures
stack, and the segment selector and instruction pointer for the calling procedure’s code segment. (A value in
the call gate descriptor determines how many parameters to copy to the new stack.) Finally, the processor
branches to the address of the procedure being called within the new code segment.
在跨特权级调用中，处理器要将堆栈切换到被调用程序的特权级别。新堆栈段的段选择子在当前运行任务的TSS中指定。堆栈切换之后，再转移到目标代码段执行。(注意，在使用调用门对同一权限级别的段进行远调用时，不会发生堆栈切换。)在新堆栈中，处理器将依次压入当前代码段使用的栈段选择子和栈指针调用、过程参数（可选）、当前代码段的段选择子和指令指针EIP的值。(调用门描述符中的有一个值[译者添加：实际就是调用门描述符高32位中的第4位到第0位]决定了要将多少个参数复制到新堆栈中。)最后，处理器转移到目标代码段中被调用的过程的地址。

Executing a task switch with the CALL instruction is similar to executing a call through a call gate. The target
operand specifies the segment selector of the task gate for the new task activated by the switch (the offset in the
target operand is ignored). The task gate in turn points to the TSS for the new task, which contains the segment
selectors for the task’s code and stack segments. Note that the TSS also contains the EIP value for the next instruction
that was to be executed before the calling task was suspended. This instruction pointer value is loaded into the
EIP register to re-start the calling task.
使用Call指令执行任务切换与通过调用门执行调用类似。目标操作数中的段选择子指定要切换到的目标任务的任务门的段选择子(目标操作数的偏移被忽略)。任务门指向目标任务的TSS，TSS包含了目标任务代码段和堆栈段的段选择子。注意，TSS还包含了任务被挂起之前下一条准备执行的指令EIP值。当任务又开始再次执行时，这个指令指针EIP值将被加载到EIP寄存器，从这条指令处继续开始执行。

The CALL instruction can also specify the segment selector of the TSS directly, which eliminates the indirection of
the task gate. See Chapter 7, “Task Management,” in the Intel® 64 and IA-32 Architectures Software Developer’s
Manual, Volume 3A, for information on the mechanics of a task switch.
CALL指令还可以直接指定TSS的段选择器，从而消除了任务门的间接作用。详情参见Intel 64和ia-32架构软件开发人员的手册3A卷第7章，“任务管理”，有关任务切换的相关内容。

When you execute at task switch with a CALL instruction, the nested task flag (NT) is set in the EFLAGS register and
the new TSS’s previous task link field is loaded with the old task’s TSS selector. Code is expected to suspend this
nested task by executing an IRET instruction which, because the NT flag is set, automatically uses the previous
task link to return to the calling task. (See “Task Linking” in Chapter 7 of the Intel® 64 and IA-32 Architectures
Software Developer’s Manual, Volume 3A, for information on nested tasks.) Switching tasks with the CALL instruction
differs in this regard from JMP instruction. JMP does not set the NT flag and therefore does not expect an IRET
instruction to suspend the task.
当您使用CALL指令执行任务切换时，嵌套的任务标志(NT)将在EFLAGS寄存器中设置，新的TSS之前的任务链接字段被加载到旧任务的TSS选择器中。因为设置了NT标志，处理器可以通过执行IRET指令暂停当前嵌套任务，通过之前任务链接返回到调用任务。(请参阅Intel 64和ia-32架构软件开发人员的手册3A卷中“任务链接”，获取有关嵌套任务的信息。)使用Call指令切换任务与JMP指令不同。JMP不设置NT标志，因此不能通过IRET指令暂停嵌套任务。

兰陵月

@人造人

人造人

兰陵月 发表于 2017-12-24 16:09
@人造人

^_^