Intel IA-32 User Manual

Vol. 3A 4-25

PROTECTION

4.

Temporarily saves the current values of the SS and ESP registers.

5.

Loads the segment selector and stack pointer for the new stack in the SS and ESP registers.

6.

Pushes the temporarily saved values for the SS and ESP registers (for the calling
procedure) onto the new stack (see Figure 4-13).

7.

Copies the number of parameter specified in the parameter count field of the call gate from
the calling procedure’s stack to the new stack. If the count is 0, no parameters are copied.

8.

Pushes the return instruction pointer (the current contents of the CS and EIP registers) onto
the new stack.

9.

Loads the segment selector for the new code segment and the new instruction pointer from
the call gate into the CS and EIP registers, respectively, and begins execution of the called
procedure.

See the description of the CALL instruction in Chapter 3, Instruction Set Reference, in the IA-32
Intel Architecture Software Developer’s Manual, Volume 2, for a detailed description of the priv-
ilege level checks and other protection checks that the processor performs on a far call through
a call gate.

The parameter count field in a call gate specifies the number of data items (up to 31) that the
processor should copy from the calling procedure’s stack to the stack of the called procedure. If
more than 31 data items need to be passed to the called procedure, one of the parameters can be
a pointer to a data structure, or the saved contents of the SS and ESP registers may be used to
access parameters in the old stack space. The size of the data items passed to the called proce-
dure depends on the call gate size, as described in Section 4.8.3, “Call Gates.”

Figure 4-13. Stack Switching During an Interprivilege-Level Call

Parameter 1

Parameter 2

Parameter 3

Calling SS

Calling ESP

Parameter 1

Parameter 2

Parameter 3

Calling CS

Calling EIP

Called Procedure’s Stack

ESP

ESP

Calling Procedure’s Stack