lcall immptr lcall *mem48
far call ptr16:{16|32} far call m16:{16|32}
The lcall instruction calls intersegment (far) procedures using a full pointer. lcall causes the procedure named in the operand to be executed. When the called procedure completes, execution flow resumes at the instruction following the lcall instruction (see the return instruction).
lcall ptr16:{16|32} uses a four-byte or six-byte operand as a long pointer to the called procedure.
lcall m16:{16|32} fetches the long pointer from the specified memory location.
In Real Address Mode or Virtual 8086 Mode, the long pointer provides 16 bits for the CS register and 16 or 32 bits for the EIP register. Both forms of the lcall instruction push the CS and IP or EIP registers as a return address.
Use a four-byte operand as a long pointer to the called procedure.
lcall $0xfebc, $0x12345678
Fetch a long pointer from the memory location addressed by the edx register, offset by 3.
lcall *3(%edx)
call disp32 call *r/m32
near call rel{16|32}
near call r/m{16|32}
The call instruction calls near procedures using a full pointer. call causes the procedure named in the operand to be executed. When the called procedure completes, execution flow resumes at the instruction following the call instruction (see the return instruction).
call rel{16|32} adds a signed offset to address of the instruction following the call instruction to determine the destination; that is, the displacement is relative to the next instruction. The displacement value is stored in the EIP register. For rel16, the upper 16 bits of EIP are cleared to zero resulting in an offset value that does not exceed 16 bits.
call r/m{16|32} specifies a register or memory location from which the absolute segment offset is fetched. The offset of the instruction following the call instruction is pushed onto the stack. After the procedure completes, the offset is popped by a near ret instruction within the procedure.
Both forms of the call instruction have no affect on the CS register.
Program counter minus 0x11111111.
call .-0x11111111
Add a signed offset value to the address of the next instruction.
call *4(%edi)
ret ret imm16
return to caller
The ret instruction transfers control to the return address located on the stack. This address is usually placed on the stack by a call instruction. Issue the ret instruction within the called procedure to resume execution flow at the instruction following the call.
The optional numeric (16- or 32-bit) parameter to ret specifies the number of stack bytes or words to be released after the return address is popped from the stack. Typically, these bytes or words are used as input parameters to the called procedure.
For an intersegment (near) return, the address on the stack is a segment offset that is popped onto the instruction pointer. The CS register remains unchanged.
Transfer control to the return address located on the stack.
ret
Transfer control to the return address located on the stack. Release the next 16-bytes of parameters.
ret $-32767
lret lret imm16
return to caller
The lret instruction transfers control to a return address located on the stack. This address is usually placed on the stack by an lcall instruction. Issue the lret instruction within the called procedure to resume execution flow at the instruction following the call.
The optional numeric (16- or 32-bit) parameter to lret specifies the number of stack bytes or words to be released after the return address is popped from the stack. Typically, these bytes or words are used as input parameters to the called procedure.
For an intersegment (far) return, the address on the stack is a long pointer. The offset is popped first, followed by the selector.
In Real Mode, CS and IP are loaded directly. In Protected mode, an intersegment return causes the processor to check the descriptor addressed by the return selector. The AR byte of the descriptor must indicate a code segment of equal or lesser privilege (or greater or equal numeric value) than the current privilege level. Returns to a lesser privilege level cause the stack to be reloaded from the value saved beyond the parameter block.
Transfer control to the return address located on the stack.
lret
Transfer control to the return address located on the stack. Release the next 16-bytes of parameters.
lret $-32767
enter imm16, imm8
make stack frame for procedure parameters
Create the stack frame required by most block-structured high-level languages. The imm16 operand specifies the number of bytes of dynamic storage allocated on the stack for the routine being entered. The imm8 operand specifies the lexical nesting level (0 to 31) of the routine within the high-level language source code. The nesting level determines the number of stack frame pointers copied into the new stack frame from the preceding frame.
Create a stack frame with 0xfecd bytes of dynamic storage on the stack and a nesting level of 0xff.
enter $0xfecd, $0xff
leave
set (E)SP to (E)BP, then pop (E)BP
The leave instruction reverses the actions of an enter instruction. leave copies the frame pointer to the stack point and releases the stack space formerly used by a procedure for its local variables. leave pops the old frame pointer into (E)BP, thus restoring the caller's frame. A subsequent ret nn instruction removes any arguments pushed onto the stack of the exiting procedure.
Copy the frame pointer to the stack pointer and release the stack space.
leave