CALL Call Procedure Flags: Not altered (*) (*) If task switch CALL destination occurs, all flags are affected Logic ; near call (intra-segment) ; far call (inter-segment) PUSH eIP PUSH CS eIP ← destination_offset CS ← destination_segment PUSH eIP eIP ← destination_offset
The CALL instruction causes the procedure named in the operand to be executed. When the procedure is complete (a return instruction is executed within the procedure), execution continues at the instruction that follows the CALL.
NEAR calls are those with destinations of type r/m16, r/m32, rel16, rel32; changing or saving the segment register value is not necessary. The CALL rel16 and CALL rel32 forms add a signed offset to the address of the instruction following CALL to determine the destination. The rel16 form is used when the instruction's operand-size attribute is 16 bits; rel32 is used when the operand-size attribute is 32 bits. The result is stored in the 32-bit EIP register. With rel16, the upper 16 bits of EIP are cleared, resulting in an offset whose value does not exceed 16 bits. CALL r/m16 and CALL r/m32 specify a register or memory location from which the absolute segment offset is fetched. The offset fetched from r/m is 32 bits for an operand-size attribute of 32 bits (r/m32), or 16 bits for an operand-size of 16 (r/m16). The offset of the instruction following CALL is pushed onto the stack. It will be popped by a near RET instruction within the procedure called. The CS register is not changed by these forms of CALL.
The FAR calls, CALL ptr16:16 and CALL ptr16:32, use a 4-byte or 6-byte operand as a long pointer to the procedure called. The CALL m16:16 and CALL m16:32 forms fetch the long pointer from the memory location specified (indirection). In real-address mode or virtual 8086 mode, the long pointer provides 16 bits for the CS register and 16 or 32 bits for the EIP register (depending on the operand-size attribute). These forms of CALL push both CS and IP or EIP on the stack as a return address.
Note In protected mode, both long pointer forms of the CALL instruction consult the access rights (AR) byte in the descriptor indexed by the selector part of the long pointer. Depending on the value of the AR byte, the call will perform one of the following types of control transfers:
- a far call to the same protection level - an inter-protection-level far call - a task switch
Opcode Format 9A cd CALL ptr16:16 ; call far direct 9A cp CALL ptr16:32 ; call far direct E8 cw CALL rel16 ; call near relative E8 cd CALL rel32 ; call near relative FF /2 CALL r/m16 ; call near indirect FF /2 CALL r/m32 ; call near indirect FF /3 CALL m16:16 ; call far indirect FF /3 CALL m16:32 ; call far indirect