【计算机系统结构】near return instructions 近返回 。Far return instructions 远程返回指令

最新推荐文章于 2024-03-09 11:39:09 发布
最新推荐文章于 2024-03-09 11:39:09 发布
阅读量447 收藏
点赞数
分类专栏: 计算机系统结构 文章标签: near return far return
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_32820767/article/details/88773679
版权

Opcode Mnemonic Description
C3 RET Near return to calling procedure.
CB RET Far return to calling procedure.
C2 iw RET imm16 Near return to calling procedure and pop imm16 bytes from stack.
CA iw RET imm16 Far return to calling procedure and pop imm16 bytes from stack.

将程序控制转移到位于堆栈顶部的返回地址。 地址通常由CALL指令放在堆栈上,并返回到CALL指令后面的指令。

可选的源操作数指定弹出返回地址后要释放的堆栈字节数; 默认值为none。 此操作数可用于从堆栈中释放传递给被调用过程且不再需要的参数。 当用于切换到新过程的CALL指令使用具有非零字数的调用门来访问新过程时,必须使用它。 这里,RET指令的源操作数必须指定与调用门的字计数字段中指定的字节数相同的字节数。

The RET instruction can be used to execute three different types of returns:

Near return
A return to a calling procedure within the current code segment (the segment currently pointed to by the CS register), sometimes referred to as an intrasegment return.
Far return
A return to a calling procedure located in a different segment than the current code segment, sometimes referred to as an intersegment return.
Inter-privilege-level far return
A far return to a different privilege level than that of the currently executing program or procedure.

当执行近返回时,处理器将返回指令指针(偏移)从堆栈顶部弹出到EIP寄存器,并在新指令指针处开始执行程序。 CS寄存器保持不变。

执行远程返回时,处理器将返回指令指针从堆栈顶部弹出到EIP寄存器,然后将段顶选择器从堆栈顶部弹出到CS寄存器中。然后,处理器在新指令指针的新代码段中开始程序执行。

除了处理器检查代码的特权级别和访问权限以及返回的堆栈段以确定是否允许进行控制转移之外,特权级别远程返回的机制类似于段间返回。如果DS,ES,FS和GS段寄存器在特权级别返回期间被清除,则它们将引用不允许在新特权级别访问的段。由于堆栈切换也发生在特权级别返回上,因此ESP和SS寄存器从堆栈加载。

如果在特权级别调用期间将参数传递给被调用过程,则必须将可选的源操作数与RET指令一起使用以释放返回的参数。

这里,参数从被调用过程的堆栈和调用过程的堆栈(即返回的堆栈)中释放。

switch(Instruction) {
	case NearReturn:
		if(OperandSize == 32 && !IsWithinStackLimits(TopStackBytes(12))) Exception(SS(0)); //top 12 bytes of stack not within stack limits
		//OperandSize == 16
		else if(!IsWithinStackLimits(TopStackBytes(6)) Exception(SS(0)); //IF top 6 bytes of stack not within stack limits
		TemporaryEIP = Pop();
		TemporaryEIP = TemporaryEIP & 0xFFFF;
		if(!IsWithinCodeSegmentLimits(TemporaryEIP)) Exception(GP(0));
		EIP = TemporaryEIP;
		if(HasImmediateOperand()) { //instruction has immediate operand
			if(StackAddressSize == 32) ESP = ESP + Source; //release parameters from stack
			//StackAddressSize == 16
			else SP = SP + Source; //release parameters from stack
		}
		break;
	case FarReturn:
		//Real-address mode or virtual-8086 mode
		if(PE == 0 || (PE == 1 && VM == 1)) {
			if(OperandSize == 32) {
				if(!IsWithinStackLimits(TopStackBytes(12)) Exception(SS(0)); //top 12 bytes of stack not within stack limits
				EIP = Pop();
				CS = Pop(); //32-bit pop, high-order 16 bits discarded
			}
			else { //OperandSize == 16
				if(!IsWithinStackLimits(TopStackBytes(6)) Exception(SS(0)); //top 6 bytes of stack not within stack limits
				TemporaryEIP = Pop();
				TemporaryEIP = TemporaryEIP & 0xFFFF;
				if(!IsWithinCodeSegmentLimits(TemporaryEIP)) Exception(GP(0));
				EIP = TemporaryEIP;
				CS = Pop(); //16-bit pop
			}
			if(HasImmediateOperand()) else SP = SP + Source; //instruction has immediate operand; release parameters from stack
		}
		//Protected mode, not virtual-8086 mode
		else if(PE == 1 && VM == 0) {
			if(OperandSize == 32 && !IsWithinStackLimits(OffsetStackBytes(4, 4)) Exception(SS(0)); //second doubleword on stack is not within stack limits
			//OperandSize == 16
			else if(!IsWithinStackLimits(OffsetStackBytes(2, 2))) Exception(SS(0)); //second word on stack is not within stack limits
			if(ReturnCode.SegmentSelector == 0) Exception(GP(Selector));
			if(!IsWithinDescriptorTableLimits(ReturnCode.SegmentSelector)) Exception(GP(Selector));
			ReturnCode.SegmentDescriptor = ObtainSegmentDescriptor(); //Obtain descriptor to which return code segment selector points from descriptor table
			if(!IsCodeSegment(ReturnCode.SegmentDescriptor)) Exception(GP(Selector));
			if(ReturnCode.SegmentSelector.RPL < CPL) Exception(GP(Selector));
			if(IsConforming(ReturnCode.SegmentDescriptor && ReturnCode.Segment.DPL > ReturnCode.SegmentSelector.RPL) Exception(GP(Selector));
			if(!IsPresent(ReturnCode.SegmentDescriptor)) Exception(NP(Selector));
			if(ReturnCode.SegmentSelector.RPL > CPL) {
				//Return outer privilege level
				if(OperandSize == 32 && !IsWithinStackLimits(TopStackBytes(16 + Source)) Exception(SS(0)); //top 16 + Source bytes of stack not within stack limits
				//OperandSize == 16
				else if(!IsWithinStackLimits(TopStackBytes(8 + Source)) Exception(SS(0)); //top 8 + Source bytes of stack not within stack limits
				ReturnSegmentSelector = ReadReturnSegmentSelector();
				if(StackSegmentSelector == 0) Exception(GP(0));
				if(!IsWithinDescriptorTableLimits(ReturnStack.SegmentSelector.Index)) Exception(GP(Selector));
				if(StackSegmentSelector.RPL != ReturnCode.SegmentSelector.RPL || !IsWritableDataSegment(StackSegment) || StackSegmentDescriptor.DPL != ReturnCode.SegmentSelector.RPL) Exception(GP(Selector));
				if(!IsPresent(StackSegment)) Exception(SS(StackSegmentSelector));
				if(!IsWithinLimits(ReturnCode.SegmentLimit, ReturnInstructionPointer)) Exception(GP(0));
				CPL = ReturnCode.SegmentSelector.RPL;
				if(OperandSize == 32) {
					EIP = Pop();
					CS = Pop(); //32-bit pop, high-order 16 bits discarded; segment descriptor information also loaded
					CS.RPL = CPL;
					ESP = ESP + Source; //release parameters from called procedure's stack
					TemporaryESP = Pop();
					TemporarySS = Pop(); //32-bit pop, high-order 16 bits discarded; segment descriptor information also loaded
					ESP = TemporaryESP;
					SS = TemporarySS;
				}
				//OperandSize == 16
				else {
					EIP = Pop();
					EIP = EIP & 0xFFFF;
					CS = Pop(); //16-bit pop; segment descriptor information also loaded
					CS.RPL = CPL;
					ESP = ESP + Source; //release parameters from called procedure's stack
					TemporaryESP = Pop();
					TemporarySS = Pop(); //16-bit pop; segment descriptor information also loaded
					ESP = TemporaryESP;
					SS = TemporarySS;
				}
				SegmentRegisters[] = {ES, FS, GS, DS};
				while(SegmentRegister = NextSegmentRegister(SegmentRegisters)) {
					if(IsDataPointer(SegmentRegister)  || !IsConformingCodeSegment(SegmentRegister) && CPL > SegmentDescriptor.DPL /*DPL in hidden part of segment register*/) SegmentSelector = 0; //segment register is invalid, null segment selector
					if(!IsWithinDescriptorTableLimits(SegmentSelector.Index) || (!IsData(SegmentDescriptor) && !IsReadableCodeSegment(SegmentDescriptor)) || (IsData(SegmentDescriptor) && !IsConformingCodeSegment(SegmentDescriptor) && SegmentDescriptor.DPL < CPL && SegmentDescriptor.DPL < CodeSegment.SegmentSelector.RPL)) SegmentSelectorRegister = NullSelector;
					ESP = ESP + Source; //release parameters from called procedure's stack
				}
			}
			else {
				//Return to same privilege level
				if(!IsWithinLimits(ReturnCode.SegmentLimit, ReturnInstructionPointer)) Exception(GP(0));
				if(OperandSize == 32) {
					EIP = Pop();
					CS = Pop(); //32-bit pop, high-order 16 bits are discarded
					ESP = ESP + Source; //Release parameters from stack
				}
				else { //OperandSize == 16
					EIP = Pop();
					EIP = EIP & 0xFFFF;
					ESP = ESP + Source; //Release parameters from stack
				}
			}
		}
		break;
}

参考 https://c9x.me/x86/html/file_module_x86_id_280.html

七爷OK
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
mpf7_CBOE VIX Volatility derivatives_S&P 500 Index_near_next option_Why log return_Kurtosis_Skew_OLS
Linli522362242的专栏
08-14 2441
mpf7_CBOE VIX Volatility derivatives_S&P 500 Index_near_next option_Why log return_Kurtosis_Skew_OLS
Armv8.9 架构扩展--原文版
最新发布
baron-周贺贺-代码改变世界ctw
08-19 11
The Armv8.9 architecture extension is an extension to Armv8.8. It adds mandatory and optional architectural features. Some features must be implemented together. An implementation is Armv8.9 compliant if all of the following apply:It is Armv8.8 compliant.I
80X86常用汇编指令集(不断补充完善中)
weixin_34372728的博客
09-02 1495
学习汇编语言,最关键的就在于汇编指令集的掌握以及计算机工作方式的理解,以下是80X86汇编过程中经常用到的一些汇编指令。 从功能分类上来说,一共可分为 一、 数据传送指令:MOV、XCHG、LEA、LDS、LES、PUSH、POP、PUSHF、POPF、CBW、CWD、CWDE。 二、 算术指令:ADD、ADC、INC、SUB、SBB、DEC、CMP、MUL、DIV、DAA、DAS、...
call和ret指令_8086微处理器中的CALL和RET指令
cumubi7552的博客
06-26 964
call和ret指令 8086微处理器中的CALL指令 (The CALL instruction in the 8086 microprocessor) The CALL instruction is used whenever we need to make a call to some procedure or a subprogram. Whenever a CALL is made, t...
微机原理==第二章16位和32位微处理器(6)
女王有颗钻石心
10-31 559
字节串检索 SCASB ;(AL)-(ES:[DI]) ;DI←(DI)±1字串检索 SCASW ;(AX)-(ES:[DI]) ;DI←(DI)±2影响标志位字节串读取 LODSB ;AL←(DS:[SI]) ;SI←(SI)±1 字串读取 LODSW ;AX←(DS:[SI]) ;SI←(SI)±2不影响标志位字节串
【转】ret,retf,iret的区别
weixin_33923762的博客
07-13 906
ret RET, and its exact synonym RETN, pop IP or EIP from the stack and transfer control to the new address. Optionally, if a numeric second operand is provided, they increment the stack pointer by a...
汇编的Enter, leave, return 指令
cay22的专栏
03-21 8028
enter的用法: enter   8, 3                   ;就是申请8个存储单元(在堆栈中),特权为3 http://www.cnblogs.com/keepfocus/archive/2011/09/15/2176925.html 1. enter等价于: push ebp mov ebp,  esp 在函数的入口时常用。 ENTER   n   申请局
【ChatGPT模型精调训练】AI 大模型精调 Fine-Tuning (微调)训练图文代码实战详解
禅与计算机程序设计艺术
03-09 705
选择预训练模型:选择一个在类似任务上已经训练好的模型作为起点。数据准备:准备并预处理你的数据集,使其适合模型的输入格式。微调:在你的特定数据集上继续训练模型,调整模型的权重。评估:评估微调后模型的性能。应用:将微调后的模型部署到实际应用中。Fine-Tuning(精调)是指在预训练模型的基础上,对模型进行微调,使其适应特定任务。预训练模型通常在大量无标签数据上进行训练,以学习通用的语言表示。通过 Fine-Tuning,我们可以在较小的标签数据集上训练模型,以便模型能够更好地解决特定任务。
计算机算法常用术语中英对照(分为两部分 其中一部分表格形式 )
weixin_30488085的博客
06-25 4837
第一部分 Data Structures 基本数据结构 Dictionaries 字典 Priority Queues 堆 Graph Data Structures 图 Set Data Structures 集合 Kd-Trees 线段树 Numerical Problems 数值问题 Solving Linear Equations 线性方程组 B...
HAL:存储和传播软件密集型嵌入式系统的安全性证明
Marc Chevalier. Proving the security of software-intensive embedded systems by abstract interpreta-tion.. Cryptography and Security [cs.CR]. Université Paris sciences et lettres, 2020....
ARM汇编:汇编中proc、endp、ret、nearfar指令用法
热门推荐
魏波
11-19 3万+
   ARM汇编:汇编中proc、endp、ret、nearfar指令用法 子程序名 PROC NEAR ( 或 FAR ) …… ret 子程序名 ENDP (1)NEAR属性(段内调用): 调用程序和子程序在同一代码段中,只能被相同代码段的其他程序调用;    FAR属性(段间远调用): 调用程序和子程序不在同一代码段中,可以被相同或不同代码段的程序调用. (2)proc是定义子......
为什么POP/POP/RET是必需的
312小公举的专栏
04-18 6016
POP/POP/RET是创建SEH漏洞必需的指令序列。 要理解P/P/R是如何工作的,就要先了解各个寄存器的作用: 在x86处理器中,EIP(Instruction Pointer)是指令寄存器,指向处理器下条等待执行的指令地址(代码段内的偏移量),每次执行完相应汇编指令EIP值就会增加。ESP(Stack Pointer)是堆栈指针寄存器,存放执行函数对应栈帧的栈顶地址(也是系统栈的顶部),
iret指令
Ghjhfssfgk的博客
02-19 5232
IRET(interrupt return)中断返回,中断服务程序的最后一条指令。 汇编指令IRET 【指令格式】IRET 【指令功能】IRET(interrupt return)中断返回,中断服务程序的最后一条指令。IRET指令将推入堆栈的段地址和偏移地址弹出,使程序返回到原来发生中断的地方。其作用是从中断中恢复中断前的状态,具体作用有如下三点: 1.恢复IP(instruction point...
8086汇编之 CALL 和 RET指令
eskimoer的专栏
06-19 8336
Ret 和 call 也是转移指令,但是他们跟jmp不同的是,这两个转移指令都跟栈有关系。 ret 用栈中的数据修改IP的地址,从而实现转移 ( ip ) = ( (ss)*16+ sp ) ( sp ) =( sp ) + 2 相当于pop ip retf 用栈中的数据来修改CS以及IP的值,实现段间转移 ( ip ) = ( (ss)*16+ sp ) ( sp ) =
ret,retf,iret等的区别
是真学霸自风流,公众号:IC免费课
11-14 6628
RET, and its exact synonym RETN, pop IP or EIP from the stack and transfer control to the new address. Optionally, if a numeric second operand is provided, they increment the stack pointer by a furthe
Debug Current Instruction Pointer怎么去掉(调试箭头)
样young的博客
01-20 1万+
有时退出调试视图后在程序界面左边依然存在箭头(Debug Current Instruction Pointer),如下图所示。Debug Current Instruction Pointer表示调试总是从这里开始。 如何去掉这个箭头呢?操作步骤如下:重新进入调试视图,双击程序左边的断点(下图黑色框中的圆点)取消所有断点,接着点击下图蓝色方框(注意:下图比较大,看不全,需要左右拉动图下边的...
计算机系统结构指令执行流水线相关性解析,硬件资源冲突和竞争问题分析。
计算机系统结构是指计算机硬件与软件之间的组织和交互方式。在流水线结构中,指令的执行被分成若干个阶段,这些阶段依次由不同的硬件部件完成。然而,在指令执行过程中,可能会存在资源竞争或冲突现象,导致流水线...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值