CALL

Table of Contents

1. CALL (call)
   1. Basic purpose
   2. Instruction execution process
   3. Instruction formats
   4. Behavioral characteristics
   5. Common uses

CALL (call)

Basic purpose

CALL is used to invoke a function by jumping to the target location to execute code while saving the return address so execution can return to the call site when the function finishes.

Instruction execution process

1. Push the address of the instruction following the current instruction (the return address) onto the stack

2. Set RIP to the call target address

3. Begin executing the new code path

Equivalent behavior (x64):

1
push rip_next
2
jmp target

Instruction formats

1
call rel32 ; 相对调用（最常见）
2

3
call rax ; 寄存器间接调用
4

5
call [rax] ; 内存间接调用
6

7
call qword ptr [...] ; 绝对调用

Behavioral characteristics

• Modifies RSP (pushes the return address)

• Modifies RIP (jumps)

• Does not modify EFLAGS

• Changes to the stack structure have a major impact on PWN

• An important node for constructing ROP chains and hijacking control flow

Common uses

• Calling functions

• Dynamically resolving function addresses (via the call/pop technique)

• Control-flow obfuscation (using call to enter an intermediate stub)

• Changing the return address during overflow exploitation