Re: what's the difference between IRET and IRETD?

"zhangyue.zl@xxxxxxxxx" wrote:

It looks like whether using IRET or IRETD depending on the code is
16bit code or 32bit,isnt it?
thanks a lot!

The IRET instruction is a very complicated instruction (see processor manual).
If it is a real mode IRET or a RETURN-SAME-LEVEL IRET in protected mode then
on the stack are the status register, CS register and the Instruction Pointer
which will be restored. From the programmers point of view there are four different
versions of IRET:

- read 16 bit status register and 16 bit instruction pointer from stack using
the 16 bit stack pointer

- read 16 bit status register and 16 bit instruction pointer from stack using
the 32 bit stack pointer

- read 32 bit status register and 32 bit instruction pointer from stack using
the 16 bit stack pointer

- read 32 bit status register and 32 bit instruction pointer from stack using
the 32 bit stack pointer

Whether the 16 or 32 bit stack pointer is used can't be specified in the IRET
instruction but is specified in the stack segment descriptor.

If the current code is in a 16 bit code segment, then the opcode 0xcf will
restore the 16 bit FLAGS and 16 bit IP, whereas the opcode 0x66 0xcf will
restore the 32 bit EFLAGS and 32 bit EIP.

If the current code is in a 32 bit code segment, then the opcode 0xcf will
restore the 32 bit EFLAGS and 32 bit EIP, whereas the opcode 0x66 0xcf will
restore the 16 bit FLAGS and 16 bit IP.

Which mnemonic you have to use to get the proper opcode depends on your
assembler. The "Intel syntax" assembler specify the operand size as part
of the operand and not as part of the instruction name, so it should be
something like:

iret word prt [(e)sp]
iret dword ptr [(e)sp]

But because the only logical thing with the Intel syntax is, that it
is completely illogical, I suppose for this instruction the operand
size is stored with the instruction and a simple

iret
iretd

is used.
.

Relevant Pages