x86 assembly instruction: call *Reg

Question

Can anybody give me some information about indirect function calls in x86 assembly, i.e. instructions like

call *Reg

So where the address of the function label is stored in a register. Somehow I couldn't find information about it via google.

And furthermore, what does it mean if I get a Trace/breakpoint exception when running an x86 assembly program which has such an instruction?

Answer 1

Intel and AMD publish very good documentation regarding x86. Here's a link to Intels instruction set reference which (of course) has a section on CALL. http://www.intel.com/design/intarch/manuals/243191.HTM

OP Code: FF /2 
Instruction: CALL r/m32 
Description: Call near, absolute indirect, address given in r/m32

Using NASM syntax

lbl_start:
 MOV EAX, lbl_function1
 CALL EAX
 RETN

lbl_function1:
 MOV EAX, 1
 RET 0

If you're getting an exception it could mean almost anything. Here's a few common issues...

• you're not setting the register to an address within the program
  • you're setting the register value but it's being changed by an API call that happens before your CALL reg32
  • you're setting the register value to the data located at a specific address rather than the address itself
• you're encoding your CALL reg32 OP Code incorrectly, (ex: FF D0 is CALL EAX in hex)