Intel 64 and IA-32 Architectures Software Developers Manual Volume 2B, Instruction Set Reference, N-Z
4-368 Vol. 2B
INSTRUCTION SET REFERENCE, N-Z
CS.SEL.RPL ← 3;
CS.ARbyte.P ← 1;
CPL ← 3;
SS.SEL ← (SYSENTER_CS_MSR + 24); (* Segment selector for return SS *)
(* Set rest of SS to a fixed value *);
SS.BASE ← 0; (* Flat segment *)
SS.LIMIT ← FFFFFH; (* 4-GByte limit *)
SS.ARbyte.G ←1; (* 4-KByte granularity *)
SS.ARbyte.S ← ;
SS.ARbyte.TYPE ← 0011B; (* Expand Up, Read/Write, Data *)
SS.ARbyte.D ← 1; (* 32-bit stack segment*)
SS.ARbyte.DPL ← 3;
SS.SEL.RPL ← 3;
SS.ARbyte.P ← 1;
ESP ← ECX;
EIP ← EDX;
IA-32e Mode Operation
In IA-32e mode, SYSEXIT executes a fast system calls from a 64-bit executive proce-
dures running at privilege level 0 to user code running at privilege level 3 (in compat-
ibility mode or 64-bit mode). This instruction is a companion instruction to the
SYSENTER instruction.
In IA-32e mode, the IA32_SYSENTER_EIP and IA32_SYSENTER_ESP MSRs hold
64-bit addresses and must be in canonical form; IA32_SYSENTER_CS must not
contain a NULL selector.
When the SYSEXIT instruction transfers control to 64-bit mode user code using
REX.W, the following fields are generated and bits set:
• Target code segment — Computed by adding 32 to the value in the
IA32_SYSENTER_CS.
• New CS attributes — L-bit = 1 (go to 64-bit mode).
• Target instruction — Reads 64-bit canonical address in RDX.
• Stack segment — Computed by adding 8 to the value of CS selector.
• Stack pointer — Update RSP using 64-bit canonical address in RCX.
When SYSEXIT transfers control to compatibility mode user code when the operand
size attribute is 32 bits, the following fields are generated and bits set:
• Target code segment — Computed by adding 16 to the value in
IA32_SYSENTER_CS.
• New CS attributes — L-bit = 0 (go to compatibility mode).
• Target instruction — Fetch the target instruction from 32-bit address in EDX.