You do not need to use IRET (in fact, that would probably not WORK), but a "far ret" would work fine, and "pop" CS. But the point was more that there is no instruction in x86 that restored CS on it's own from the stack (or for that matter "loads" CS from memory, or some such). You have to use one of the JUMP, CALL or RET instructions that take a CS:rIP pair - or use task-switching instructions).
Originally Posted by abachler
As to DS and CS being the same, I was referring to x86. Most other processors do not have DS and CS register. Of course, there are at least some processors that have a harvard or pseudo-harvard architecture. A good way to avoid accidentally executing data!
Note also that my simple push, push, ret example is just ONE of many different ways that we could come up with a "stack-frame that points to a function". You most likely would have to completely follow the whole of the instruciton flow to know what's going on. A more complex example:
[I don't guarantee that the above code is actually CORRECT - but something along those lines WILL be able to execute correctly].
mov ebp, esp
mov eax, 0xFFFFFFFF
xor eax, ebp
sub eax, 4
mov [eax], a
sub eax, 4
mov [eax], b
xchg esp, eax
By the time you can follow such things, you have pretty much build a complete x86 instructin simulator. Which is a MAJOR task.