The processor will perform a number of checks to make sure the entry is valid and the code was operating at sufficient privilege to use the gate.
Assuming all checks pass, a new CS/EIP is loaded from the segment descriptor, and continuation information is pushed onto the stack of the new privilege level (old SS, old ESP, old CS, old EIP, in that order).
Upon return from the INT instruction, the ES.DI registers contain a far pointer that can be called to transfer control to the VxD running at ring 0.
With the introduction of x86 instructions for system call (SYSENTER/SYSEXIT by Intel and SYSCALL/SYSRET by AMD), a new faster mechanism was introduced for control transfers for x86 programs.
To preserve system security, the Global Descriptor Table must be held in protected memory, otherwise any program will be able to create its own call gate and use it to raise its privilege level.
[2] One example of this is the e-mail worm Gurong.A, written to exploit the Microsoft Windows operating system, which uses \Device\PhysicalMemory to install a call gate.