There is a selector register named the task register (TR). This register has a GDT selector that chooses a descriptor whose type is TSS. This descriptor contains the base and limit for the TSS.
Task State Segment Format
The fields from offset 4 to 1F are not changed by the hardware.
─────────────────────────────────────────────────────────────────────────────────────
Offset(size) Content Offset(size) Content
00(2) link - previous tss
selector
04(4) Ring 0 ESP 08(2) Ring 0 SS
0C(4) Ring 1 ESP 10(2) Ring 1 SS
14(4) Ring 2 ESP 18(2) Ring 2 SS
1C(4) CR3. 20(4) EIP
24(4) EFLAGS 28(4) EAX
2C(4) ECX 30(4) EDX
34(4) EBX 38(4) ESP
3C(4) EBP 40(4) ESI
44(4) EDI
48(2) ES 4C(2) CS
50(2) SS 54(2) DS
58(2) FS 5C(2) GS
60(2) LDT selector 62(2) reserved
64(2) TFlags 66(2) IO Map
─────────────────────────────────────────────────────────────────────────────────────