OSRLogoOSRLogoOSRLogo x Subscribe to The NT Insider

Everything Windows Driver Development

GoToHomePage xLoginx

    Mon, 05 Oct 2015     108330 members


  About This Site
What's New?
OSR Dev Blog
The NT Insider
The Basics
File Systems
ListServer / Forum
Driver Jobs
  Express Links
  · July-August 2015 Issue of The NT Insider Released!
  · The NT Insider Digital Edition - July-August 2015 Now Available!
  · OSR Seminar Schedule
  · Writing WDF Drivers: Advanced Implementation Techniques
  · Windows 8.1 Update: VS Express Now Supported

What Are Rings

You can still sometimes hear old VxD (old Windows) programmers discuss "Ring 0" or "Ring 3".  Such terms might be confusing to you but they are part of the overall history of Windows and the goal of this article is to explan the term an what it means exactly.

In the x86 processor architecture the processor can execute in one of four different operating modes called "priority levels".  There are four priority levels, numbered zero to three.  Priority level zero is allowed to perform any operation on the CPU, while priority level three is the most restricted - there are some instructions that cannot be executed at priority level three.

When the x86 processor was first introduced there was a single mode of addressing that is now called real mode.  Later processor versions introduced a concept of protected mode.  Along with this concept of protected mode came the idea of priority levels.  Memory within the system was broken up into individual pieces called segments and each segment was defined by using a descriptor.  One element of the descriptor is the descriptor priority level.  This DPL value is used to determine what can (or cannot) be done with the code or data within the given segment.

Windows began using segments in order to take advantage of the protection model as well as the larger address space available in protected mode.  As the x86 processor matured they added the concept of paging as well which only works in protected mode, but which also only support the concept of privileged and non-privileged code.  Privilieged code had to be described with a descriptor that specified priority level zero, while non-privileged code had to be described with a descriptor that specified priority level three.  And thus modern Windows, with it support for demand paged virtual memory only uses priority level 0 and priority level 3.

The term "ring" (as it applies to x86 architecture machines and Windows) appears to refer to the original 80386 architecture reference manual's drawing of the four levels of protection - as concentric circles of operations.  Thus, Ring 3 was the outermost ring and provided the most protection, allowing only the execution of instructions that could not effect overall processor state.  Ring 0 was the innermost ring and allowed total control of the processor.  The processor and operating system work together to handle transitions between the priority levels.

As the x86 processor has matured, the use of other priority levels has been deprecated.  Paging only has the concept of user or system access (priorty 3 or priority 0, respectively).  The systenter instruction that is used in Windows XP and later versions of Windows to invoke operating system services, only works with priority zero and priority three, for example.

Of course, Windows runs on platforms other than the x86 processor family and thus the term used in Windows today is user mode or kernel mode.

Related Articles
Stop Interrupting Me -- Of PICs and APICs
What is Real Mode?
The Wide World Of The AMD64

User Comments
Rate this article and give us feedback. Do you find anything missing? Share your opinion with the community!
Post Your Comment

"Understanding Rings"
What a strange article! The author seems to have no knowledge of the whole MULTICS operating system and related hardware research (See GE645, etc.) and development of the late 1960s to mid-1980s! The term "Ring" comes from this research. Ring 0 - referred to as the "innermost" ring - not outermost - is there for the kernel. Interestingly, in the early Intel documentation, "ring 1" is where device drivers were intended to be.

Now- IA32 was always capable of protected mode operation. The earlier 8086/8088 processors were those that did not have that ring structure (but they were IA16 and still had segmented memory). The 80286 was the first to bring in the rings as we know them for good security reasons.

The problem is that Windows'NT was not originally intended for Intel x86 structures but rather "New Technology" or "NT" which in those days were the "risc" processors, such as the Intel 860, MIPS 4400, DEC Alpha, etc. Microsoft's OS/2 really did start to use the segmentation and ring structure in a far better way - but that is interesting history!

Bill Caelli w.caelli@qut.edu.au

16-Jul-03, William Caelli

Post Your Comments.
Print this article.
Email this article.

Windows Internals and SW Drivers

Amherst, NH
21-25 Sept 2015

Writing WDF Drivers: Core Concepts

Amherst, NH
5-9 Oct 2015

Developing File Systems for Windows
Seattle, WA
20-23 Oct 2015

Writing WDF Drivers: Core Concepts

Palo Alto, CA
2-6 Nov 2015

Writing WDF Drivers: Core Concepts

Amherst, NH
2-6 Nov 2015

Kernel Debugging and Crash Analysis

Amherst, NH
9-13 Nov 2015

Writing WDF Drivers: Advanced Implementation Techniques

Amherst, NH
8-11 Dec 2015


Windows Debugger

Checked Build Downloads

Debugging Symbols

WDK Documentation

Windows WDK


Need to develop a Windows file system solution?

We've got a kit for that.

Need Windows internals or kernel driver expertise?

Bring us your most challenging project - we can help!

System hangs/crashes?

We've got a special diagnostic team that's standing by.

Visit the OSR Corporate Web site for more information about how OSR can help!

bottom nav links