OSRLogo
OSRLogoOSRLogoOSRLogo x Seminar Ad
OSRLogo
x

Everything Windows Driver Development

x
x
x
GoToHomePage xLoginx
 
 

    Thu, 02 Sep 2010     81215 members

   Login
   Join


  
 
Contents
  About This Site
What's New?
Hector's Memos
The NT Insider
The Basics
File Systems
Downloads
ListServer / Forum
Driver Jobs
Store
  Express Links
  · It's Here: The NT Insider -- Digital Edition!
  · WDK Community Bug Bash 2010 -- Submit a Bug... Get FREE STUFF!
  · File Systems and Filters: A Specialty
  · It's All About The Basics
  · The NT Insider - Digital Edition

What Are Rings
OSR Staff | Published: 08-May-03| Modified: 08-May-03

You can still sometimes hear old VxD (old Windows) programmers discuss "Ring 0" or "Ring 3".  Such terms might be confusing to you but they are part of the overall history of Windows and the goal of this article is to explan the term an what it means exactly.

In the IA-32 (x86) processor architecture the processor can execute in one of four different operating modes called "priority levels".  There are four priority levels, numbered zero to three.  Priority level zero is allowed to perform any operation on the CPU, while priority level three is the most restricted - there are some instructions that cannot be executed at priority level three.

When the IA-32 processor was first introduced there was a single mode of addressing that is now called real mode.  Later processor versions introduced a concept of protected mode.  Along with this concept of protected mode came the idea of priority levels.  Memory within the system was broken up into individual pieces called segments and each segment was defined by using a descriptor.  One element of the descriptor is the descriptor priority level.  This DPL value is used to determine what can (or cannot) be done with the code or data within the given segment.

Windows began using segments in order to take advantage of the protection model as well as the larger address space available in protected mode.  As the IA-32 processor matured they added the concept of paging as well which only works in protected mode, but which also only support the concept of privileged and non-privileged code.  Privilieged code had to be described with a descriptor that specified priority level zero, while non-privileged code had to be described with a descriptor that specified priority level three.  And thus modern Windows, with it support for demand paged virtual memory only uses priority level 0 and priority level 3.

The term "ring" appears to refer to the original 80386 architecture reference manual's drawing of the four levels of protection - as concentric circles of operations.  Thus, Ring 3 was the innermost ring and provided the most processor level protection.  Ring 0 was the outermost ring and allowed total control of the processor.  The processor and operating system work together to handle transitions between the priority levels.

As the IA-32 processor has matured, the use of other priority levels has been deprecated.  Paging only has the concept of user or system access (priorty 3 or priority 0, respectively).  The systenter instruction that is used in Windows XP to invoke operating system services, only works with priority zero and priority three, for example.

Of course, Windows runs on platforms other than the IA-32 processor family and thus the term used in Windows today is user mode or kernel mode.

Related Articles
Stop Interrupting Me -- Of PICs and APICs
What is Real Mode?
The Wide World Of The AMD64

User Comments
Rate this article and give us feedback. Do you find anything missing? Share your opinion with the community!
 Post Your Comment

 "Understanding Rings"
What a strange article! The author seems to have no knowledge of the whole MULTICS operating system and related hardware research (See GE645, etc.) and development of the late 1960s to mid-1980s! The term "Ring" comes from this research. Ring 0 - referred to as the "innermost" ring - not outermost - is there for the kernel. Interestingly, in the early Intel documentation, "ring 1" is where device drivers were intended to be.

Now- IA32 was always capable of protected mode operation. The earlier 8086/8088 processors were those that did not have that ring structure (but they were IA16 and still had segmented memory). The 80286 was the first to bring in the rings as we know them for good security reasons.

The problem is that Windows'NT was not originally intended for Intel x86 structures but rather "New Technology" or "NT" which in those days were the "risc" processors, such as the Intel 860, MIPS 4400, DEC Alpha, etc. Microsoft's OS/2 really did start to use the segmentation and ring structure in a far better way - but that is interesting history!

Bill Caelli w.caelli@qut.edu.au

Rating:
16-Jul-03, William Caelli

Post Your Comments.
Print this article.
Email this article.

Writing WDM Drivers LAB
Seattle, WA
16-Aug-2010 to 20-Aug-2010

Writing WDF Drivers LAB
Santa Clara, CA
27-Sept-2010 to 1-Oct-2010

Kernel Debugging &
Crash Analysis LAB
Portland, OR
18-Oct-2010 to 22-Oct-2010

Developing File Systems
Santa Clara, CA
26-Oct-2010 to 29-Oct-2010

Windows Internals &
Software Drivers LAB
Santa Clara, CA
15-Nov-2010 to 19-Nov-2010
 
 

Windows Debugger
V6.12.2.633 -- 26 Feb 10

Checked Build Downloads
29-Apr-10

Debugging Symbols
5-Oct-09
 

WDK Doc Updates
Now updated bi-monthly!

Windows WDK
V7.1.0 -- 26 Feb 10
 
 
x
LetUsHelp
 

Need to develop a Windows file system solution?

We've got a kit for that.

Need Windows internals or kernel driver expertise?

Bring us your most challenging project - we can help!

System hangs/crashes?

We've got a special diagnostic team that's standing by.

Visit the OSR Corporate Web site for more information about how OSR can help!
 
bottom nav links