OSRLogo
OSRLogoOSRLogoOSRLogo x Subscribe to The NT Insider
OSRLogo
x

Everything Windows Driver Development

x
x
x
GoToHomePage xLoginx
 
 

    Tue, 09 Feb 2010     76021 members

   Login
   Join


  
 
Contents
  About This Site
What's New?
Hector's Memos
The NT Insider
The Basics
File Systems
Downloads
ListServer / Forum
Driver Jobs
Store
  Express Links
  · Attention Silicon Valley - WDF/WDF/Kernel Debugging Seminars Coming to Santa Clara
  · The Community Steps Up: VisualDDK
  · Win7 Mysteries: Crash Dump Oddities
  · KMDF Basics: Using Counted Queues
  · Writing a Virtual Storport Miniport Driver (Part II)

What Are Rings
OSR Staff | Published: 08-May-03| Modified: 08-May-03

You can still sometimes hear old VxD (old Windows) programmers discuss "Ring 0" or "Ring 3".  Such terms might be confusing to you but they are part of the overall history of Windows and the goal of this article is to explan the term an what it means exactly.

In the IA-32 (x86) processor architecture the processor can execute in one of four different operating modes called "priority levels".  There are four priority levels, numbered zero to three.  Priority level zero is allowed to perform any operation on the CPU, while priority level three is the most restricted - there are some instructions that cannot be executed at priority level three.

When the IA-32 processor was first introduced there was a single mode of addressing that is now called real mode.  Later processor versions introduced a concept of protected mode.  Along with this concept of protected mode came the idea of priority levels.  Memory within the system was broken up into individual pieces called segments and each segment was defined by using a descriptor.  One element of the descriptor is the descriptor priority level.  This DPL value is used to determine what can (or cannot) be done with the code or data within the given segment.

Windows began using segments in order to take advantage of the protection model as well as the larger address space available in protected mode.  As the IA-32 processor matured they added the concept of paging as well which only works in protected mode, but which also only support the concept of privileged and non-privileged code.  Privilieged code had to be described with a descriptor that specified priority level zero, while non-privileged code had to be described with a descriptor that specified priority level three.  And thus modern Windows, with it support for demand paged virtual memory only uses priority level 0 and priority level 3.

The term "ring" appears to refer to the original 80386 architecture reference manual's drawing of the four levels of protection - as concentric circles of operations.  Thus, Ring 3 was the innermost ring and provided the most processor level protection.  Ring 0 was the outermost ring and allowed total control of the processor.  The processor and operating system work together to handle transitions between the priority levels.

As the IA-32 processor has matured, the use of other priority levels has been deprecated.  Paging only has the concept of user or system access (priorty 3 or priority 0, respectively).  The systenter instruction that is used in Windows XP to invoke operating system services, only works with priority zero and priority three, for example.

Of course, Windows runs on platforms other than the IA-32 processor family and thus the term used in Windows today is user mode or kernel mode.

Related Articles
What is Real Mode?

User Comments
Rate this article and give us feedback. Do you find anything missing? Share your opinion with the community!
 Post Your Comment

 "Understanding Rings"
What a strange article! The author seems to have no knowledge of the whole MULTICS operating system and related hardware research (See GE645, etc.) and development of the late 1960s to mid-1980s! The term "Ring" comes from this research. Ring 0 - referred to as the "innermost" ring - not outermost - is there for the kernel. Interestingly, in the early Intel documentation, "ring 1" is where device drivers were intended to be.

Now- IA32 was always capable of protected mode operation. The earlier 8086/8088 processors were those that did not have that ring structure (but they were IA16 and still had segmented memory). The 80286 was the first to bring in the rings as we know them for good security reasons.

The problem is that Windows'NT was not originally intended for Intel x86 structures but rather "New Technology" or "NT" which in those days were the "risc" processors, such as the Intel 860, MIPS 4400, DEC Alpha, etc. Microsoft's OS/2 really did start to use the segmentation and ring structure in a far better way - but that is interesting history!

Bill Caelli w.caelli@qut.edu.au

Rating:
16-Jul-03, William Caelli

Post Your Comments.
Print this article.
Email this article.

Writing WDF Drivers LAB
Santa Clara, CA
22-Feb-2010 to 26-Feb-2010

Writing WDM Drivers LAB
Santa Clara, CA
22-Feb-2010 to 26-Feb-2010

Kernel Debugging
& Crash Analysis LAB
Santa Clara, CA
1 Mar-2010 to 5-Mar-2010

Writing WDF Drivers LAB
Munich, Germany
15 Mar-2010 to 19-Mar-2010

Windows Internals
& Software Drivers LAB
Seattle, WA
29 Mar-2010 to 2-Apr-2010

Kernel Debugging
& Crash Analysis LAB
Munich, Germany
12 Apr-2010 to 16-Apr-2010

File System Development
Waltham, MA
27-Apr-2010 to 30-Apr-2010
 
 

Windows Debugger
V6.11.1.404 -- 27-Mar-09

Checked Build Downloads
11-Apr-09

Debugging Symbols
5-Aug-09

WDK Doc Updates
Now updated monthly!

Windows WDK
Win7 & Server 2008 R2 -- 5-Aug-09
 
IFS Kit Support
bottom nav links