You can still sometimes hear old VxD (old Windows) programmers discuss "Ring 0" or "Ring 3".  Such terms might be confusing to you but they are part of the overall history of Windows and the goal of this article is to explan the term an what it means exactly.

In the x86 processor architecture the processor can execute in one of four different operating modes called "priority levels".  There are four priority levels, numbered zero to three.  Priority level zero is allowed to perform any operation on the CPU, while priority level three is the most restricted - there are some instructions that cannot be executed at priority level three.

When the x86 processor was first introduced there was a single mode of addressing that is now called real mode.  Later processor versions introduced a concept of protected mode.  Along with this concept of protected mode came the idea of priority levels.  Memory within the system was broken up into individual pieces called segments and each segment was defined by using a descriptor.  One element of the descriptor is the descriptor priority level.  This DPL value is used to determine what can (or cannot) be done with the code or data within the given segment.

Windows began using segments in order to take advantage of the protection model as well as the larger address space available in protected mode.  As the x86 processor matured they added the concept of paging as well which only works in protected mode, but which also only support the concept of privileged and non-privileged code.  Privilieged code had to be described with a descriptor that specified priority level zero, while non-privileged code had to be described with a descriptor that specified priority level three.  And thus modern Windows, with it support for demand paged virtual memory only uses priority level 0 and priority level 3.

The term "ring" (as it applies to x86 architecture machines and Windows) appears to refer to the original 80386 architecture reference manual's drawing of the four levels of protection - as concentric circles of operations.  Thus, Ring 3 was the outermost ring and provided the most protection, allowing only the execution of instructions that could not effect overall processor state.  Ring 0 was the innermost ring and allowed total control of the processor.  The processor and operating system work together to handle transitions between the priority levels.

As the x86 processor has matured, the use of other priority levels has been deprecated.  Paging only has the concept of user or system access (priorty 3 or priority 0, respectively).  The systenter instruction that is used in Windows XP and later versions of Windows to invoke operating system services, only works with priority zero and priority three, for example.

Of course, Windows runs on platforms other than the x86 processor family and thus the term used in Windows today is user mode or kernel mode.