What is protected mode?
Protected mode, also called protected virtual address mode, is the primary mode of operation for an Intel-based x86 microprocessor. It's characterized by the way it restricts the address space of any given application from writing over the address space of another application.
This restriction is implemented in hardware to allow multiple applications written by different developers to run on the same computer. Without such protection, a buggy or malicious program could write over the space of another program and cause it to malfunction or crash, leaving no clues as to why the second program failed.
Intel processors use segmented addressing, where both physical and virtual memory are divided into blocks or segments. A segment register contains a selector that's used to choose a descriptor from the descriptor table. The descriptor contains information about the segment, including its starting address, length and access rights. This information is used in protected mode to control how applications access memory.
What's the difference between protected mode and real mode?
Intel's original PC microprocessor, the 8088, allowed access to 1 megabyte (MB) of RAM. The memory was divided into several areas for BIOS data, signals from the display and other system information. The remaining 640 kilobytes of contiguous space was left for the operating system (OS) and application programs.
Protected mode was introduced with the 80286 chip to enable multitasking, ensuring any instruction issued by a program running in protected mode wouldn't be able to address memory outside the space allocated to the program. Typically, OS code and almost all application programs run in protected mode to ensure essential data isn't unintentionally overwritten.
However, for some basic operations, a computer needs to address all memory locations. This is possible in real mode, which is the mode Intel processors start in. In real mode, an instruction can address any space within 1 MB of RAM. Typically, a program running in real mode needs to read and write system data and can be trusted to know how to do this. Such a program is usually part of the OS or a special application subsystem.
The processor switches into protected mode -- also called the native mode for the Intel processor -- to run any of the advanced OSes, such as Microsoft Windows or Linux, that require a larger address space and that run multiple applications simultaneously through multitasking.
What are the other operating modes of a modern Intel processor?
In addition to real and protected modes, Intel processors can be run in the following two operational modes:
System Management mode (SMM). In this operational mode, all program execution is suspended, including the OS, and firmware is run with the highest privileges. SMM is used to run hardware-assisted debuggers, for example.
Virtual 8086 mode. This isn't an operational mode in the strictest sense because the processor itself remains in protected mode while it runs one or more real mode applications. Virtual 8086 mode allows more advanced Intel processors -- 80386 microprocessors and later -- to emulate multiple 8086/8088 processors within a virtual 8086 mode monitor that protects the rest of the system from the program or programs running in real mode.
Learn how Windows 10 virtual memory works and how it can be managed to get better desktop performance.