Protected Mode

What is Protected Mode?

Protected mode refers to the 32-bit operating mode that is typically found on Intel 80286 or newer CPUs. Also known as protected virtual address mode, protected mode is found in most operating systems other than DOS.

Understanding Protected Mode

What is Protected Mode

Protected mode is a security feature that was added to the x86 architecture of Intel in early 1982. Over time, this became the foundation of all later Intel x86 architectures.

The initial versions, however, did not allow switching back to the real mode or enabling the protected mode.

There was an option available to protect the registers, stack pointers, and interrupt mask in the Random Access Memory. This option could be accessed via a keyboard controller.

In the later versions, starting with the 386 processors, enabling protected mode was allowed.

It was far easier than the steps involved in the 286 architecture because it offered an internal mechanism to exit the protected mode.

This mode offers several benefits, including but not limited to:

It also allows terminating a failed program without restarting the programs that are running or the computer system.

Ideally, the protected mode enhances the security aspect while also enhancing system stability with its unique features. Some of these features are:

Privilege levels:

There are four such levels, also known as rings, where ring 0 is the most privileged and ring 3 is the least privileged.

Usually, when the operating system runs on ring 0, the application runs on ring 3. These rings allow the system software to disallow access to data by the tasks.

Virtual 8086 mode:

This mode allows running codes for 8086 written earlier on new systems. This backward compatibility does not need any modifications to be made. It enhances system security and stability.

Compatibility with real mode applications:

Windows 3.x and its successors allow a binary compatibility with real mode so that Windows 2.x applications can run as well in protected mode.

Segment addressing:

The segment part is replaced in protected mode by a 16-bit selector. The index of an entry is contained in the thirteen upper bits in a descriptor table. This includes:

Two lower bits delineate the request privilege from 0 to 3, and the last bit indicates whether the operation is against the GDT or the LDT.


This allows the operating system to run several tasks concurrently but can be used only when a task is programmed to be carried out on different processors.

The current context information is saved by the processors while switching between tasks in the task state segment.

The processors use this saved information to set their internal registers while rescheduling the original task for execution to start the process.


This feature protects against software bugs and allows the operating system to multitask more reliably. It checks the memory cycles before the process starts and terminates any offending cycles, generating an exception. This enhances the stability of all tools for software development.


Different sections of the memory are called pages. These pages can be transferred from primary storage to secondary storage, which offers more space to store.

Read Also:  What is Mask ROM (MROM)? Function, Pros, Cons & More

The operating system can produce a diverse virtual address for every task, preventing one task from controlling the memory of another.

Debugging support:

There is a collection of configurable debug registers that allow setting a breakpoint using a preferred memory address and typing the cycle to trigger it.

When this breakpoint is reached, the debugger takes control by generating an exception displaying the information about the internal state of the CPU.

Protected Mode is OS

Operating systems such as OS/2 1.x attempt to switch the CPU between real mode and protected mode, which is not only slow but also unsafe.

This is because the chances of the system crashing are really high in real mode. Therefore, it is best for an operating system to be in protected mode.

These types of operating systems, such as OS/2 1.x and some early versions of Linux and Windows, typically describe restrictive programming rules.

This allows a bound program or API to run either in protected mode or in real mode.

Windows 3.0 can run programs in real mode in 16-bit protected mode by preserving the single privilege level model used in real mode.

This allows DLLs and Windows applications to access hardware directly and hook interrupts.

A Windows 1.x or 2.x program, however, can run in the same way in both modes since they avoid segment arithmetic and are written properly.

Typically, all Windows programs avoid segment arithmetic since they use a software virtual memory system that moves data and program codes into memory when it is not running.

Therefore, manipulating absolute addresses can be potentially dangerous and therefore handles should be kept in memory blocks when these are not running.

In Windows 3.1, however, real mode was not supported and therefore could not be accessed.

In modern 32-bit operating systems, virtual 8086 mode is still used to run applications in OS/2 2.0 and 32-bit Windows NT but is controlled by a 32-bit kernel.

However, the 64-bit operating systems running in long mode do not use this because long mode is removed from virtual 8086 mode.

Protected Mode in Assembly Language

The most commonly used X86 assembly language in protected mode is x86 assembly programming. It typically uses 32-bit addressing of registers, memory, paging, and protection.

There are eight 32-bit General Purpose Registers or GPRs used in this process in protected mode. Four are data registers and the other four are address registers.

The four data registers are:

The four address registers are:

Apart from that, there are also some non-application registers used to change the state of the CPU such as:

All these registers can be used for holding data as well as for segmented addressing of the memory both.

In addition to that, there are also a host of mnemonics for the opcodes used in this language such as add, bound, call, div, enter, hlt, into, jpe, leave, mov, not, or, push, ret, sets, test, verr, wait, and xor, just to name a few.

Different addressing models are also used in this mode such as:

There are basically two distinct descriptors used to hold information about the behavior and appearance of the memory as well such as:

These tables usually have 48-bit wide pointers with two fields as follows:

The interrupts in the protected mode can be programmed to switch into a particular thread or process automatically.

Read Also:  What is Memory Protection? (Explained)

To switch to protected mode, here are the steps:

You may also load LDTR with the pointer to the LDT-table at your discretion.

What is Protected Mode in Windows 10?

Windows protected mode is a feature of Internet Explorer. This protects the system from spyware, viruses, adware and other malicious software that may enter into it from the Internet or from any other potentially insecure locations.

This mode opens these locations and sites safely in read-only mode so that you can read and see the contents.

Typically, in Windows, there are several reasons for a file to open in a protected view and specific warning messages and images will be displayed for each when you open them in a protected view.

Depending on the version, some of these are:

When you choose to open a file even after getting a message, you can do so by using the Open in Protected View option. The steps to follow are:

How To Turn Off Protected Mode?

Though you should not disable protected mode to affect the security of your device, you may if you wish by making changes in the advanced settings in the tools in Internet Explorer.

The steps to follow for disabling protected mode are:

Once you are done, you must restart the browser so that the changes take effect.

Disabling protected mode should be done at your own risk. Even if you have to, do it temporarily when you need to load any incompatible add-ons and are sure that the site and the content you are using are absolutely safe and secure.

How to Enable Protected Mode?

The protected mode is usually enabled by default. However, it is disabled in Windows 8.1 by default but can be enabled from the Tools menu in the Internet Explorer.

Read Also:  What is Full HD (FHD) Display? Works, Pros, Cons & More

If it is not, then you can specify the settings from the advanced properties with the preference set to Enhanced.

Before you make changes in the settings, you should first check the status to find out whether or not the protected mode is enabled. The steps to follow for that are:

If you find that it is not enabled, then you must first take some preparatory steps and then make the changes.

Before switching to protected mode, these are the things you should do:

Now to specify the settings, you should follow these steps:

It might take some time for the changes to take effect when you start the app next time. However, you can click on View Log to open the log file and check.

What Features Become Available in Protected Mode?

In the protected mode, the system software will be able to use specific features such as paging, virtual memory and multitasking.

Also, enabling protected mode will unleash the real power of the CPU, operating system and the software.

The CPU is typically initialized in the real mode by the Basic Input Output System or BIOS. When the protected mode is enabled, the power of the CPU will be enhanced significantly.

However, it will not allow using most of the BIOS interrupts because they typically work in real mode.

This mode also enables the software to use its privilege levels since it will be given different ring values such as 0, 1, 2, or 3. The different ring values give different permissions to the program. For example:

The operating system also has enhanced control in protected mode over all the apps running on the system. This control allows it to shut down or delegate a process that is unsafe to run.

This specific mode also enhances memory usage abilities of programs with the use of paging resources.

It allows using more memory by the applications than what is physically available to them.

It also keeps the virtual memory segments secure with firewalls and with the access to these areas restricted by the system.

Protected mode makes the space available in virtual memory and paging files available for allocation by removing processes from the physical memory to the virtual memory paging files on the hard drive.

This increases the processing time of the CPU as well as augments security since a separate and reserved space is created to be accessed only by the application and not by all other resources of the system.

In the protected mode, multitasking is another major benefit offered with the use of call gates, permission rings, and task state segments.

This gives priority to particular processes and operations and the level of priority controls the amount of processor time to be given to the function of a specific process or app.

Where is Protected Mode Status Available?

The status of protected mode is available under the Advanced tab in the Properties section of the File option.


Protected Mode or Enhanced Protected Mode is a useful feature that guards the computer from malicious software.

It prevents harmful activities and potentially unsafe web content from accessing your system and therefore prevents viruses, adware and spyware. So, it is unwise to disable this protective shield.