protectedmode

Protected mode is an operating mode of x86-compatible CPUs that provides hardware-enforced memory protection, privilege levels, and extended addressing. It was introduced with the Intel 80286 and expanded in the 80386 to support 32-bit addressing and paging. In protected mode, memory is managed through segmentation using descriptors stored in the Global Descriptor Table (GDT) or Local Descriptor Tables (LDT). Each descriptor defines a segment’s base address, size (limit), and access rights. Programs access memory via segment selectors, and the CPU enforces protection by checking these rights on every access, enabling isolation between processes and preventing arbitrary code from tampering with kernel or other processes.

Privilege levels, known as rings, range from 0 (most privileged) to 3 (least privileged). This mechanism supports

Transition into protected mode requires configuring a Global Descriptor Table, loading it with the LGDT instruction,