Windows XP Startup Process detailed

Source: Internet
Author: User
Tags win32 intel pentium
Windows XP Startup process detailed 2007-05-24 04:16

We deal with Windows every day, and many people may face multiple Windows startup processes every day, but do you know what secrets are hidden behind Windows ' startup process? What important system files are used in this series of procedures. The startup of the system is divided into several steps. What's going on in the computer during these steps. These are the things that this article is trying to tell you.

The application scope of this article

With the development of technology, we can see more and more kinds of computer hardware. With the most important component CPUs on the computer, there are many options available. Of course, the choice here is not to say that AMD or Intel is the product brand, but rather the internal architecture. The most common CPU architectures are based on complex instruction sets (Complex instruction set Computing,cisc) or reduced instruction sets (reduced instruction set Computing,risc). Our commonly used Intel Pentium, Celeron series and AMD Athlon, Sempron series are based on complex instruction sets, and these CPUs based on the complex instruction set also have 32-bit and 64-bit register data bandwidth differences. The content of these instruction sets and the difference between the register data bandwidth is very complicated, and is not the focus of this article, interested friends can search the relevant content on the Internet. Because of the different CPU types, there are some small differences in the startup process of Windows running on different CPU systems. This article will present you with the most common example of the 32-bit Windows XP Professional installed on the x86 architecture system.

If NTLDR detects that multiple hardware profiles have been created in the system, it will then display all available profile lists for users to choose from. In fact, this is similar to the choice of operating system, regardless of whether there are many configuration files in the system, NTLDR will do this step, but only if you do detect multiple hardware profiles will display the file list. Load Kernel phase

At this stage, NTLDR will load the Windows XP kernel file: Ntoskrnl.exe, but this is only loaded and the kernel is not initialized at this time. The hardware abstraction layer (Hal.dll) is then loaded.

The hardware abstraction layer is actually a program running in memory, a program that bridges the Windows XP kernel and the physical hardware. Normally, operating systems and applications cannot deal directly with physical hardware, only the Windows kernel and a few kernel-mode system services can interact directly with the hardware. Most other system services and applications, if they want to interact with the hardware, must be done through the hardware abstraction layer.

Small knowledge: Why use the hardware abstraction layer

The hardware abstraction layer is used for two main reasons: 1, ignoring invalid or even faulty hardware calls. Without a hardware abstraction layer, any calls or even errors that occur on the hardware will be fed back to the operating system, which may cause the system to become unstable. The hardware abstraction layer, like a filter that works between the physical hardware and the operating system kernel, filters out all calls and errors that can be considered harmful to the operating system, thus directly improving the stability of the system; 2. Translation between multiple platforms. This can be cited as an example of an image where each physical hardware uses a different language, and each operating system component or application uses the same language, and communication between different physical hardware and systems can be confusing and inefficient. If you have a hardware abstraction layer, it is equal to a translation between the software and hardware, the translator understands all the hardware language and will convey the hardware words to the operating system or software in a language that can be understood by systems or software. Through this mechanism, the support of the operating system to hardware can be greatly improved.

After the hardware abstraction layer is loaded, the Hkey_local_machinesystem registry key is then loaded into the kernel. NTLDR determines which control set registry keys are to be loaded according to the contents of the loaded Select key (Figure 2), which determines which device drivers will then be loaded and which services are started. When the contents of these registry keys are loaded, the system will enter the initialization kernel phase, at which point Ntldr will give control of the system to the operating system kernel.

Initializing kernel phase

When you enter this stage, the Windows XP logo is displayed on the computer screen, and a scrolling progress bar is displayed, which may scroll several loops (Figure 3). From this step we can get a visual impression from the start of the screen Team System. These four tasks are primarily accomplished during this phase: creating the Hardware registry key, copying the control set registry key, loading and initializing device drivers, and starting the service.

Basically, the operating system boot process starts after the computer power Self-Test completes, and this process can be subdivided into five stages, such as pre-boot, boot, load kernel, initialize kernel, and login.

Before you continue reading, please note Figure 1, which is the Windows XP operating system structure, which includes some components that work in the background and programs that often interact with us. Before you know the startup process for Windows XP, it is important to have a preliminary concept of the system structure.

Pre-boot phase

When we turn on the computer, the pre boot process starts running. In this process, the computer hardware first completes the Power self-test (power-on self test,post), which detects the hardware of the processor, memory, and so on that is installed in the computer, and continues the following procedure if everything is OK.

If your computer BIOS (some of the programs that are in the chip on your computer's motherboard) supports Plug and Play (basically, computers and hardware that can be purchased at this stage are supported by this standard, and all hardware devices are automatically identified and configured, and the computer will then locate the boot device (for example, the first hard drive , the boot order of the device can be modified in the computer's BIOS setup, and the Master boot record (master boot record,mbr) is read and run from the boot device. At this point, the pre-boot phase completes successfully. Boot phase

The boot phase can be divided into: initialization boot loader, operating system selection, hardware detection, hardware configuration file selection of the four steps. The files that need to be used in this process include: Ntldr, Boot.ini, Ntdetect.com, Ntoskrnl.exe, Ntbootdd.sys, Bootsect.dos (not required).

Initializing boot loader

At this stage, the first exit is NTLDR, which switches the processor from real mode to 32-bit flat memory mode (32-bit Flat Memory mode). The main reason for not using real mode is that in real mode, the first 640 KB in memory is reserved for MS-DOS, while the remaining memory is used as extended memory so that Windows XP will not be able to use all of the physical memory. and 32-bit flat memory mode is much better, Windows XP itself will be able to use all the memory installed on the computer (in fact, can only use up to 2 GB, this is a 32-bit operating system design defects.) The problem with large memory is that it is not related to the content of this article, so there is no chance of writing it separately in the future.

Next, NTLDR will look for a miniature file system drive from the system. As you know, DOS and Windows 9x operating systems are unable to read and write to NTFS file system partitions, so why does Windows XP installer read and write to NTFS partitions. In fact, this is the micro-file system driven by the credit. Only after this driver is loaded can NTLDR find the partition on your hard disk that is formatted as NTFS or FAT/FAT32 file system. If this drive is damaged, even if there are partitions on your hard drive, NTLDR will not recognize it.

After reading the file system driver and successfully locating the partitions on the hard drive, the boot loader initialization process is complete, and then we proceed to the next step.

Operating System Selection

This step is not necessary and will only appear if you have more than one Windows operating system installed on your computer. However, regardless of how many windows are installed on your computer, this step is run as designed by the computer during startup, and only when you do have multiple systems installed will the system display a list that allows you to select the system you want to boot. But if you have only one system, the bootstrapper will go straight to the next stage after you have judged it.

If you already have more than one Windows operating system installed (which generally refers to newer systems such as Windows 2000/xp/2003, excluding Windows 9x systems), all records are saved in a file named Boot.ini in the system's packing directory. The NTLDR program reads the Boot.ini file from the hard disk after the initialization is completed, and according to its contents, installs several Windows on the computer, which are installed on the first partition of the first few hard drives. If only one is installed, skip this step directly. However, if more than one is installed, NTLDR displays an operating system selection list based on the records in the file and lasts 30 seconds by default. As soon as you make a choice, NTLDR will automatically start loading the selected system. If you do not have a choice, the NTLDR will start loading the default operating system after 30 seconds. This step of the operating system selection has been completed successfully.

Small knowledge: What is the difference between the system disk and the boot disk (boot Volume)? Volume

This is two very easy to confuse concept, because according to Microsoft's definition of these two nouns, it is easy to misleading. According to Microsoft's definition, the system disk refers to the files that have been saved for booting Windows (as we have already made clear, these files refer to the hard disk partitions/volumes of NTLDR, Boot.ini, etc.), and the boot disk is the hard disk partition/volume that holds the Windows system files. If there is only one operating system, we usually install it on the first primary partition of the first physical hard disk (usually recognized as C disk), then the system disk and boot disk belong to the same partition. However, if you install your Windows to a different partition, for example, in D, the system disk is still your C disk (because although Windows is installed to a different disk, the files used by the boot system will still be saved in the root of C disk), but your boot disk will turn into a D disk. Oddly enough, the partition that holds the required files for the boot system is called the "system disk," and instead the partition that holds the operating system file is called the "boot Disk", just upside down. But that's what Microsoft does.

Hardware detection

In this process, the main need to use Ntdetect.com and NTLDR. After we selected the Windows system we wanted to load in the previous operating system selection phase, Ntdetect.com first gather all the hardware information that is installed on the current computer, and then hand it to NTLDR (the table's information is later used to create the key to the hardware in the registry). The types of hardware that need to be collected here include: Bus/adapter Type, video card, communication port, serial port, floating-point operator (CPU), Removable Storage, keyboard, indicator (mouse). At this point, the hardware detection operation has completed successfully.

Configuration file Selection

This step is also not necessary. This step is only required when multiple hardware profiles are created in a computer (often used in a portable computer).

Little knowledge: What is a hardware profile. Why do you use it?

This feature is more suitable for notebook users. If you have a laptop that is primarily used in your office and home, you may use a network card to connect it to your company's local area network when you are in the office, and the company uses a DHCP server to assign IP addresses to clients, but when you get home, you don't have a DHCP server. When you start the system, it will take a long time to find the Non-existent DHCP server, which will prolong the system startup time. In this case, you can use different hardware profiles in your office and home, and we can decide which hardware to use in a profile and what hardware to use in a configuration file. For example, we can create separate profiles for laptops at home and in the office, and the network card will be disabled in the home configuration file. In this way, the home after the use of the configuration file, the system will be started to disable the network card directly, but also to avoid looking for a non-existent DHCP server to extend the system start time.

Create hardware registry keys

To first create the hardware key in the registry, the Windows kernel uses the hardware information gathered in the previous hardware detection phase to create the Hkey_local_machinehardware key, which means that the contents of the key in the registry are not fixed. Instead, it is updated dynamically based on the hardware configuration in the current system.

Copying the control Set registry key

If the hardware registry key is created successfully, the system kernel creates a backup of the contents of the control set key. This backup will be used for the "Last Known Good Configuration" option in the advanced Boot menu of the system. For example, if we install a new video card driver, the system has crashed after the hardware registry key has not been created after restarting the system, and if the last Known Good Configuration option is selected, the system will automatically use the previous control The backup content of the Set registry key regenerates the hardware key so that you can undo the changes that were made to the system by installing a new video card driver.

Load and initialize device drivers

In this phase, the operating system kernel first initializes the underlying device drivers that were loaded in the kernel phase before loading, and then the kernel Hkey_local_ the registry Machinesystemcurrentcontrolsetservices to find all device drivers with the start key value of "1" (Figure 4). These device drivers will be initialized immediately after loading, and if any errors occur in this process, the system kernel will automatically be processed according to the value of the device-driven "ErrorControl" key. The "ErrorControl" key has a total of four key values, each with the following meanings:

0, ignore, continue booting, do not display error messages.

1, normal, continue booting, display error message.

2, resume, stop booting, and reboot the system with the last Known Good Configuration option. This error is ignored if there is still an error.

3, critical, stop booting, reboot the system with the last Known Good Configuration option. If the error persists, the boot is stopped and an error message is displayed.

Start a service

Once the system kernel is successfully loaded and all of the underlying device drivers are successfully initialized, the session Manager starts to start the high-level subsystem and service and then initiates the WIN32 subsystem. The role of the WIN32 subsystem is to control all input/output devices and access display devices. When all of this is done, the graphical interface of Windows can be displayed, and we will also be able to use the keyboard and other I/O devices.

The session manager then starts the Winlogon process, so that the initialization kernel phase has completed successfully, and the user can begin logging in. Logon phase

At this stage, the Winlogon.exe process, initiated by the session manager, will start the Local Security Authority (Authority,lsass.exe) subsystem. After this step, the Windows XP Welcome interface (Figure 5) or the login interface will be displayed, which is where you can successfully log in. At the same time, however, the startup of the system has not been completely completed, and the background may still be loading some non-critical device drivers.

The system then scans the Hkey_local_machinesystemcurrentcontrolsetservices registry key again (remember that the first scan was done at the start of the step). And look for all the start keys with a value of "2" or a larger number of services. These services are non-critical services, and the system does not start loading these services until the user successfully logs on.

Little knowledge: Why Windows XP starts faster than Windows 2000

Windows 2000 may start at the slowest rate in all Windows operating systems today, not because the computer hardware is not performing enough, but because the Windows 2000 design is "congenitally deficient." To make up for this, Microsoft has come up with a new way to develop Windows XP, which is that all of the less important device drivers and services will be loaded and run after the user logs on to the system. In other words, in the system startup process, loading and running of the program are all necessary to run the system, so as to use the shortest time to display the login interface for users to log in. When the user logs on, the system starts loading non-critical components. It can be said that the speed of Windows XP startup is actually an "opportunistic" approach, but this practice is indeed quite effective. However, this design also brings some problems, such as some friends reflect why their own system has been successfully logged on, but it will be several minutes before the desktop to display the taskbar and desktop icons and so on. In fact, this is because the system is busy dealing with unimportant services and components during the waiting minutes. This behavior can occur if there is too much to deal with, or if the computer's hardware configuration is not strong enough.

Small knowledge: How to control the startup order for Non-critical Services

As you know, non-critical services are loaded only after the user has successfully logged on, so we can control the order in which these services are loaded. This is actually very simple. The start order of the services is also determined by the number of the respective start registry keys and by the dependencies between each service, assuming that service a runs on service B, then service a fails to start successfully until service B is properly started. Assuming that service C's Start key value is 3, and service D's Start key value is 6, then service C will take precedence over service D (the smaller the number, the higher the priority).

Here, the Windows XP startup process is complete.

Http://hi.baidu.com/nxway/blog/item/9658f0510fe03f19377abe5b.html

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.