We are dealing with windows every day. Many people may even face the Windows Startup Process many times a day. But do you know what secrets are hidden behind the Windows Startup Process? Which important system files are used in this series of processes? What are the steps for starting a system? What happened to the computer in these steps? This article will try to explain the above questions for you. With the development of technology, we can see more and more types of computer hardware. There are many options for CPU, the most important component on the computer. Currently, common CPU architecture is mainly based on complex instruction sets (Complex Instruction Set Computing, CISC ), our commonly used Intel's Pentium, celon series, and AMD's athlon and sempron series Processors are based on complex instruction sets, however, these CPUs based on complex instruction sets have 32-bit and 64-bit register data bandwidth differences. Because of the different CPU types, the startup process of Windows systems running in different CPU Systems is also slightly different. This article will introduce you to the 32-bit Windows XP Professional installed on the X86 architecture. Basically, the operating system boot process starts after the computer power-on self-check is completed, and this process can be subdivided into pre-boot, Boot, load kernel, and initialize kernel, and logon.
Before reading more, please note that figure 1 is the operating system structure of Windows XP, which includes components working in the background and programs that often deal with us. Before learning about the Windows XP startup process, it is important to have a preliminary concept of the system structure. Pre-boot phase When we turn on the computer power, the pre-boot process starts to run. In this process, the computer hardware must first complete power-on self-test (post). This step mainly checks the processors, memory, and other hardware installed in the computer, if everything is normal, the following process will continue. If the computer BiOS supports plug-and-play (basically, the computers and hardware that can be purchased at this stage support this standard ), all hardware devices have been automatically identified and configured. The computer will then locate the boot device (for example, the boot sequence of the first hard disk can be modified in the BIOS settings of the computer ), then read and run the Master Boot Record (MBR) from the boot device ). So far, the pre-boot phase has been completed successfully. Guiding phase The boot phase can be further divided into four steps: initialization boot loader, operating system selection, hardware detection, and hardware configuration file selection. During this process, the required files include ntldrw.boot.ini?ntdetect.com=ntoskrnl.exe, ntbootdd. sys, and bootsect. Dos (optional ). Initialize Boot Loader In this phase, ntldr is first introduced, which switches the processor from real mode to 32-bit flat memory mode ). Don't use the main memory of the real mode-because in the real mode, the first 640kb in the memory is reserved for the MS-DOS, and the remaining memory is used as the extended memory, in this way, Windows XP cannot use all the physical memory. In 32-bit flat memory mode, Windows XP itself will be able to use all the memory installed on the computer (in fact, it can only use 2 GB at most, this is a 32-bit operating system design defect ). Next, ntldr will look for a tiny file system driver that comes with the system. As we all know, DOS and Windows 9x operating systems cannot read and write NTFS file system partitions. Why Can Windows XP installer read and write NTFS partitions? In fact, this is the credit of the micro file system driver. Only after the driver is loaded can ntldr find the partition on the hard disk formatted as NTFS or fat/FAT32 file system. If the driver is damaged, ntldr cannot recognize it even if there is a partition on the hard disk. After reading the file system driver and successfully finding the partition on the hard disk, the initialization process of the boot loader is complete. Then we will proceed to the next step. Operating System Selection This step is not required. It only appears when multiple Windows operating systems are installed on the computer. However, no matter how many windows Windows are installed on the computer, this step will be run according to the design during the computer startup process, but only when multiple systems are installed, the system displays a list for you to select the system to boot. If multiple Windows operating systems have been installed, all the records will be saved in the file boot. ini under the root directory of the system disk. The ntldr program reads boot from the hard disk after completing initialization. INI file, and determine the number of windows installed on the computer based on the content, they are installed on the first partition of the hard disk. If only one is installed, skip this step. If multiple operating systems are installed, ntldr displays an OS selection list based on the records in the file, and lasts for 30 seconds by default. If you do not select one, ntldr starts to load to the default Operating System in 30 seconds. This step has been successfully selected for the operating system. Knowledge: system volume and boot volume) These two concepts are easy to confuse. According to Microsoft's definition, the system disk stores the files used to Boot Windows (according to the previous introduction, we have already confirmed that these files refer to ntldr and boot. INI), and the boot disk is the hard disk partition/volume that saves Windows system files. If there is only one operating system, we usually install it on the first primary partition of the first physical hard disk (usually recognized as a drive C, the system disk and boot disk belong to the same partition. However, if windows is installed in another partition, such as drive D, the system disk is still a drive C (because Windows is installed on another disk, however, the files used by the boot system will still be stored in the root directory of drive C), but your boot disk will become a drive D. It is hard to understand that the partition that saves the file required by the boot system is called the "System Disk", and the partition that saves the operating system file is called the "boot disk", which is defined by Microsoft. Hardware Detection Ntdetect.com and ntldr are mainly used in this process. After selecting the Windows system to be loaded in the previous operating system selection phase, ntdetect.com first collects all hardware information installed on the current computer and forms a table, the table is then handed over to ntldr (the table information will be used later to create keys related to hardware in the registry ). The hardware types that need to be collected include: Bus/adapter type, video card, communication port, serial port, floating point memory (CPU), removable memory, keyboard, and indicator device (Mouse ). So far, the hardware detection operation has been completed successfully. Select Configuration File This step is not required. This step is only required when multiple hardware configuration files are created on a computer (usually a laptop. TIPS: hardware configuration files This function is suitable for laptop users. If you have a laptop, which is mainly used in the office and home, you may use a NIC to connect it to the company's LAN in the office. The company uses a DHCP server to assign an IP address to the client; however, after returning home, the DHCP server is absent. When the system is started, the system will take a long time to find the nonexistent DHCP server, which will prolong the start time of the system. In this case, we can use different hardware configuration files in the office and home respectively. We can use the hardware configuration file to determine which hardware is used in a configuration file and which hardware is not used. For example, in the previous example, we can create independent configuration files for the laptop at home and office, and disable the NIC in the home configuration file. In this way, when the home configuration file is used, the NIC will be directly disabled when the system starts, thus avoiding searching for nonexistent DHCP servers to prolong the system startup time. If ntldr detects that multiple hardware configuration files are created in the system, the system displays the list of all available configuration files for users to choose from. This is actually similar to the choice of the operating system. ntldr will perform this operation no matter whether multiple configuration files are created in the system, however, the file list is displayed only when multiple hardware configuration files are detected. Kernel loading stage At this stage, ntldr will load the Windows XP Kernel File ntoskrnl.exe, but here it is only loaded, and the kernel will not be initialized yet. The hardware abstraction layer (Hal. dll) is then loaded ). The hardware abstraction layer is actually a program running in the memory. This program serves as a bridge between the Windows XP kernel and the physical hardware. Under normal circumstances, operating systems and applications cannot directly deal with physical hardware. Only Windows Kernel and a small number of kernel-mode system services can directly interact with hardware. Most other system services and applications must be implemented through the hardware abstraction layer if they want to interact with the hardware. Knowledge: Hardware Abstraction Layer There are two main reasons for using the hardware abstraction layer: first, ignore invalid or even wrong hardware calls. If there is no hardware abstraction layer, all calls or even errors on the hardware will be reported to the operating system, which may cause system instability. The hardware abstraction layer is like a filter between the physical hardware and the operating system kernel. It can filter out all calls and errors that are considered harmful to the operating system, this directly improves the system stability. Second, the conversion between multiple platforms is simplified. This example can be used to list an image. Assume that each physical hardware uses a different language, and each operating system component or application uses the same language, communication between different physical hardware and systems will be chaotic and inefficient. If a hardware abstraction layer is configured, an interpreter is arranged between the hardware and software. The Interpreter understands all the hardware languages, it will convey the hardware statement in a language that can be understood by the system or software to the operating system and software. Through this mechanism, the hardware support of the operating system can be greatly improved. After the hardware abstraction layer is loaded, the HKEY_LOCAL_MACHINE/system registry key to be loaded by the kernel. Ntldr determines the control set registry key to be loaded next based on the content of the loaded select key (Figure 2), which determines which device drivers or services the system will then load. After the contents of these registry keys are loaded, the system will enter the initialization kernel stage. At this time, ntldr will give control of the system to the operating system kernel. Initialize the kernel At this stage, the Windows XP icon is displayed on the computer screen and a rolling progress bar is displayed, this progress bar may be rolled several times (Figure 3 ). Starting from this step, we can have an intuitive impression on the system startup from the screen. In this phase, four tasks are completed: Create the hardware registry key, copy the control set registry key, load and initialize the device driver, and start the service.
Create a hardware registry key First, create the hardware key in the registry. The Windows kernel uses the hardware information collected in the previous hardware detection phase to create the HKEY_LOCAL_MACHINE/hardware key. That is to say, the content of the key in the registry is not fixed, but will be dynamically updated according to the current hardware configuration in the system. Copy the control set registry key If the hardware registry key is successfully created, the system kernel creates a backup for the content of the control set key. This backup will be used in the "Last correct configuration" option in the Advanced Startup menu of the system. For example, if we have installed a new video card driver and the hardware registry key has not been created successfully after the system is restarted, the system crashes. If we select the "Last correct configuration" option, the system will automatically use the backup content of the last control set registry key to regenerate the hardware key, so that you can cancel the previous changes to the system settings because a new video card driver is installed. Load and initialize the device driver In this phase, the operating system kernel first initializes the underlying device driver loaded in the previous kernel loading phase, then, the kernel searches for all device drivers with the START key "1" under the HKEY_LOCAL_MACHINE/system/CurrentControlSet/services key in the registry (figure 4 ).
These device drivers will be initialized immediately after loading. If any errors occur during this process, the system kernel automatically processes the data based on the value of the device-driven "errorcontrol" key. The "errorcontrol" Key has four types of key values, which have the following meanings: 0 ignore, continue to boot, no error message is displayed. 1. Normal. Continue to boot. The error message is displayed. 2. Recover and stop the boot. Use the "Last correct configuration" option to restart the system. If an error persists, the error is ignored. 3. If the boot is serious, stop the boot and use the "Last correct configuration" option to restart the system. If an error persists, the boot is stopped and an error message is displayed. Start the service After the system kernel is successfully loaded and all underlying device drivers are initialized, the session manager starts the high-level subsystems and services, and then starts the Win32 subsystem. The Win32 subsystem controls all input/output devices and access display devices. After all these operations are completed, the Windows GUI is displayed, and the keyboard and other I/O devices are also available. Next, the session manager starts the Winlogon process. At this point, the kernel initialization phase has been completed successfully. At this time, the user can start logging on. Logon phase In this stage, the winlogon.exe process started by the Session Manager starts the local security authorization (lsass.exe) subsystem. After this step, the screen will display windows XP's Huan-interface (figure 5) or the logon interface. At this time, you have logged on successfully. However, at the same time, the system has not been fully started, and some non-critical device drivers may still be loaded in the background.
Then the system will scan the HKEY_LOCAL_MACHINE/system/CurrentControlSet/services registry key again, and find the service where the value of all start keys is "2" or a larger number. These services are non-critical services. The system starts to load these services until the user successfully logs in. By now, the Windows XP startup process is complete. TIPS: Why does Windows XP start faster than Windows 2000? In all Windows operating systems, the startup speed of Windows 2000 may be the slowest, not because of the poor performance of computer hardware, but because of the inherent design of Windows 2000 ". To make up for this deficiency, Microsoft came up with a new method when developing Windows XP, that is, all unimportant device drivers and services will be loaded and run only after the user logs on to the system. That is to say, during system startup, all the programs loaded and run are required to run the system, so that the logon interface can be displayed in the shortest time for users to log on. After a user logs on, the system starts to load non-key components. It can be said that the speed of Windows XP startup is actually a "opportunistic" approach, but this approach is indeed quite effective. However, this design also brings about some problems, such as some friends who reflect why their systems have been renewed-successfully logged on, however, after several minutes, the taskbar and desktop icons will be displayed on the desktop. In fact, this is because the system is busy processing unimportant services and components during the waiting few minutes. If you need to process too much content or the computer's hardware configuration is not powerful enough, this may happen. □ |