Windows startup process details

Source: Internet
Author: User
Tags intel pentium
We are dealing with windows every day. Many people may face the Windows startup process multiple times every day. But do you know the secrets behind the Windows Startup Process? Which important system files are used in this series of processes? What are the steps for starting a system? What happened to the computer in these steps? These are what this article tries to tell you. Applicability of this ArticleWith the development of technology, we can see more and more types of computer hardware. There are many options for CPU, the most important component on the computer. Of course, the choice here is not about AMD or intel, but about its internal architecture. Currently, common CPU architecture is mainly based on complex instruction sets (Complex Instruction Set Computing, CISC ), our commonly used Intel Pentium, celon series and AMD athlon and sempron series are based on complex instruction sets, however, these CPU Based on complex instruction sets have 32-bit and 64-bit register data bandwidth differences. The differences between these instruction sets and register data bandwidth are complicated and not the focus of this Article. Interested friends can search for related content on the Internet. Because of the different CPU types, Windows Startup processes running in different CPU systems are also slightly different. This article will introduce you to the 32-bit Windows XP Professional installed on the X86 architecture. Basically, the operating system boot process starts after the computer power-on self-check is completed, and this process can be subdivided into pre-boot, Boot, load kernel, and initialize kernel, and logon. Before reading more, please note that figure 1 is the operating system structure of Windows XP, which includes components working in the background and programs that often deal with us. Before learning about the Windows XP startup process, it is important to have a preliminary concept of the system structure.


Pre-boot phaseWhen we turn on the computer power, the pre-boot process starts to run. In this process, the computer hardware must first complete power-on self-test (post). This step mainly checks the processors, memory, and other hardware installed in the computer, if everything is normal, the following process will continue. If your computer BIOS (some programs solidified on the computer motherboard chip) supports plug-and-play (basically, the computers and hardware that can be purchased at this stage support this standard, and all hardware devices have been automatically identified and configured, next, the computer will locate the boot device (for example, the boot sequence of the first hard disk can be modified in the BIOS settings of the computer ), then read and run the Master Boot Record (MBR) from the boot device ). So far, the pre-boot phase has been completed successfully. Guiding phaseThe boot phase can be further divided into four steps: initialization boot loader, operating system selection, hardware detection, and hardware configuration file selection. During this process, the required files include ntldrw.boot.ini?ntdetect.com=ntoskrnl.exe, ntbootdd. sys, and bootsect. Dos (optional ). Initialize Boot LoaderIn this phase, ntldr is first introduced, which switches the processor from real mode to 32-bit flat memory mode ). The main reason for not using the real mode is that in the real mode, the first 640 kb in the memory is reserved for the MS-DOS, and the remaining memory is used as the extended memory, in this way, Windows XP cannot use all the physical memory. In 32-bit flat memory mode, Windows XP itself will be able to use all the memory installed on the computer (in fact, it can only use 2 GB at most, which is a design defect of the 32-bit operating system. The problem about large memory is not related to the content in this article, so it is not shown here, so I will have the opportunity to write an article separately in the future ). Next, ntldr will look for a tiny file system driver that comes with the system. As we all know, the DOS and Windows 9x operating systems cannot read and write the partition of the NTFS file system. Why can the Windows XP installer read and write the NTFS partition? In fact, this is the credit of the micro file system driver. Only after this driver is loaded can ntldr find the partition that is formatted as NTFS or fat/FAT32 File System on your hard disk. If the drive is damaged, ntldr cannot recognize it even if there are partitions on your hard disk. After reading the file system driver and successfully finding the partition on the hard disk, the initialization process of the boot loader is complete, and then we will proceed to the next step. Operating System SelectionThis step is not required. It only appears when multiple Windows operating systems are installed on your computer. However, no matter how many windows Windows are installed on your computer, this step will be run according to the design during the computer startup process. Only when multiple systems are installed, the system displays a list, allowing you to select the system you want to boot. However, if you only have one system, the pilot program enters the next stage after judgment. If you have installed Multiple Windows operating systems (Windows 2000, XP, and 2003 newer systems, excluding Windows 9x ), all records will be stored in the system disk root directory named Boot. INI file. The ntldr program reads boot from the hard disk after completing initialization. INI file, and determine the number of windows installed on the computer based on the content, they are installed on the first partition of the hard disk. If only one is installed, skip this step. If multiple operating systems are installed, ntldr displays an OS selection list based on the records in the file, and lasts for 30 seconds by default. As long as you make the selection, ntldr will automatically start to load the selected system. If not selected, ntldr starts to load to the default Operating System in 30 seconds. This step has been successfully selected for the operating system. TIPS: What is the difference between system volume and boot volume?
These two concepts are easy to confuse, because Microsoft's definition of these two terms is easy to misunderstand. According to Microsoft's definition, the system disk stores the files used to Boot Windows. (According to the previous introduction, we have made it clear that these files refer to ntldr and boot. INI), and the boot disk is the hard disk partition/volume that saves Windows system files. If there is only one operating system, we usually install it on the first primary partition of the first physical hard disk (usually recognized as a drive C, the system disk and boot disk belong to the same partition. However, if you install windows to another partition, such as drive D, the system disk is still your drive C (because Windows is installed to another disk, however, the files used by the boot system will still be stored in the root directory of drive C), but your boot disk will become a drive D. The strange rule is that the partition that saves the file required by the boot system is called the "System Disk", but the partition that saves the file of the operating system is called the "boot disk", which is exactly reversed. But Microsoft does. Hardware DetectionNtdetect.com and ntldr are mainly used in this process. After selecting the Windows system to be loaded in the previous operating system selection phase, ntdetect.com first collects all hardware information installed on the current computer and forms a table, the table is then handed over to ntldr (the table information will be used later to create keys related to hardware in the registry ). The hardware types that need to be collected include: Bus/adapter type, video card, communication port, serial port, floating point memory (CPU), removable memory, keyboard, and indicator device (Mouse ). So far, the hardware detection operation has been completed successfully. Select Configuration FileThis step is not required. This step is only required when multiple hardware configuration files are created on a computer (usually a laptop. TIPS: What is a hardware configuration file? Why use it?
This function is suitable for laptop users. If you have a laptop, which is mainly used in the office and home, you may use a NIC to connect it to the company's LAN in the office. The company uses a DHCP server to assign an IP address to the client; but after returning home, the DHCP server is absent. When the system is started, the system will spend a long time searching for the nonexistent DHCP server, which will prolong the system startup time. In this case, we can use different hardware configuration files in the office and home respectively. We can use the hardware configuration file to determine which hardware is used in a configuration file and which hardware is not used. For example, in the preceding example, we can create independent configuration files for the laptop at home and office, and disable the NIC in the home configuration file. In this way, when the home configuration file is used, the NIC will be directly disabled when the system starts, thus avoiding searching for nonexistent DHCP servers to prolong the system startup time. If ntldr detects that multiple hardware configuration files are created in the system, the system displays the list of all available configuration files for users to choose from. This is actually similar to the choice of the operating system. ntldr will perform this operation no matter whether multiple configuration files are created in the system, however, the file list is displayed only when multiple hardware configuration files are detected. Kernel loading stageAt this stage, ntldr will load the Windows XP Kernel File ntoskrnl.exe, but here it is only loaded, and the kernel will not be initialized yet. The hardware abstraction layer (Hal. dll) is then loaded ). The hardware abstraction layer is actually a program running in the memory. This program serves as a bridge between the Windows XP kernel and the physical hardware. Under normal circumstances, operating systems and applications cannot directly deal with physical hardware. Only Windows Kernel and a small number of kernel-mode system services can directly interact with hardware. Most other system services and applications must be implemented through the hardware abstraction layer if they want to interact with the hardware. TIPS: Why use the hardware abstraction layer?
There are two main reasons for using the hardware abstraction layer: 1. Ignore invalid or even wrong hardware calls. If there is no hardware abstraction layer, all calls or even errors on the hardware will be reported to the operating system, which may cause system instability. The hardware abstraction layer is like a filter between the physical hardware and the operating system kernel. It can filter out all calls and errors that are considered harmful to the operating system, this directly improves the system stability. 2. Translation between multiple platforms. This can be an example of an image. Assume that each physical hardware uses a different language, and each operating system component or application uses the same language, communication between different physical hardware and systems will be chaotic and inefficient. With the hardware abstraction layer, a translation is arranged between the hardware and software. This translation understands all the hardware languages, it will convey the hardware statement to the operating system and software in a language that can be understood by the system or software. Through this mechanism, the hardware support of the operating system can be greatly improved. After the hardware abstraction layer is loaded, the HKEY_LOCAL_MACHINE \ SYSTEM registry key to be loaded by the kernel. Ntldr determines the control set registry key to be loaded next based on the content of the loaded select key (Figure 2), which determines which device drivers or services the system will then load. After the contents of these registry keys are loaded, the system will enter the initialization kernel stage. At this time, ntldr will give control of the system to the operating system kernel.


Initialize the kernelAt this stage, the Windows XP icon is displayed on the computer screen and a rolling progress bar is displayed, this progress bar may scroll several times (Figure 3 ). Starting from this step, we can have an intuitive impression on the startup of the on-screen team system. In this phase, the four tasks will be completed: creating the hardware registry key, copying the control set registry key, loading and initializing the device driver, and starting the service.


Create a hardware registry keyFirst, create the hardware key in the registry. The Windows kernel uses the hardware information collected in the previous hardware detection phase to create the HKEY_LOCAL_MACHINE \ hardware key, that is, the contents of the key in the registry are not fixed, but are dynamically updated based on the hardware configuration in the current system. Copy the control set registry keyIf the hardware registry key is successfully created, the system kernel creates a backup for the content of the control set key. This backup will be used in the "Last correct configuration" option in the Advanced Startup menu of the system. For example, if we have installed a new video card driver and the hardware registry key has not been created successfully after the system is restarted, the system crashes. If we select the "Last correct configuration" option, the system will automatically use the backup content of the last control set registry key to regenerate the hardware key, so that you can cancel the previous changes to the system settings because a new video card driver is installed. Load and initialize the device driverIn this phase, the operating system kernel first initializes the underlying device driver loaded in the previous kernel loading phase, then, the kernel searches for all device drivers with the START key "1" under the HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services key in the registry (figure 4 ). These device drivers will be initialized immediately after loading. If any errors occur during this process, the system kernel automatically processes the data based on the value of the device-driven "errorcontrol" key. The "errorcontrol" Key has four types of key values, which have the following meanings: 0, ignore, continue booting, and no error message is displayed. 1. Normal. Continue to boot. The error message is displayed. 2. Recover and stop the boot. Use the "Last correct configuration" option to restart the system. If an error persists, the error is ignored. 3. Serious. Stop the boot and use the "Last correct configuration" option to restart the system. If an error persists, the boot is stopped and an error message is displayed.


Start the serviceAfter the system kernel is successfully loaded and all underlying device drivers are initialized, the session manager starts the high-level subsystems and services, and then starts the Win32 subsystem. The Win32 subsystem controls all input/output devices and access display devices. After all these operations are completed, the Windows GUI is displayed, and the keyboard and other I/O devices are also available. Next, the session manager starts the Winlogon process. At this point, the kernel initialization phase has been completed successfully, and the user can start logging on. Logon phaseIn this stage, the winlogon.exe process started by the Session Manager starts the local security authorization (lsass.exe) subsystem. After this step, the Windows XP welcome page (figure 5) or logon page will be displayed. At this time, you can log on smoothly. However, at the same time, the system has not been fully started, and some non-critical device drivers may still be loaded in the background.


Then the system will scan the HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services registry key again (Do you remember that the first scan was at that step of startup ?), And find the service where the value of all start keys is "2" or greater. These services are non-critical services. The system starts to load these services until the user successfully logs in. TIPS: Why does Windows XP start faster than Windows 2000? In all Windows operating systems, Windows 2000 may start at the slowest speed, not because of poor computer hardware performance, but because of the inherent deficiency of the design of Windows 2000 ". To make up for this deficiency, Microsoft came up with a new method when developing Windows XP, that is, all unimportant device drivers and services will be loaded and run only after the user logs on to the system. That is to say, during system startup, all the programs loaded and run are required to run the system, so that the logon interface can be displayed in the shortest time for users to log on. After logging on, the user starts to load non-key components. It can be said that the speed of Windows XP startup is actually a "opportunistic" approach, but this approach is indeed quite effective. However, this design also brings about some problems, such as some friends who reflect why their systems have successfully logged on, but after a few minutes the desktop will display the taskbar, desktop icons, and other content. In fact, this is because the system is busy processing unimportant services and components during the waiting few minutes. If you need to process too much content or the computer's hardware configuration is not powerful enough, this may happen. TIPS: You already know how to control the startup sequence of Non-key services. Non-key services are loaded only after the user logs on successfully. Can we manually control the loading sequence of these services? This is actually very simple. The Service startup sequence is determined by the value of the respective start registry key and the dependency between each service. If service a must run on service B, before service B starts normally, service A cannot be started successfully. Assume that the value of the START key of service C is 3, and the value of the START key of service d is 6, service C will take precedence over service d startup (the smaller the value, the higher the priority ). By now, the Windows XP startup process is complete.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.