Windows startup sequence details

This article describes in detail the startup sequence of the windows operating system to facilitate IT practitioners to analyze and solve windows Startup problems.

The windows startup process includes the following phases:

Start self-check phase

In this phase, the BIOS is read, and the memory, CPU, hard disk, keyboard, and other devices perform self-check. At this stage, the screen displays the printed information of self-check.

Screen Display: print information of self-check

 

Initialize the startup phase

In this phase, find the preferred boot device that can be started according to the boot sequence specified by the BIOS, such as the Local disk, CD Driver, and USB device, and then prepare to start the system from these devices.

Screen Display: black screen

 

Boot Loading phase

In this phase, Ntldr is first loaded from the boot partition (such as the C disk), and then Ntldr is configured as follows:

1. Set the memory mode. For x86 processors and 32-bit operating systems, set the memory mode to 32-bit flat memory mode. For 64-bit operating systems and 64-bit processors, set to 64-Bit Memory mode.
2. Start the File System
3. Read the boot. ini file

Screen Display: black screen. If you press F8 or multiple systems, the start option menu is displayed.

 

Hardware phase detection and Configuration

In this phase, check and configure some hardware devices, which are:

• System firmware, such as time and date
• Bus and adapter
• Display Adapter
• Keyboard
• Communication Port
• Disk
• Floppy Disk
• Enter a device (such as a mouse)
• Parallel Port
• Devices running on the ISA bus

Screen Display: black screen

 

Kernel loading phase

 

During kernel loading, Ntldr will first load windows Kernel Ntoskrnl.exe and Hardware Abstraction Layer (HAL ). HAL is somewhat similar to the BSP (Borad support package) in an embedded operating system. This abstraction layer isolates the underlying features of the hardware and provides a unified calling interface for the operating system, when the operating system is transplanted to different hardware, you only need to change the corresponding HAL. Other kernel components do not need to be modified. This is the general design mode of the operating system.

Next, Ntldr reads the driver installed on this MACHINE from HKEY_LOCAL _ MACHINE \ SYSTEM \ CurrentControlSet, and then loads the driver in sequence.

After the driver is loaded, configure the following settings for windows:

1. Create System Environment Variables

2. Start win32.sys, which is the kernel mode of the windows subsystem.

3. Start csrss.exe, which is the user mode part of the windows subsystem.

4. Start winlogon.exe

5. Create a virtual memory page file

6. rename some necessary files (mainly driver files. After the update, you need to change the name before the next restart)

 

Screen Display: displays the windows logo interface and progress bar

 

Logon phase

At this stage, we will do the following:

1. Start all windows Services installed on the machine that need to be automatically started

2. Enable local security authentication Lsass.exe

3. the logon page is displayed.

Screen Display: displays the logon page

 

See the following documents for reference:

Troubleshooting the Startup Process


Author eaglet