Process of starting of Windows NT

The process of starting of Windows NT is the process by which Windows 3.1,3.5,4.0, 2000, XP, and 2003 are initialized.

For Windows Vista (NT 6.0) and the successors, the process is substanciellement different.

Phase of loading to the boot

The phase of the Chargeur of starting depends on the platform concerned. Since the first phases are not technically dependant on the operating system, the process of starting is considered started when:

For X86 and X64: when the code of the sector of starting is carried out in real Mode and charges NTLDR
For Itanium: when the program EFI IA64ldr.efi is carried out

From this point, the process of starting follows the following stages.

Then, NTLDR or IA64ldr load the Core Windows NT and the layer of material abstraction ('' hal.dll '') in memory. If NTLDR or IA64ldr fails to charge these files, a message will indicate that Windows cannot start because the file is corrupted _{En made, In fact, the wording of error ready with confusion: apart from the corruption of one of these 2 files, other errors (temporary or final) can cause this message.}Sur this error message, the process of boot solidifies.

So of multiple hardware configurations are defined in the Register base, a menu is proposed with the user to choose them.

The next task of NTLDR or IA64ldr is to charge (but not to initialize) all the pilots in memory. This information is stored under the tree structure HKey_Local_Machine \ SYSTEM of the register, in a under-tree of the register called ControlSet . Multiples ControlSet are preserved; there are at least two of them: that in progress and the last which allowed a complete boot. HKey_Local_Machine \ SYSTEM contains ControlSet named ControlSet001 , ControlSet002 , etc, like CurrentControlSet . Under normal functioning, Windows uses CurrentControlSet for reading and writing information. CurrentControlSet is a simple reference: to determine which is ControlSet which will be used as current ControlSet, NTLDR or IA64ldr will use the values which are under HKey_Local_Machine \ SYSTEM \ Select :

Default will be the selected value if no other is indicated
If the value of key Failed corresponds to Default , then NTLDR or IA64ldr posts an error message, indicating that the last boot failed, and proposes with the user réessayer or to use the last good known configuration.
If the user chose last good configuration known , the controlSet indicated by LastKnownGood is used instead of Default .

When a ControlSet is chosen, the key Current is positioned to point above. The key Failed is as positioned with the same value as Current until the end of the process of boot. The key LastKnownGood is also positioned with Current if the boot is held completely and successfully.

NTLDR determines which will be the pilots boot-time who will be necessary to the whole beginning of the execution of the core.

NTLDR or IA64ldr passes control to the Windows core. Windows then posts the blue screen which lists the number of processors, the quantity of memory installed, the switch of boot.

See '' Boot.ini '': Switch of the core

Phase of loading of the core Windows

The initialization of the core and the executive subsystem of Windows is done in two phases.

During the first phase, basic structures of the memory are created, and each processor is initialized. The manager of memory is initialized, creating the structures necessary for

the mask of the filesystems
the pools of memory paginated and not-paginated,
the manager of object,
the initial token of safety (see) for the assignment of the first process of the system
the manager of process.

The inactive Process of the system (see) and the manager of the system are created with this stage.

_{NB: The inactive process of the system ( System idle process ) has its equivalent under Unix/Linux: it is about the invisible task which has a PID of 0 and which launches the task Init whose PID is always 1.}

The second phase initializes the pilots who were identified by NTLDR or IA64l as pilot boot-time.

During the loading of these pilots, a bar of progression is posted with the bottom of the screen on Windows 2000; in Windows XP and Windows Server 2003, this bar was replaced by an animated bar which does not represent the progression. This phase is shorter with XP and the posterior versions because the initialization of the pilots is done in parallel, into asynchronous (instead of doing them one by one, ones after the others, into synchronous).

Administrative of session ('' smss.exe '')

Once the pilots of boot and the pilots system were charged, the core (thread system) lance the Session Manager SubSystem ('' smss.exe ''). SMSS is one of the most important components of Windows.

SMSS.exe reads the key BootExecute (in HKLM \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ ). The default value of this key indicates to make a autochk on all the partitions of disc (). More precisely, Autochk assembles all the pilots of storage and checks that they were stopped properly. It is the equivalent of the Fsck of linux.

With this stage, the screen is very different according to the various versions from Windows.

After this stage, smss.exe can open the various files necessary to carry out the following actions:

Creates the variable environment (HKLM \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ Environment: % PATH %, %PATHEXT%, %TEMP%, %TMP%, %WINDIR%, %OS%, %COMSPEC% (see, %NUMBER_OF_PROCESSORS, %PROCESSOR_ARCHITECTURE%, %PROCESSOR_IDENTIFIER%,… etc…
Begins the Win32 subsystem in mode core ( win32k.sys ). That makes it possible Windows to pass in graphic mode.
Creates the files of pagination virtual Memory (the parameters of configuration are in HKLM \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ Memory managment)
Any rename operations queued up are performed. This allows previously in-uses files (e.g drivers) off to Be replaced ace share has reboot.

It launches

the Windows Logon Manager ('' winlogon.exe ''). Winlogon manages the interactive logon (room or distant). Library GINA (see) is charged and used by the process winlogon

If there are several open sessions (i.e. more than one connected user), then SMSS.exe launches each time an additional process winlogon .exe .

Winlogon

See also: Winlogon
to see
the first winlogon.exe lance

the service local safety Lsass.exe (Local Security Authority Subsystem Service)
Spouleur of printer spoolsV.exe

Winlogon carries out the identification and the authentification of a user via

the service lsass.exe
a library GINA (conceived for the authentification and the identification), to see. The majority of the users make use of library GINA provided by Microsoft, by defect.

If the user is identified and authenticated, then

Lancement of userinit.exe
Lancement of Shell of the user (by defect, it is the Explorateur Windows ('' explorer.exe '')

So more than one session is open (i.e. several users connected at the same time), then there will be several

winlogon.exe (1 per connected user)
csrss.exe (1 per connected user)

Logon Phase

to see
#HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Runonce
#HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ Exploring \ Run
#HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
#HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows \ Run
#HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
#HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce
# All Users ProfilePath \ Small Start \ Programs \ Startup \ (On an anglophone version of Windows)
# Current To use ProfilePath \ Small Start \ Programs \ Startup \ (On an anglophone version of Windows)

Remote installation and boot

service BINL ( Boot Negotiation Information To bush-hammer ) allows the remote installation of Windows for computers equipped with chart (S) network PXE (Preboot Execution Environment).

See too

See Description off PXE Interaction Among PXE Customer, DHCP, and LAUGH Server

Additional information

HKEY_Local_Machine \ HARDWARE

to see

See too

Starting of DOS

External bonds

Process of starting of Windows XP
the process of starting under Windows 2000 by the Godfather
The Boot Process - has visual representation off the Windows XP boot process
Definition off the RunOnce Keys

Random links: