FACTOID # 20: Statistically, Delaware bears more cost of the US Military than any other state.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
   
 
WHAT'S NEW
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > Windows NT startup process

The Windows NT Startup Process is the process by which Microsoft's Windows NT, Windows 2000, Windows XP and Windows Server 2003 operating systems initialize. Microsoft Corporation (NASDAQ: MSFT, SEHK: 4338) is an international computer technology corporation with 2005 global annual sales of US$39. ... Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. ... Windows 2000 (also referred to as Win2K or W2K) is a preemptible and interruptible, graphical, business-oriented operating system that was designed to work with either uniprocessor or symmetric multi-processor (SMP) 32-bit Intel x86 computers. ... Windows XP is the name of a line of operating systems developed by Microsoft for use on general-purpose computer systems, including home and business desktops, notebook computers, and media centers. ... Windows Server 2003 is the name of Microsofts line of server operating systems. ... An operating system (OS) is an essential software program that manages the hardware and software resources of a computer. ...


In Windows Vista, this process has changed significantly. Windows Vista is the next major version of Microsoft Windows, the proprietary operating system developed by Microsoft. ...

Contents


Initial Startup Phase

For more details on this topic, see Booting.

After the computer is turned on, but before the Windows startup process begins, the computer executes a Power-on self-test (POST), which does an initial check of the computer's hardware. If this process finishes without trouble, control is passed to the hard disk's boot sector, which is the MBR and the code inside it looks for the system partition, and then executes its boot sector, which, in Windows NT-based operating systems, loads NTLDR and then starts executing code in it.[1] It has been suggested that System partition and boot partition be merged into this article or section. ... Power-on self-test (POST) is the common term for a computers or printers pre-boot sequence. ... The master boot record (MBR), also the partition sector, in IBM PC architecture, is the 512-byte (1/2 kilobyte) boot sector, i. ... Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. ... An NTLDR boot menu. ...


Boot Loader Phase

For more details on this topic, see NTLDR.

When control is first passed to NTLDR, the CPU is operating in real mode. NTLDR's first action is to switch the processor into protected mode, which facilitates 32-bit memory access, thus allowing it to create the initial page tables and enable paging. This provides the basic operating environment on which the rest of the boot loader, and later the operating system, build. An NTLDR boot menu. ... CPU can stand for: in computing: Central processing unit in journalism: Commonwealth Press Union in law enforcement: Crime prevention unit in software: Critical patch update, a type of software patch distributed by Oracle Corporation in Macleans College is often known as Ash Lim. ... Real mode (also called real address mode in Intels manuals) is an operating mode of 80286 and later x86-compatible CPUs. ... Protected mode is an operational mode of x86-compatible CPUs of the 80286 series or later. ... 32-bit is a term applied to processors, and computer architectures which manipulate the address and data in 32-bit chunks. ... Relationship between pages addressed by virtual addresses and the frames in physical memory, within a simple address space scheme. ... In computer operating systems, paging memory allocation algorithms divide computer memory into small partitions, and allocates memory using a page as the smallest building block. ...


NTLDR includes basic functionality to access IDE-based disks formatted for NTFS or FAT file systems, which are provided by the system BIOS. If, however, the boot disk is a SCSI disk and cannot be accessed using the BIOS's firmware support, an additional file, Ntbootdd.sys is loaded to handle disk access instead of using the boot loader's internal routines. This is a copy of the same SCSI miniport driver that is used when Windows is running. The boot loader then reads the contents of boot.ini to locate information on the system volume. ATA cables: 40 wire ribbon cable top, 80 wire ribbon cable bottom Advanced Technology Attachment (ATA) is a standard interface for connecting storage devices such as hard disks and CD-ROM drives inside personal computers. ... NTFS or New Technology File System is the standard file system of Windows NT and its descendants: Windows 2000, Windows XP and Windows Server 2003. ... File Allocation Table (FAT) is a patented file system developed by Microsoft for MS-DOS and is the primary file system for consumer versions of Microsoft Windows up to and including Windows Me. ... SCSI stands for Small Computer System Interface, and is a standard interface and command set for transferring data between devices on both internal and external computer buses. ... A type of hardware-driver, part of the Windows Driver Model. ... An NTLDR boot menu. ...


At this point, the screen is cleared, and the root directory default volume as defined in boot.ini is searched for hiberfil.sys. If this file is found, the contents of the file (which will match the amount of physical memory in the machine) are loaded into memory, and control is transfered into the Windows kernel at the point where hibernation can be resumed from[2]. If boot.ini contains more than one entry for an operating system, a boot menu is displayed to the user, allowing the user to choose which operating system is to be loaded. If a non NT-based operating system such as Windows 98 is selected (specified by an MS-DOS style of path, e.g. C:), then NTLDR loads the associated "boot sector" file listed in boot.ini (by default, this is bootsect.dos if no file name is specified) and passes execution control to it. Windows 98 (codename Memphis) is a graphical operating system released on June 25, 1998 by Microsoft. ... Microsofts disk operating system, MS-DOS, was Microsofts implementation of DOS, which was the first popular operating system for the IBM PC, and until recently, was widely used on the PC compatible platform. ...


If an NT-based operating system is selected, NTLDR runs ntdetect.com, which gathers basic information about the computer's hardware as reported by the BIOS. ntdetect. ...


At this point in the boot process, NTLDR clears the screen and displays an empty progress bar. Windows XP and Windows Server 2003 switch into a graphical display mode to display the Windows logo, whereas Windows 2000 displays a simple text bar along the bottom of the screen, accompanied by the words "Starting Windows..." If the user presses F8, the advanced boot menu is displayed, where the user can choose to start Windows in Safe mode, or with the Last Known Good Configuration, or with debugging enabled. Some editions of Windows offer other options such as Directory Services Restore Mode. Safe Mode is a special diagnostic mode used by certain computer operating systems (Windows, Mac OS X) and other complex electronic devices. ...


Once a boot mode has been selected, or if F8 was not pressed, booting continues. If an x64 version of Windows is being booted (Windows XP Professional x64 Edition or Windows Server 2003 x64 Editions), the CPU is switched into Long mode, thus enabling 64-bit addressing. x64 is Microsoft Corporations marketing designation for the Advanced Micro Devices AMD64 and Intel EM64T 64-bit Instruction Set Extensions to the x86 architecture, which were substantially similar as of 2004. ... Microsoft Windows XP Professional x64 Edition released on April 25, 2005 by Microsoft is a variation of the typical 32-bit Windows XP operating system for x86 personal computers. ... In the x86-64 CPU architecture Long mode, is the mode where an application (or operating system) can access the 64-bit instructions and registers, while 32-bit programs are executed in a compatibility mode. ... In computing, a 64-bit component is one in which data are processed or stored in 64-bit units (words). ...


NTLDR then loads the Windows kernel (Ntoskrnl.exe) and the Hardware Abstraction Layer (hal.dll) into memory. If NTLDR fails to load either file, the message "Windows could not start because the following file was missing or corrupt" is displayed to the user, and the boot process comes to a halt. A hardware abstraction layer (HAL) is an abstraction layer between the physical hardware of a computer and the software that runs on that computer. ... Hal. ...


If multiple hardware configurations are defined in the registry, the user is prompted at this point to choose one.


NTLDR's next task is to load (but not initialize) all boot-time device drivers into memory. This information (along with information on all detected hardware and Windows Services) is stored in the HKLMSYSTEM portion of the registry, in a set of registry keys collectively called a Control Set. Multiple control sets (typically two) are kept, in the event that the settings contained in the currently-used one prohibit the system from booting. HKLMSYSTEM contains control sets labeled ControlSet001, ControlSet002, etc., as well as CurrentControlSet. During regular operation, Windows uses CurrentControlSet to read and write information. CurrentControlSet is a reference to one of the control sets stored in the registry. Windows picks the "real" control set being used based on the values set in the HKLMSYSTEMSelect registry key:

  • Default will be NTLDR's choice if nothing else overrides this.
  • If the value of the Failed key matches Default, then NTLDR displays an error message, indicating that the last boot failed, and gives the user the option to try booting, anyway, or to use the "Last Known Good Configuration".
  • If the user has chosen Last Known Good Configuration from the NTLDR boot menu, the control set indicated by the LastKnownGood key is used instead of Default.

When a control set is chosen, the Current key gets set accordingly. The Failed key is also set to the same as Current until the end of the boot process. LastKnownGood is also set to Current if the boot process completes successfully.


For the purposes of booting, a driver is either a "Boot" driver that is loaded by NTLDR prior to starting the kernel and started before system drivers by the kernel, or a "System" driver, which is loaded and started by ntoskrnl.exe after the boot drivers. "Boot" drivers are almost exclusively drivers for hard-drive controllers and file systems (ATA, SCSI, file system filter manager, etc.); in other words, they are the absolute minimum that ntoskrnl.exe will need to get started with loading other drivers, and the rest of the operating system. "System" drivers cover a wider range of core functionality, including the display driver, CD-ROM support, and the TCP/IP stack. ATA stands for: Advanced Technology Attachment: computer disk drive interface standard Air Transport Association of America Air Transport Auxiliary of Royal Air Force Atlantic Treaty Association Alberta Teachers Association: the public teachers union for the province of Alberta, Canada Allegheny Trail Alliance: a group of seven rails to trails... SCSI stands for Small Computer System Interface, and is a standard interface and command set for transferring data between devices on both internal and external computer buses. ...


The appropriate file system driver for the partition type (NTFS, FAT, or FAT32) which the Windows installation resides on is also loaded.


With this finished, control is then passed from NTLDR to the kernel.


Kernel loading phase

The initialization of the kernel subsystem and the Windows Executive subsystems is done in two phases.


During the first phase, basic internal memory structures are created, and each CPU's interrupt controller is initialized. The memory manager is initialized, creating areas for the file system cache, paged and non-paged pools of memory. The Object Manager[1], initial security token for assignment to the first process on the system, and the Process Manager itself. The System idle process as well as the System process are created at this point. A Programmable Interrupt Controller (or PIC) is an Intel 8259A chip that controls interrupts. ... In computer operating systems, paging memory allocation algorithms divide computer memory into small partitions, and allocates memory using a page as the smallest building block. ... In the Windows NT architecture, a token is a system object (type name Token) representing the subject in access control operations, i. ... In computing, a process is a running instance of a program, including all variables and other state. ... Summary of Process In Windows XP, The System Idle Process is, essentially, a counter which measures how much idle capacity the CPU has at any given time. ...


The second phase involves initializing the device drivers which were identified by NTLDR as being boot-time drivers.


Through the process of loading device drivers, a "progress bar" is visible at the bottom of the display on Windows 2000 systems; in Windows XP and Windows Server 2003, this was replaced by an animated bar which does not represent actual progress. Prior to Windows XP, this part of the boot process took significantly longer; this is because the drivers would be initialized one at a time. On Windows XP and Server 2003, the drivers are all initialized asynchronously.


After this (and before any files are opened), Autochk[3], a boot-time version of Chkdsk is started; if the computer was not shut down cleanly, Autochk will attempt to repair any potential damage.


Session Manager

Once all the Boot and System drivers have been loaded, the kernel (system thread) starts the Session Manager Subsystem (smss.exe). SMSS is one of the most important components of Windows. At boot time, it:

  • Creates environment variables
  • Starts the kernel-mode side of the Win32 subsystem (win32k.sys). This allows Windows to switch into graphical mode as there is now enough infrastructure in place.
  • Starts the user-mode side of the Win32 subsystem, the Client/Server Runtime Server Subsystem (csrss.exe). This makes Win32 available to user-mode applications.
  • Creates virtual memory paging files.
  • Any rename operations queued up are performed. This allows previously in-use files (e.g. drivers) to be replaced as part of a reboot.
  • Starts the Windows Logon Manager (winlogon.exe). Winlogon is responsible for handling interactive logons to a Windows system (local or remote). The Graphical Identification And Authentication (GINA) library is loaded inside the Winlogon process, and provides support for logging in as a local or Windows domain user.

The Session Manager stores its configuration at HKLMSYSTEMCurrentControlSetControlSession Manager. The exact operation of most of these items is based on the configuration set in the registry. The memory pages of the virtual address space seen by the process, may reside non-contiguously in primary, or even secondary storage. ... Winlogon is the Windows NT component responsible for handling the default secure attention key, loading the user profile on logon, and optionally locking the computer when a screensaver is running (requiring another authentication step). ... gina can mean several things: Gina is a female name Gina Lollobrigida, a famous actress Gina, a sensation known to cause the bursting of ones heart from loving so much Fictional characters: Gina Rockabrigida, a Flintstones version of Gina Lollabrigida Gina (Battlestar Galactica), a version of Number Six (Battlestar... A Windows Server domain or Windows NT Domain is a logical group of computers running versions of the Microsoft Windows operating system that share a central directory database. ...


Winlogon

For more details on this topic, see Winlogon.
  1. Control-Alt-Delete
  2. Winlogon calls GINA
    1. GINA logon dialog box is displayed
      • User inputs credentials
    2. GINA passes credentials back to Winlogon
  3. Winlogon passes credentials to LSA
    • LSA Determines which account databases is to be used
      • Local SAM
      • Domain SAM
      • Active Directory
  4. Winlogon (loaded by SMSS)
    • At this point, Winlogon starts the Service Control Manager (SCM), which in turn will start all the Windows services that are set to "Auto-Start". The Local Security Authority Subsystem Service (lsass.exe) is also started, which enforces the local security policy (checking user permissions, creating audit trails, doling out security tokens, etc.).
  • userinit.exe

Winlogon is the Windows NT component responsible for handling the default secure attention key, loading the user profile on logon, and optionally locking the computer when a screensaver is running (requiring another authentication step). ... This article is about Control-Alt-Delete, the keyboard shortcut. ... gina can mean several things: Gina is a female name Gina Lollobrigida, a famous actress Gina, a sensation known to cause the bursting of ones heart from loving so much Fictional characters: Gina Rockabrigida, a Flintstones version of Gina Lollabrigida Gina (Battlestar Galactica), a version of Number Six (Battlestar... Local Security Authority Subsystem Service, abbreviated LSASS, is a process in Microsoft Windows operating systems that verifies the user logging on to a Windows computer or server. ...

Logon Phase

After a user has successfully logged in to the machine, Winlogon does the following:

  • Updates the Control Sets; the LastKnownGood control set is updated to reflect the current control set.
  • User and Computer Group Policy settings are applied.
  • Startup programs are run from the following locations:
    1. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunonce
    2. HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun
    3. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
    4. HKCUSoftwareMicrosoftWindows NTCurrentVersionWindowsRun
    5. HKCUSoftwareMicrosoftWindowsCurrentVersionRun
    6. HKCUSoftwareMicrosoftWindowsCurrentVersionRunOnce
    7. ProfilePathStart MenuProgramsStartup

Group Policy is part of Microsofts IntelliMirror technology which aims to reduce the overall cost of supporting users of Windows. ...

Additional information

The HKLMHARDWARE section of the registry is populated by the kernel at boot-time with the information about detected hardware that was gathered by ntdetect.com. More specifically:

  • If ACPI is supported by the hardware, the Fixed ACPI Description Table (FADT), Firmware ACPI Control Structure (FACS) and Root System Description Table (RSDT) are written to HKLMHARDWAREACPI.
  • Details about installed CPU(s), such as the brand, speed, and feature set (MMX, SSE, etc.) installed are stored in HKLMHARDWAREDESCRIPTIONSystemCentralProcessor#.
  • In similar fashion, details about installed FPU(s) are stored in HKLMHARDWAREDESCRIPTIONSystemFloatingPointProcessor#.
  • Information about the various multi-function adapters (ISA, PNP, ACPI, etc.) and the devices on them that are detected by ntdetect.com, is stored in HKLMHARDWAREDESCRIPTIONSystemMultifunctionAdapter#.

MMX is a SIMD instruction set designed by Intel, introduced in their Pentium MMX microprocessors. ... SSE is an abbreviation for Shenzhen Stock Exchange Sign Supported English, the use of British Sign Language with an English grammar. ... A floating point unit (FPU) is a part of a CPU specially designed to carry out operations on floating point numbers. ...

See also

The Windows NT operating system familys architecture consists of two layers (user mode and kernel mode), with many different modules within both of these layers. ... It has been suggested that System partition and boot partition be merged into this article or section. ... In the IBM PC architecture the Master Boot Record (MBR), or partition sector, is the 512-byte boot sector, i. ... Power-on self-test (POST) is the common term for a computers or printers pre-boot sequence. ...

Footnotes

  1.  Other boot loaders (typically for other operating systems) may be executed prior to control being passed to NTLDR. This known as a "chained" boot sequence.
  2.  This feature is known as hibernation, and was introduced in Windows 2000.

Hibernate is a feature seen in many operating systems where the contents of RAM is written to non-volatile storage, such as the hard disk (as either a file or on a separate partition) before powering off the system. ...

References

  • "Troubleshooting the Startup Process." Windows XP Resource Kit. Microsoft Technet. URL accessed on 2006-02-15.
  • Mark Minasi, John Enck. "Troubleshooting NT Boot Failures." Administrator's Survival Guide: System Management and Security. Windows IT Library. URL accessed on 2006-02-15.

2006 (MMVI) is a common year starting on Sunday of the Gregorian calendar. ... February 15 is the 46th day of the year in the Gregorian Calendar. ... 2006 (MMVI) is a common year starting on Sunday of the Gregorian calendar. ... February 15 is the 46th day of the year in the Gregorian Calendar. ...

External links


 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m