The bootup process is a list of detailed procedures that the system undergoes to perform all system checks and load all necessary files to bring the computer to an operable state.
The Windows XP bootup process comprises of the following procedures:
Windows XP Professional boot process occurs in five stages.
- Preboot sequence
- Boot sequence
- Kernel sequence
- Kernel initialization
- Logon
| File | Location | Boot Stage |
| NTLDR | System partition root (c:\) | Preboot and boot |
| BOOT.INI | System partition root | Boot |
| BOOTSECT.DOS | System partition root | Boot (optional) |
| NTDETECT.COM | System partition root | Boot |
| NTBOOTDD.SYS | System partition root | Boot (optional) |
| NTOSKRNL.EXE | Systemroot\System32 | Kernel load |
| HAL.DLL | Systemroot\System32 | Kernel load |
| SYSTEM | Systemroot\System32 | Kernel initialization |
| Device drivers (.sys) | SYSTEMROOT\System32\Drivers | Kernel initialization |
During start up, a computer running Windows XP Professional initializes and then locate the boot portion of the hard disk.
The following four steps occur during the preeboot sequence.
- The computer runs power-on self test (POST) routines to determine the amount of physical memory, whether the hardware components are present, and so on. If the computer has a Plug and Play BIOS, enumeration and configuration of hardware devices occures at this stage.
- The computer BIOS locates the boot device and loads and runs the master boot record (MBR).
- The MBR scans the partition table to locate the active partition, loads the boot sector on the active partition into memory, and then execute it.
- The computer loads and initializes the NTLDR file, which is the operating system loader. Windows XP Professional setup modifies the boot sector during installation so that NTLDR loadsduring system start up.
Boot Sequence
After the computer loads NTLDR into memory, the boot sequence gather information about, hardware and drivers in preparation for the Windows XP Professional load phases. The boot sequence uses the following files: NTLDR, BOOT.INI, BOOTSECT.DOS (optional), NTDETECT.COM, and NTOSKRNL.EXE.
The boot sequence has four phases:
- Initial boot loader phase
- Operating system selection
- Hardware detection
- Configuration selection
After configuration selection, the Windows XP Professional kernel (NTOSKRNL.EXE) loads and initializes. NTOSKRNL.EXE also loads and initializes device drivers and loads services. If you press Enterwhen the Hardware Profile/Configuration Recovery menu appears, or if NTLDR makes the selection automatically
- Loads NTOSKRNL.EXE but does not initialize it.
- Loads the Hardware abstraction layer file (HAL.DLL)
- Loads the HKEY_LOCAL_MACHINE\SYSTEM registry key from %systemroot%system32\config\system.
- Select the control set it will use to initialize the computer. A control set contains configuration data used to control the system, such as a list of the device drivers and services to load and start.
- Loads device drivers with a value of 0x0 for the start entry. These typically are low-level hardware device drivers, such as those for a hard disk. The value for the List entry, which is specified in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder subkey of the registry, defines the order in which NTLDR loads these device drivers.
When the kernel load phase is complete, the kernel initializes, and then NTLDR passes control to the kernel. At this point, the system displays a graphical screen with a status bar indication load status. Four tasks are accomplished during the kernel initialization stage:
- The Hardware key is created.
- The Clone control set is created.
- Device Drivers are loaded and initialized
- Services are started.
The logon process begins at the conclusion of the kernel initialization phase. The Win32 subsystem automatically stars WINLOGON.EXE. which starts the Local Security Authority (LSSASS.EXE), and displays the Logon dialog box. You can log on at this time, even though Windows XP Professional might still be initializing network device drivers. Next, the Service Controller executes and makes a final scan of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services subkey, looking for services with a value of 0x2 for the start entry.
0 comments:
Post a Comment