Windows XP Boot Process
Download
Report
Transcript Windows XP Boot Process
Windows XP Boot Process
All computers running Windows XP Professional have the same startup
sequence:
• Power-on self test (POST) phase
• Initial startup phase
• Boot loader phase
• Detect and configure hardware phase
• Kernel loading phase
• Logon phase
Files Required to Boot
File Name
Disk Location
Description
Ntldr
Root of the system partition
The operating system loader.
Boot.ini
Root of the system partition
A file that specifies the paths
to Windows XP Professional
installations. For multipleboot systems, Boot.ini
contains the operating system
choices that display on the
startup menu.
Bootsect.dos (multiple-boot
systems only)
Root of the system partition
A hidden system file that
Ntldr loads for a Windows XP
Professional multiple-boot
configuration that includes
MS-DOS, Windows 95,
Windows 98, or Windows
Me. Bootsect.dos contains
the boot sector for these
operating systems.
Ntdetect.com
Root of the system partition
The file that passes information
about the hardware configuration
to Ntldr.
Ntbootdd.sys
Root of the system partition
(required for SCSI or Advanced
Technology Attachment
[ATA]controllers with firmware
disabled or that do not support
extended INT-13 calls).
The device driver used to access
devices attached to a SCSI or ATA
hard disk whose adapter is not
using BIOS. The contents of this
file depend on the startup
controller used.
Ntoskrnl.exe
systemroot\System32
The core (also called the kernel) of
the Windows XP Professional
operating system. Code that runs
as part of the kernel does so in
privileged processor mode and
has direct access to system data
and hardware.
During installation on single
processor systems, Windows XP
Professional Setup copies
Ntoskrnl.exe from the operating
system CD. During installation on
multiprocessor systems, Windows
XP Professional Setup copies
Ntoskrnlmp.exe and renames it
Ntoskrnl.exe.
Hal.dll
systemroot\System32
The hardware abstraction layer (HAL)
dynamic-link library file. The HAL
abstracts low-level hardware details
from the operating system and provides
a common programming interface to
devices of the same type (such as video
adapters).
The Microsoft Windows XP Professional
operating system CD contains several
Hal files. Setup copies to your computer
the file that fits your hardware
configuration and then renames the file
as Hal.dll.
System registry file
systemroot\System32
\Config\System
The registry file that contains the data
used to create the registry key
HKEY_LOCAL_ MACHINE\SYSTEM. This
key contains information that the
operating system requires to start
devices and system services.
Device drivers
systemroot\System32
\Drivers
Driver files for hardware devices, such
as keyboard, mouse, and video.
Power-On Self Test
As soon as you turn on a computer, its central processing unit (CPU) begins to carry out the
programming instructions contained in the basic input/output system (BIOS). The BIOS, which is
a type of firmware, contains the processor-dependent code that starts the computer. The first
set of startup instructions is the power-on self test (POST). The POST is responsible for the
following system and diagnostic functions:
•
•
•
This phase involves a check for basic hardware components such as memory, keyboard etc..
Verifies that the devices needed to start an operating system, such as a hard disk, are
present
Retrieves system configuration settings from non-volatile complementary metal-oxide
semiconductor (CMOS) memory, which is located on the motherboard
Initial Startup Phase
•
•
After the POST, the settings that are stored in CMOS memory, such as boot order, determine
the devices that the computer can use to start an operating system. Usually the hard disk ,
but can be a floppy disk or a CD-ROM. When successful , locates and executes the MBR.
The MBR is responsible for locating and then initializing the boot sector on the active
partition
Boot Loader Phase
•
Ntldr loads startup files from the boot partition and then does the following:
Sets an x86-based processor to run in 32-bit flat memory mode
• An x86-based computer first starts in real mode. In real mode, the processor disables certain
features to allow compatibility with software designed to run on 8-bit and 16-bit processors.
Ntldr then switches the processor to 32-bit mode, which allows access to large amounts of
memory and enables Windows XP Professional to start.
Starts the file system
• Ntldr contains the program code that Windows XP Professional needs to read and write to
disks formatted by using the NTFS or file allocation table (FAT16 or FAT32) file systems.
Reads the Boot.ini file
• Ntldr reads the contents of the Boot.ini file to determine whether the computer has a dualboot configuration. If so, the contents of the Boot.ini are displayed on screen in order that
the user can choose an operating system to load. This menu is displayed for 30 seconds by
default. If the user does not make a choice before the 30-second expiry time, the default
operating system will be loaded. The default operating system is the system located at the
top of the menu, and is usually the latest Windows XP operating system to have been
installed. If the computer is not configured for dual-boot – ie Windows XP is the only
operating system installed – the Boot.ini contents are not displayed and the Windows XP
system is loaded automatically.
Detects hardware and Hardware Phase
• Ntldr starts Ntdetect.com, a program that performs basic device detection. Ntldr then passes
Boot.ini information, as well as hardware and software data in the registry, to Ntoskrnl.exe.
Ntdetect.com detects hardware profile information (for example, docked and undocked
configurations for portable computers)
Detect and Configure Hardware Phase
• After processing the Boot.ini file, Ntldr starts Ntdetect.com. Ntdetect.com collects information
about installed hardware by using calls to system firmware routines. Ntdetect.com then passes
this information back to Ntldr. Ntldr gathers the data received from Ntdetect.com and organizes
the information into internal data structures. Ntldr then starts Ntoskrnl.exe and provides it with
information obtained from Ntdetect.com.
•
•
•
•
•
•
•
•
•
•
•
Ntdetect.com collects the following type of hardware and device information:
System firmware information, such as time and date
Bus and adapter types
Video adapters
Keyboard
Communication ports
Disks
Floppy disks
Input devices (such as mouse devices)
Parallel ports
Devices installed on the Industry Standard Architecture (ISA) bus
•
•
•
During this phase, Ntdetect.com searches for hardware profile information. Windows XP
Professional creates a single default profile for desktop computers and creates two default
profiles for portable computers. For portable computers, the operating system selects the
appropriate profile based on the hardware state of the computer:
Desktop computer.
- Profile 1
Portable computer.
- Docked Profile
- Undocked Profile
Kernel Loading Phase
• Ntldr is responsible for loading the Windows kernel (Ntoskrnl.exe) and the hardware
abstraction layer (HAL) into memory.
Control sets
•
Ntldr reads control set information from the HKEY_LOCAL_ MACHINE\SYSTEM registry key, which
is created from information in the systemroot\System32\Config\System file, so that Ntldr can
determine which device drivers need to be loaded during startup.
•
The kernel uses the internal data structures provided by Ntldr to create the
HKEY_LOCAL_MACHINE\HARDWARE key, which contains the hardware data collected at system startup.
The data includes information about various hardware components and system resources allocated to
each device.
•
Drivers are kernel-mode components required by devices to function within an operating system.
Services are components that support operating system functions and applications. Services can run in a
different context than user applications and typically do not offer many user-configurable options.
Services, such as the Print Spooler, do not require a user to be logged on to run and act independently
of the user who is logged on to the system. Windows XP Professional driver and service files are typically
stored in the systemroot\System32 and systemroot\System32\Drivers folders and use .exe, .sys, or .dll
file name extensions.
•
Drivers are also services. Therefore, during kernel initialization, Ntldr and Ntoskrnl.exe use the
information stored in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename
registry subkeys to determine both the drivers and services to load. For example, Ntldr searches the
Services subkey for drivers with a Start value of 0, such as hard disk controllers. After Ntldr starts
Ntoskrnl.exe, an Ntoskrnl.exe component searches for and starts drivers, such as network protocols
Logon Phase
The Windows subsystem starts Winlogon.exe, a system service that enables logging on and off.
Winlogon.exe then does the following:
• Starts the Services subsystem (Services.exe), also known as the Service Control Manager (SCM).
• Starts the Local Security Authority (LSA) process (Lsass.exe).
• Parses the Ctrl+Alt+Del key combination at the Begin Logon prompt.
The Graphical Identification and Authentication (GINA) component collects the user name and password,
and passes this information securely to the LSA for authentication. If the user supplied valid credentials,
access is granted by using either the Kerberos V 5 authentication protocol or NTLM.