Windows 2003 booting process
BIOS: performs Power On Self Test (POST)
BIOS: loads MBR from the boot device specified/selected by the BIOS
MBR: contains a small amount of code that reads the partition table, the first partition marked as active is determined to be the system volume
MBR: loads the boot sector from the system volume
BOOT SECTOR: reads the root directory of the system volume at loads NTLDR
NTLDR: reads BOOT.INI from the system volume to determine the boot drive (presenting a menu if more than 1 entry is defined)
NTLDR: loads and executes NTDETECT.COM from the system volume to perform BIOS hardware detection
NTLDR: loads NTOSKRNL.EXE, HAL.DLL, BOOTVID.DLL (and KDCOM.DLL for XP upwards) from the boot (Windows) volume
NTLDR: loads \WINDOWS\SYSTEM32\CONFIG\SYSTEM which becomes the system hive HKEY_LOCAL_MACHINE\System
NTLDR: loads drivers flagged as "boot" defined in the system hive, then passes control to NTOSKRNL.EXE
NTOSKRNL.EXE: brings up the loading splash screen and initializes the kernel subsystem
NTOSKRNL.EXE: starts the boot-start drivers and then loads & starts the system-start drivers
NTOSKRNL.EXE: creates the Session Manager process (SMSS.EXE)
SMSS.EXE: runs any programs specified in BootExecute (e.g. AUTOCHK, the native API version of CHKDSK)
SMSS.EXE: processes any delayed move/rename operations from hotfixes/service packs replacing in-use system files
SMSS.EXE: initializes the paging file(s) and the remaining registry hives
** before this step completes, bugchecks will not result in a memory dump as we need a working page file on the boot (Windows) volume **
SMSS.EXE: starts the kernel-mode portion of the Win32 subsystem (WIN32K.SYS)
SMSS.EXE: starts the user-mode portion of the Win32 subsystem (CSRSS.EXE)
SMSS.EXE: starts WINLOGON.EXE
WINLOGON.EXE: starts the Local Security Authority (LSASS.EXE)
WINLOGON.EXE: loads the Graphical User Identification and Authentication DLL (MSGINA.DLL by default)
WINLOGON.EXE: displays the logon window
WINLOGON.EXE: starts the services controller (SERVICES.EXE)
** at this point users can logon **
SERVICES.EXE: starts all services markes as automatic
post - power on self test
mbr -contains a small amount of code that reads the partition table, the first partition marked as active is determined to be the system volume
- loads the boot sector from the system volume
ntldr - reads boot.ini ( os selection will be made here )
- loads \WINDOWS\SYSTEM32\CONFIG\SYSTEM which becomes the system hive HKEY_LOCAL_MACHINE\System
- loads NTOSKRNL.EXE, HAL.DLL,
ntoskernel - brings up the loading splash screen and initializes the kernel subsystem
- starts the boot-start drivers and then loads & starts the system-start drivers
smss -- winlogon - services
source : http://www.answers.com/Q/Windows_2003_booting_process
---------
NOTES:
The SYSTEM volume is the partition from which the boot process starts, containing the MBR, boot sector, NTLDR, NTDETECT.COM & BOOT.INI
The BOOT volume is the partition which contains the Windows folder - this can be a logical partition
BIOS: loads MBR from the boot device specified/selected by the BIOS
MBR: contains a small amount of code that reads the partition table, the first partition marked as active is determined to be the system volume
MBR: loads the boot sector from the system volume
BOOT SECTOR: reads the root directory of the system volume at loads NTLDR
NTLDR: reads BOOT.INI from the system volume to determine the boot drive (presenting a menu if more than 1 entry is defined)
NTLDR: loads and executes NTDETECT.COM from the system volume to perform BIOS hardware detection
NTLDR: loads NTOSKRNL.EXE, HAL.DLL, BOOTVID.DLL (and KDCOM.DLL for XP upwards) from the boot (Windows) volume
NTLDR: loads \WINDOWS\SYSTEM32\CONFIG\SYSTEM which becomes the system hive HKEY_LOCAL_MACHINE\System
NTLDR: loads drivers flagged as "boot" defined in the system hive, then passes control to NTOSKRNL.EXE
NTOSKRNL.EXE: brings up the loading splash screen and initializes the kernel subsystem
NTOSKRNL.EXE: starts the boot-start drivers and then loads & starts the system-start drivers
NTOSKRNL.EXE: creates the Session Manager process (SMSS.EXE)
SMSS.EXE: runs any programs specified in BootExecute (e.g. AUTOCHK, the native API version of CHKDSK)
SMSS.EXE: processes any delayed move/rename operations from hotfixes/service packs replacing in-use system files
SMSS.EXE: initializes the paging file(s) and the remaining registry hives
** before this step completes, bugchecks will not result in a memory dump as we need a working page file on the boot (Windows) volume **
SMSS.EXE: starts the kernel-mode portion of the Win32 subsystem (WIN32K.SYS)
SMSS.EXE: starts the user-mode portion of the Win32 subsystem (CSRSS.EXE)
SMSS.EXE: starts WINLOGON.EXE
WINLOGON.EXE: starts the Local Security Authority (LSASS.EXE)
WINLOGON.EXE: loads the Graphical User Identification and Authentication DLL (MSGINA.DLL by default)
WINLOGON.EXE: displays the logon window
WINLOGON.EXE: starts the services controller (SERVICES.EXE)
** at this point users can logon **
SERVICES.EXE: starts all services markes as automatic
post - power on self test
mbr -contains a small amount of code that reads the partition table, the first partition marked as active is determined to be the system volume
- loads the boot sector from the system volume
ntldr - reads boot.ini ( os selection will be made here )
- loads \WINDOWS\SYSTEM32\CONFIG\SYSTEM which becomes the system hive HKEY_LOCAL_MACHINE\System
- loads NTOSKRNL.EXE, HAL.DLL,
ntoskernel - brings up the loading splash screen and initializes the kernel subsystem
- starts the boot-start drivers and then loads & starts the system-start drivers
smss -- winlogon - services
source : http://www.answers.com/Q/Windows_2003_booting_process
---------
NOTES:
The SYSTEM volume is the partition from which the boot process starts, containing the MBR, boot sector, NTLDR, NTDETECT.COM & BOOT.INI
The BOOT volume is the partition which contains the Windows folder - this can be a logical partition
BIOS: performs Power On
Self-Test (POST)
BIOS: loads MBR from the
boot device specified/selected by the BIOS
MBR: contains
a small amount of code that reads the partition table, the first partition
marked as active is determined to be the system volume
MBR: loads
the boot sector from the system volume
BOOT SECTOR: reads the
root directory of the system volume and loads NTLDR
NTLDR: reads BOOT.INI
from the system volume to determine the boot drive (presenting a menu if more
than 1 entry is defined)
NTLDR: loads and executes
NTDETECT.COM from the system volume to perform BIOS hardware detection
ntdetect.com is a
component of Microsoft Windows NT-based operating systems that operate on the
x86 architecture. It is used during the Windows NT startup process, and is
responsible for detecting basic hardware that will be required to start the
operating system
The bootstrap loader takes
the control over the booting process and loads NTLDR. Ntdetect.com is invoked
by NTLDR, and returns the information it gathers to NTLDR when finished, so
that it can then be passed on to ntoskrnl.exe, the Windows NT kernel.
Ntdetect.com is used on
computers that use BIOS firmware. Computers with Extensible Firmware Interface,
such as IA-64, use a method of device-detection that is not tied to the
operating system.[1]
Hardware detection operates
somewhat differently depending on whether or not Advanced Configuration and
Power Interface (ACPI) is supported by the hardware. It passes on the hardware
details gathered from the BIOS onto the OS. If ACPI is supported, the list of
found devices is handed to the kernel, Windows will take responsibility for
assigning each device some resources. On older hardware, where ACPI is not
supported, the BIOS takes responsibility for assigning resources, not the
operating system, so this information is passed to the kernel as well.
In addition, ntdetect.com
will make a determination as to which hardware profile to use. Windows supports
multiple distinct hardware profiles, which allows a single copy of Windows to
work well in situations where the hardware changes between specific layouts on
a regular basis. This is common with portable computers that connect to a
docking station[citation needed].
In Windows Vista and later
Windows operating systems, ntdetect.com only supports ACPI, so that Windows
will be able to control hardware resource allocation on every machine in the
same way. Hardware profiles are also no longer supported in Windows Vista.
The information gathered by
ntdetect.com is stored in the HKLM\HARDWARE\DESCRIPTION key in the Windows
Registry at a later stage in the boot process.
Classes of hardware detected
Hardware identification
Hardware date & time
Bus and adapter types
SCSI adapters
Video adapters
Keyboard
Serial and parallel
communication ports
Hard drives
Floppy disks
Mouse
Floating-point coprocessor
Industry
Standard Architecture-based devices
.
NTLDR: loads NTOSKRNL.EXE, HAL.DLL, BOOTVID.DLL (and KDCOM.DLL for XP upwards) from the boot (Windows) volume
NTLDR: loads \WINDOWS\SYSTEM32\CONFIG\SYSTEM which becomes the system hive HKEY_LOCAL_MACHINE\System
NTLDR: loads drivers flagged as “boot” defined in the system hive, then passes control to NTOSKRNL.EXE
NTOSKRNL.EXE: brings up the
loading splash screen and initializes the kernel subsystem
NTOSKRNL.EXE: starts the boot-start drivers and then loads & starts the system-start drivers
NTOSKRNL.EXE: starts the boot-start drivers and then loads & starts the system-start drivers
NTOSKRNL.EXE: creates
the Session Manager process (SMSS.EXE)
SMSS.EXE: runs
any programs specified in BootExecute (e.g. AUTOCHK, the native API version of
CHKDSK)
SMSS.EXE: processes any delayed move/rename operations from hotfixes/service packs replacing in-use system files
SMSS.EXE: initializes the paging file(s) and the remaining registry hives
** before this step completes, bugchecks will not result in a memory dump as we need a working page file on the boot (Windows) volume **
SMSS.EXE: starts the kernel-mode portion of the Win32 subsystem (WIN32K.SYS)
SMSS.EXE: starts the user-mode portion of the Win32 subsystem (CSRSS.EXE)
SMSS.EXE: starts WINLOGON.EXE
SMSS.EXE: processes any delayed move/rename operations from hotfixes/service packs replacing in-use system files
SMSS.EXE: initializes the paging file(s) and the remaining registry hives
** before this step completes, bugchecks will not result in a memory dump as we need a working page file on the boot (Windows) volume **
SMSS.EXE: starts the kernel-mode portion of the Win32 subsystem (WIN32K.SYS)
SMSS.EXE: starts the user-mode portion of the Win32 subsystem (CSRSS.EXE)
SMSS.EXE: starts WINLOGON.EXE
WINLOGON.EXE: starts the Local
Security Authority (LSASS.EXE)
WINLOGON.EXE: loads the Graphical User Identification and Authentication DLL (MSGINA.DLL by default)
WINLOGON.EXE: loads the Graphical User Identification and Authentication DLL (MSGINA.DLL by default)
WINLOGON.EXE: displays the logon window
WINLOGON.EXE: starts the services controller (SERVICES.EXE)
** at this point users can logon **
SERVICES.EXE: starts all services
markes as automatic
No comments:
Post a Comment