MCSE : Security Specialist
Startup Process Windows NT/2000
Steps
prior to boot sequence
-
POST Power On Self Test routines are run.
-
The boot device is located, and the MBR (Master Boot Record) is
loaded into memory, and locates the active partition boot
sector, and loads it into memory.
-
From the boot sector NTLDR is loaded into memory.
Boot
Sequence
-
NTLDR switches the processor from real mode into 32 bit flat
memory mode.
-
NTLDR starts the minifile system drivers, either FAT, FAT 32
(2000 only) or NTFS.
-
NTLDR reads the BOOT.INI file, and displays the Boot Loader
Menu. If you have a dual boot system and choose an OS other than
Windows NT NTLDR will load BOOTSECT.DOS and pass control to it
for booting.
-
If Windows NT/2000 is selected, NTLDR will run NTDETECT.COM
which scans the computers hardware and passes this information
back to NTLDR.
-
NTLDR then loads NTOSKRNL.EXE, HALL.DLL, and the SYSTEM hive.
Kernel Load Phase
-
NTLDR starts NTOSKRNL.EXE
-
The HAL (hardware abstraction layer) is loaded, which hides the
physical hardware from applications.
-
The SYSTEM hive, is loaded and scanned for device drivers, and
services that should be loaded. These are organized into groups
They are loaded into memory but not initialized yet, in the
order in which they appear in the ServiceGroupOrder subkey of
the registry.
Kernel Initialization Phase
In
this phase the screen is blue, and initializes the kernel and the
drivers that were loaded during the kernel load phase.
-
The kernel is initialized.
-
SYSTEM hive is scanned again to determine which drivers should
be loaded, then they are initialized.
Services Load Phase
The
services load phase starts the Session Manager SMSS.EXE. It will run
the programs listed in its BootExecute Registry entry, as well as
starting the required subsystems.
Win
32 Subsystem Start Phase
When
the 32 Subsystem Starts it automatically starts WINLOGON.EXE which
starts the Local Security Authority LSASS.EXE and displays
Ctrl+Alt+Delete logon dialog.
Next
the The Service Controller (Screg.exe) will check the Registry for
services that are marked to load automatically and will load them.
User
Logon
The
Boot is not considered good until a user logs on successfully
|