There are five stages of startup:
1) Preboot sequence,
2) Boot sequence,
3) Kernel load,
4) Kernel initialization,
5) Logon.
Files Used in the Startup ProcessWindows XP Professional requires certain files during startup. Table 4-1 lists the files
used in the Windows XP Professional startup process, the appropriate location of each
file, and the phases of the startup process associated with each file.
What Happens During the Preboot Sequence
During startup, a computer running Windows XP Professional initializes and thenlocates the boot portion of the hard disk.
The following four steps occur during the preboot sequence:
1. The computer runs power-on self test (POST) routines to determine the amount of
physical memory, whether the hardware components are present, and so on. If
the computer has a Plug and Play–compatible basic input/output system (BIOS),
enumeration and configuration of hardware devices occurs at this stage.
2. The computer BIOS locates the boot device, and then loads and runs the Master
Boot Record (MBR).
3. The MBR scans the partition table to locate the active partition, loads the boot sec-
tor on the active partition into memory, and then executes it.
4. The computer loads and initializes the NTLDR file, which is the operating system
loader.
Note
Windows XP Professional Setup modifies the boot sector during installation so that
NTLDR loads during system startup.
There are a number of problems that can occur during the preboot sequence, including
the following:
Improper hardware configuration or malfunctioning hardware If the BIOS
cannot detect a hard drive during its POST routine, startup fails early during the
preboot sequence and usually presents a message stating that a hard drive cannot
be located.
Corrupt MBR If your MBR becomes corrupt (a fairly common action taken by
viruses), you can generally repair it by using the Recovery Console
Floppy or USB disk inserted If you see an error message stating that there is a non-
system disk or a disk error, or stating that no operating system could be found, a
common reason is that a floppy disk or a universal serial bus (USB) flash memory
disk is inserted in the drive during startup. On most computers, BIOS is configured
by default to try starting using the floppy drive or an available USB drive before it
attempts to start by using the hard drive.
What Happens During the Boot Sequence
about hardware and drivers in preparation for the Windows XP Professional load
phases. The boot sequence uses the following files: NTLDR, BOOT.INI, BOOT-
SECT.DOS (optional), NTDETECT.COM, and NTOSKRNL.EXE.
The boot sequence has four phases: initial boot loader phase, operating system selection,
hardware detection, and configuration selection (described in the following sections).
Initial Boot Loader Phase
During the initial boot loader phase, NTLDR switches the microprocessor from real
mode to 32-bit flat memory mode, which NTLDR requires to carry out any additional
functions. Next, NTLDR starts the appropriate minifile system drivers. The minifile sys-
tem drivers are built into NTLDR so that NTLDR can find and load Windows XP Pro-
fessional from partitions formatted with file allocation table (FAT), FAT32, or NT file
system (NTFS).
Operating System Selection
During the boot sequence, NTLDR reads the BOOT.INI file. If more than one operating
system selection is available in the BOOT.INI file, a Please Select The Operating System
To Start screen appears, listing the operating systems specified in the BOOT.INI file. If
you do not select an entry before the timer reaches zero, NTLDR loads the operating
system specified by the default parameter in the BOOT.INI file. Windows XP Profes-
sional Setup sets the default parameter to the most recent Windows XP Professional
installation. If there is only one entry in the BOOT.INI file, the Please Select The Oper-
ating System To Start screen does not appear, and the default operating system is auto-
matically loaded.
Note
If the BOOT.INI file is not present, NTLDR attempts to load Windows XP Professional
from the first partition of the first disk—typically C:\.
Hardware Detection
NTDETECT.COM and NTOSKRNL.EXE perform hardware detection. NTDETECT.COM
executes after you select Windows XP Professional on the Please Select The Operating
System To Start screen (or after the timer times out).
Note
If you select an operating system other than Windows XP Professional (such as Win-
dows 98), NTLDR loads and executes BOOTSECT.DOS, which is a copy of the boot sector that
was on the system partition at the time Windows XP Professional was installed. Passing exe-
cution to BOOTSECT.DOS starts the boot process for the selected operating system.
NTDETECT.COM collects a list of currently installed hardware components and
r e t u r n s this list to NTLDR for later inclusion in the Registry under the
HKEY_LOCAL_MACHINE\HARDWARE key.
NTDETECT.COM detects the following components:
■ Bus/adapter type
■ Communication ports
■ Floating-point coprocessor
■ Floppy disks
■ Keyboard
■ Mouse/pointing device
■ Parallel ports
■ SCSI adapters
■ Video adapters
Configuration Selection
After NTLDR starts loading Windows XP Professional and collects hardware informa-
tion, the operating system loader presents you with the Hardware Profile/Configura-
tion Recovery menu, which contains a list of the hardware profiles that are set up on
the computer. The first hardware profile is highlighted. You can press the DOWN
arrow key to select another profile. You also can press L to invoke the Last Known
Good configuration.
If there is only a single hardware profile, NTLDR does not display the Hardware Pro-
file/Configuration Recovery menu and loads Windows XP Professional using the
default hardware profile configuration.
Troubleshooting the Boot Sequence
There are a number of problems that can occur during the boot sequence, including
the following:
Missing or corrupt boot files If the NTLDR, BOOT.INI, BOOTSECT.DOS, NTDE-
TECT.COM, or NTOSKRNL.EXE files become corrupt or are missing, you see an error
message indicating the situation, and Windows startup fails. You should use the Recov-
ery Console (described in Lesson 3) to restore the files.
Improperly configured BOOT.INI An improperly configured BOOT.INI file gener-
ally results from an error while manually editing the file or from a change to disk con-
figuration. It is also possible for the BOOT.INI file to become corrupt or missing. In this
case, you should use the Recovery Console to restore the files.
Improperly configured hardware NTDETECT.COM can fail during its detection of
hardware if a hardware device is incorrectly configured, a bad driver is installed, or the
device is malfunctioning. If startup fails during hardware detection, you should begin
troubleshooting hardware by removing unnecessary devices from the computer and
adding them back one at a time until you discover the source of the problem. You can
also try the Last Known Good configuration if you suspect that a new configuration or
driver is at fault.
What Is the BOOT.INI File?
When you install Windows XP Professional on a computer, Windows Setup saves the
BOOT.INI file in the active partition. NTLDR uses information in the BOOT.INI file to
display the boot loader screen, from which you select the operating system to start.
The BOOT.INI file includes two sections, [boot loader] and [operating systems], which
contain information that NTLDR uses to create the Boot Loader Operating System
Selection menu. A typical BOOT.INI might contain the following lines:
The [operating systems] section of a BOOT.INI file that is created during a default instal-
lation of Windows XP Professional contains a single entry for Windows XP Profes-sional. If your computer is a Windows 95–based or Windows 98–based dual-boot
system, the [operating systems] section also contains an entry for starting the system by
using the other operating system. If you installed Windows XP Professional on a com-
puter and kept an installation of Windows NT 4.0 on another partition of the same
computer, the [operating systems] section also contains an entry for starting the system
using this version of Windows NT.
What Happens During the Kernel Load Phase
After configuration selection, the Windows XP Professional kernel (NTOSKRNL.EXE)
loads and initializes. NTOSKRNL.EXE also loads and initializes device drivers and loadsservices. If you press ENTER when the Hardware Profile/Configuration Recovery menu
appears, or if NTLDR makes the selection automatically, the computer enters the kernel
load phase. The screen clears, and a series of white rectangles appears across the bot-tom of the screen, indicating startup progress.
During the kernel load phase, NTLDR does the following:
■ Loads NTOSKRNL.EXE, but does not initialize it.
■ Loads the hardware abstraction layer file (HAL.DLL).
■ Loads the HKEY_LOCAL_MACHINE\SYSTEM Registry key.
■ Selects the control set it will use to initialize the computer. A control set contains
configuration data used to control the system, such as a list of the device drivers
and services to load and start.
■ Loads device drivers with a value of 0x0 for the Start entry. These typically are
low-level hardware device drivers, such as those for a hard disk. The value for the
List entry, which is specified in the HKEY_LOCAL_MACHINE\SYSTEM\Current-
ControlSet\Control\ServiceGroupOrder subkey of the Registry, defines the order
in which NTLDR loads these device drivers.
Problems during the kernel load phase of startup often occur because of corrupted sys-
tem files or because of a hardware malfunction. In the case of corrupted system files,
you can try to replace those files using the Recovery Console, which is covered in Les-
son 3. In the case of a hardware problem, you will likely need to troubleshoot by
removing or replacing hardware components until you identify the problem. You may
be able to isolate the hardware device causing the problem by enabling boot logging
What Happens During the Kernel Initialization Phase
When the kernel load phase is complete, the kernel initializes, and then NTLDR passes
control to the kernel. At this point, the system displays a graphical screen with a status
bar that indicates load status. Four tasks are accomplished during the kernel initializa-
tion stage:
The Hardware key is created. On successful initialization, the kernel uses the data
collected during hardware detection to create the Registry key
HKEY_LOCAL_MACHINE\HARDWARE. This key contains information about
hardware components on the system board and the interrupts used by specific
hardware devices.
The Clone control set is created. The kernel creates the Clone control set by copy-
ing the control set referenced by the value of the Current entry in theHKEY_LOCAL_MACHINE\SYSTEM\Select subkey of the Registry. The Clone con-
trol set is never modified because it is intended to be an identical copy of the data
used to configure the computer and should not reflect changes made during the
startup process.
Device drivers are loaded and initialized. After creating the Clone control set, the
kernel initializes the low-level device drivers that were loaded during the kernel
load phase. The kernel then scans the HKEY_LOCAL_MACHINE\ SYSTEM\Cur-
rentControlSet\Services subkey of the Registry for device drivers with a value of
0x1 for the Start entry. As in the kernel load phase, a device driver’s value for the
Group entry specifies the order in which it loads. Device drivers initialize as soon
as they load. If an error occurs while loading and initializing a device driver, the
boot process proceeds based on the value specified in the ErrorControl entry for
the driver. Table 4-4 describes the possible ErrorControl values and the resulting
boot sequence actions.
Note
ErrorControl values appear in the Registry under the subkey HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Services\name_of_service_or_driver\ErrorControl.
Services are started. After the kernel loads and initializes device drivers, Session
Manager (SMSS.EXE) starts the higher-order subsystems and services for Windows
XP Professional. Session Manager executes the instructions in the BootExecute
data item, and in the Memory Management, DOS Devices, and SubSystems keys.
Table 4-5 describes the function of each instruction set and the resulting Session
Manager action.
What Happens During the Logon Phase
subsystem automatically starts WINLOGON.EXE, which in turn starts the Local Security
Authority (LSASS.EXE) and displays the Logon dialog box. You can log on at this time,
even though Windows XP Professional might still be initializing network device drivers.
Next, the Service Control Manager executes and makes a final scan of the HKEY_
LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services subkey, looking for services
with a value of 0x2 for the Start entry. These services, including the Workstation service
and the Server service, are marked to load automatically.
The services that load during this phase do so based on their values for the DependOn-
Group or DependOnService entries in the HKEY_LOCAL_MACHINE\ SYSTEM\Cur-
rentControlSet\Services Registry subkey.
A Windows XP Professional startup is not considered good until a user successfully
logs on to the system. After a successful logon, the system copies the Clone control set
to the Last Known Good control set.
Lesson Summary
■ Files used during the Windows XP Professional startup process include NTLDR,
BOOT.INI, BOOTSECT.DOS, NTDETECT.COM, NTBOOTDD.SYS, NTOSK-
RNL.EXE, HAL.DLL, SYSTEM, and Device drivers (.sys).
■ During the preboot sequence, the BIOS runs a POST test, locates a boot device,
and loads the MBR found on that boot device. The MBR loads the boot sector on
the active partition into memory and then initializes NTLDR.
■ The boot sequence has four phases: initial boot loader phase, operating system
selection, hardware detection, and configuration selection. The boot sequence
uses the following files: NTLDR, BOOT.INI, BOOTSECT.DOS (optional), NTDE-
TECT.COM, and NTOSKRNL.EXE.
■ NTLDR uses information in the BOOT.INI file to display the boot loader screen,
from which you select the operating system to start. You can edit the BOOT.INI
file, including modifying ARC paths and using the optional BOOT.INI switches.
■ During the kernel load phase, the Windows XP Professional kernel (NTOSK-
RNL.EXE) loads and initializes. NTOSKRNL.EXE also loads and initializes device
drivers and loads services.
■ During the kernel initialization phase, the kernel initializes, and then NTLDR
passes control to the kernel. At this point, the system displays a graphical screen
with a status bar that indicates load status. Four tasks are accomplished during the
kernel initialization phase:
❑ ❑ The Clone control set is created.
❑ Device drivers are loaded and initialized.
❑
■
The Hardware key is created.
Services are started.
During the logon phase, the Win32 subsystem automatically starts WIN-
LOGON.EXE, which in turn starts the Local Security Authority (LSASS.EXE) and
displays the Logon dialog box. You can log on at this time, even if Windows XP
Professional might still be initializing network device drivers.
■ Files used during the Windows XP Professional startup process include NTLDR,
BOOT.INI, BOOTSECT.DOS, NTDETECT.COM, NTBOOTDD.SYS, NTOSK-
RNL.EXE, HAL.DLL, SYSTEM, and Device drivers (.sys).
■ During the preboot sequence, the BIOS runs a POST test, locates a boot device,
and loads the MBR found on that boot device. The MBR loads the boot sector on
the active partition into memory and then initializes NTLDR.
■ The boot sequence has four phases: initial boot loader phase, operating system
selection, hardware detection, and configuration selection. The boot sequence
uses the following files: NTLDR, BOOT.INI, BOOTSECT.DOS (optional), NTDE-
TECT.COM, and NTOSKRNL.EXE.
■ NTLDR uses information in the BOOT.INI file to display the boot loader screen,
from which you select the operating system to start. You can edit the BOOT.INI
file, including modifying ARC paths and using the optional BOOT.INI switches.
■ During the kernel load phase, the Windows XP Professional kernel (NTOSK-
RNL.EXE) loads and initializes. NTOSKRNL.EXE also loads and initializes device
drivers and loads services.
■ During the kernel initialization phase, the kernel initializes, and then NTLDR
passes control to the kernel. At this point, the system displays a graphical screen
with a status bar that indicates load status. Four tasks are accomplished during the
kernel initialization phase:
❑ ❑ The Clone control set is created.
❑ Device drivers are loaded and initialized.
❑
■
The Hardware key is created.
Services are started.
During the logon phase, the Win32 subsystem automatically starts WIN-
LOGON.EXE, which in turn starts the Local Security Authority (LSASS.EXE) and
displays the Logon dialog box. You can log on at this time, even if Windows XP
Professional might still be initializing network device drivers.
0 comments:
Post a Comment