{"id":623,"date":"2015-10-18T14:37:00","date_gmt":"2015-10-18T06:37:00","guid":{"rendered":"http:\/\/note.systw.net\/note\/?p=623"},"modified":"2023-11-04T14:48:57","modified_gmt":"2023-11-04T06:48:57","slug":"win-boot-process","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/623","title":{"rendered":"Win Boot Process"},"content":{"rendered":"\n

boot type<\/strong>
cold boot (hard boot): starting a computer from a powered-down or off state
warm boot(soft boot): reboot by Ctrl+Alt+Del, skip memory test<\/p>\n\n\n\n


boot process<\/strong>
1.check BIOS firmware
2.BIOS start a POST(Power-on self-test)
3.add-on adapters perform a self-test for integration with the system
4.loads the MBR for BCD(boot configuration data)<\/p>\n\n\n\n

…<\/p>\n\n\n\n

MBR tiggers\/ boot load manager<\/strong>
NTLDR<\/strong>: for Windows NT\/2000\/XP
bootmgr<\/strong> : for vista and later
refer
http:\/\/resources.infosecinstitute.com\/windows-booting-process\/<\/p>\n\n\n\n

MBR tiggers NTLDR(NT Loader)<\/strong>
1. NTLDR first action is to read the Boot.ini file
2. the Ntdetect.com<\/strong> file is executed, which identifies information about the computer’s hardware
3. the Ntoskrnl.exe<\/strong> file is executed, which is the kernel of the Windows system
refer
https:\/\/en.wikipedia.org\/wiki\/NTLDR<\/p>\n\n\n\n


MBR tiggers bootmgr<\/strong>
1.winload.exe<\/strong>(windows loader) is triggered
2.windows loader loads ntoskrnl.exe<\/strong>
3.kernel<\/strong> start running,windows loader loads hal.dll<\/strong>, and system registry hive<\/strong> into memory
4.kernel call SMSS.exe<\/strong>(session manager process) load other registry hives
5.SMSS.exe triggers winlogon.exe<\/strong> for presents user logon screen
6.SMSS.exe initiates Service control manager<\/strong>
7.once user logs in, a session is created
8. service control manager start the explorer.exe<\/strong> and DWM(desktop windows manager)<\/strong><\/p>\n\n\n\n

ps:
DOS \u555f\u52d5
1.MBR
2.IO.SYS – \u5305\u542b\u6240\u6709\u8207\u786c\u9ad4\u6e9d\u901a\u7684\u547d\u4ee4
3.MSDOS.SYS – MS-DOS Kernel
4.command.com – \u63d0\u4f9bDOS\u547d\u4ee4
5.config.sys – \u5305\u542b\u555f\u52d5\u6240\u9700\u7684\u547d\u4ee4
6.autoexec.bat
refer
http:\/\/wenku.baidu.com\/view\/da7fbcd0360cba1aa811da11.html?re=view<\/p>\n\n\n\n

…<\/p>\n\n\n\n


essential windows system files<\/strong>
ntsokrnl.exe : executive and kernel
hal.dll : hardware abstraction layer
gdi32.dll : win32 subsystem DLL files
advapi32.dll : win32 subsystem DLL files
kernel32.dll : win32 subsystem DLL files
user32.dll: win32 subsystem DLL files
bootvid.dll<\/p>\n\n\n\n


Net Logon<\/strong>
Filename: lsass.exe
Command: C:Wndowssystem32lsass.exe
Description:
Microsoft service that supports pass-through authentication of account logon events for computers in a domain.
\u70ba\u4f7f\u7528\u8005\u548c\u670d\u52d9\u8eab\u4efd\u9a57\u8b49\u7dad\u8b77\u6b64\u96fb\u8166\u548c\u7db2\u57df\u63a7\u5236\u7ad9\u4e4b\u9593\u7684\u79d8\u5bc6\u983b\u9053\u3002\u5982\u679c\u6b64\u670d\u52d9\u88ab\u505c\u7528\uff0c\u96fb\u8166\u53ef\u80fd\u7121\u6cd5\u9a57\u8b49\u4f7f\u7528\u8005\u548c\u670d\u52d9\u8eab\u4efd\u4e26\u4e14\u7db2\u57df\u63a7\u5236\u7ad9\u7121\u6cd5\u8a3b\u518a DNS \u8a18\u9304\u3002\u5982\u679c\u6b64\u670d\u52d9\u88ab\u7981\u7528\uff0c\u4efb\u4f55\u4f9d\u8cf4\u5b83\u7684\u670d\u52d9\u5c07\u7121\u6cd5\u555f\u52d5\u3002\u767b\u9678\u6d3b\u52d5\u76ee\u9304\u6642\uff0c\u548c\u57df\u670d\u52d9\u901a\u8a0a\u9a57\u8b49\u7684\u4e00\u500b\u670d\u52d9\uff0c\u4e00\u822c\u9a57\u8b49\u901a\u904e\u4e4b\u5f8c\uff0c\u57df\u4f3a\u670d\u5668\u6703\u8a3b\u518a\u4f60\u7684 DNS \u8a18\u9304\uff0c\u63a8\u9001\u8edf\u9ad4\u88dc\u4e01\u548c\u7b56\u7565\u7b49\u7b49\uff0c\u767b\u9678\u57df\u6703\u7528\u5230\u5b83\u3002\u5de5\u4f5c\u7d44\u74b0\u5883\u53ef\u4ee5\u8a2d\u70ba\u7981\u7528\u3002
refer
http:\/\/www.pczone.com.tw\/vbb3\/archive\/t-146898.html<\/p>\n\n\n\n


ps:
BOOT.SYS
A powerful DOS configuration manager before win98
refer
http:\/\/www.salvisberg.com\/boot.sys<\/p>\n","protected":false},"excerpt":{"rendered":"

boot typecold boot (hard boot) …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[18],"tags":[],"class_list":["post-623","post","type-post","status-publish","format-standard","hentry","category-windows"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/623","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=623"}],"version-history":[{"count":0,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/623\/revisions"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=623"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}