Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


January 1999

Inside the Boot Process, Part 2


From the January 1999 Edition
of Windows IT Pro
Mark Russinovich
Internals
InstantDoc #4711
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Internals and Architecture Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!
SideBar    Windows 2000 and the Boot

Shortly after win32k.sys starts, it switches the screen to graphics mode. A little later, Winlogon starts the Services subsystem (\winnt\system32\services.exe), which loads all services and device drivers marked Auto Start. (The Services subsystem is also known as the Service Control Manager--­SCM.) Auto Start drivers and services can specify a dependency on a specific service by including a DependOnService value in their Registry keys in a manner similar to the way boot drivers use the DependOnGroup value. The SCM sorts and then initializes the Auto Start drivers and services according to their group and tag values in the same way the I/O Manager sorts the boot- and system-start drivers.

After the SCM initializes the Auto Start services and drivers, it deems the boot successful. The Registry subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet becomes the Last Known Good control set, because the system booted successfully to this point. Earlier in the boot, NT made a copy of this subkey and named the copy HKEY_LOCAL_MACHINE\SYSTEM\CLONE. Any changes drivers make to the current control set during the boot do not change the CLONE subkey copy. The SCM copies the CLONE subkey to another control set subkey (e.g., HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001), and the SCM marks that control set subkey as Last Known Good. The SCM marks the subkey by setting the HKEY_LOCAL_MACHINE\SYSTEM\Select\LastKnownGood value to specify the three-digit identifier at the end of the control set's subkey name (e.g., 001). If a user chooses to boot to the Last Known Good menu during the first steps of a boot, or if a driver returns a severe or critical error, the system uses the Last Known Good profile subkey as HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet. Doing so increases the chances that the system will boot successfully, because at least one previous boot using the Last Known Good profile was successful.

At approximately the time the Services subsystem is starting networking services, Winlogon presents users with the initial logon dialog box. That action brings us to the end of the boot process.

Shutdown
In contrast to the boot process, system shutdown is straightforward. First, the Win32 subsystem informs all Windows applications that the system is going down. Most applications exit voluntarily, and Winlogon stops any stragglers. Winlogon is in charge of finishing the shutdown process by calling the Executive subsystem function NtShutdownSystem. This function calls the I/O Manager, the Configuration Manager, the Memory Manager, and then the I/O Manager again, and informs them that they should prepare for the shutdown.

The first time NtShutdownSystem calls the I/O Manager, the I/O Manager sends shutdown I/O packets to all device drivers that have requested shutdown notification. This action gives device drivers a chance to perform any special processing their device might require before NT exits. The Configuration Manager flushes any modified Registry data to disk, and the Memory Manager writes all modified pages containing file data back to their respective files. If the option to clear the paging file at shutdown is enabled, the Memory Manager clears the paging file at this time. The second time NtShutdownSystem calls the I/O Manager, the I/O Manager informs the file system drivers that the system is shutting down. Finally, if the system's user specified a reboot after the shutdown, the system calls the HAL to reboot the computer.

We've arrived at shutdown for this month's column. This two-column series about the boot process is a roadmap with visual cues to the operations that take place behind the scenes when your system boots. Table 3 presents a summary of boot-process components with their execution modes and responsibilities. Understanding the details of the boot process helps you to diagnose problems that can arise during a boot, and gives you insight into the way NT pulls itself up by its bootstraps.

End of Article

   Previous  1  2  [3]  Next  


Reader Comments
In Mark Russinovich’s NT Internals: “Inside the Boot Process, Part 2” (January 1999), the author states that the Service Control Manager (SCM) deems a Windows NT boot successful after the SCM successfully initializes Auto Start services and drivers. He goes on to say that after NT creates the LastKnownGood control set, the Winlogon process presents the logon dialog box, which ends the boot process.
However, the Microsoft Windows NT Server 4.0 Resource Kit says that an NT boot is complete only after a user successfully logs on to the system. NT copies the Clone control set (in HKEY_LOCAL_
MACHINE\SYSTEM) to the LastKnownGood control set. This step is important because if an NT boot fails and the user has not yet logged on, NT can successfully invoke the Last Known Good configuration the next time the system starts. But if the system crashes just after the user logs on, the Last Known Good menu might not help.
In the author’s description of the NT shutdown process, he does not discuss stopping the SCM services (the part of the process that takes up most of the time during shutdown). Do the Memory Manager and Configuration Manager flush data to disk before or after the services shut down?
<br>--Shailendra Shenoy<br><br><i>

I was unclear in the article about when NT copies the Clone control set. The resource kit documentation is correct: NT copies the key only after all services have successfully started and a successful logon takes place. To answer your question, services shut down before the final cleanup by kernel-mode components.<br>
--Mark Russinovich</i>

Shailendra Shenoy August 06, 1999

Please send me some information about boot process when loading,initialization ,installation driver in WIN NT

Nguyen Manh Thang November 06, 2003

i would like to thank you for this article. although this is the most informative piece i have been able to find on the steps the computer takes to boot, i also need to know what happens once a user clicks on their picture on the welcome screen & logon begins...ending with the desktop/taskbars loaded. i have been trying to figure out what is going on with my "boot/logon" processes in my XP home OS to pinpoint whatever is not loading preventing my desktop, taskbars, & start menu along with many other things on my system from functioning like user accounts, system info, help, device manager, etc. if there is a subsequent article to this explaining logon steps, i would appreciate it if you would contact me by email and let me. thank you again for this wonderful article. tst

ts taylor April 28, 2004

This article is extremely useful and I'd like to give my utmost gratitude to the writer who writes such a wonderful and informative article. I'm not that expert to understand certain difficult parts of this article, but here's a simple question: Since SMSS loads the win32 subsystem only after the BootExecute programs, this means the programs loaded through BootExecute are not able to use the win32 functions, right? In order to create programs that run before the win32 subsystem loads, such programs must avoid the usage of win32 functions, and thus programs of VB6 are not executable in that phase, right? If it's true, then how should I create my programs? I am thinking of MS-DOS programs. Please correct me as I'm not an expert in this area.

Anonymous User January 11, 2005 (Article Rating: )

You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor? Register now




Top Viewed ArticlesView all articles
2009 Windows IT Pro Editors' Best and Community Choice Awards

Picking a favorite product from an impressive crowd of competitive offerings is never an easy task, and such was the case with our Editors' Best and Community Choice awards this year. ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

WinInfo Short Takes: Week of November 23, 2009

An often irreverent look at some of the week's other news, including some post-PDC some soul searching, a Google Chrome OS announcement and a Microsoft response, Windows 7 off to a supposedly strong start, the Jonas Brothers and Xbox 360, and so much more ...
Related Articles Inside the Boot Process, Part 1
Related Events Windows Internals with Sysinternals Webinar

Deep Dive into Windows Server 2008 R2 presented by John Savill

Check out our list of Free Email Newsletters!
Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys

SQL Server Administration for Oracle DBAs
Related Windows OSs Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Calculate your savings now
See how SAN is 57% cheaper than DAS over three years

Free CDs Offer Fundamental Content for IT Pros
Are you up to speed on the latest technologies and solutions? Don't miss out on your chance to get up to speed quickly on fundamental, in-depth information on some of the hottest topics in our library of content.

Let Your Users Reset Their Own Passwords: Free Download
Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.


Exchange Server 2010: Deploying Unified Communications - Virtual conference
December 1, 2009 - Free Registration. Build your Unified Communications future on a strong Exchange Server 2010 foundation.

Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide
Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!

Migration, Virtualization, Availability, and Desktop Management
Realize the importance of a workload optimization strategy...it can affect your bottom line!

Deep Dive into VMware vSphere, eLearning Series
Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement