WINDOWS startup and shutdown process is a big secret

Friends who use old machines and laptops, I am afraid the most unbearable is the system startup process that is slow and crazy. Even after trying all kinds of optimization cheats and using all the optimization software, Windows XP is still a slow start, and the slow shutdown is frustrating. Today, I will explain to you the WINDOWS startup and shutdown insider. After learning this tutorial, see if you can speed up your switch.

WINDOWS startup process

First: The role of NTLDR

1. First machine POST----BIOS----MBR----BOOT SECTOR----os boot program WINDOWS boot program is NTLDR Note that this file is actually a Executable file, here the main work of the machine is: CPU from 16 real mode to 32 protection mode, enable the CPU page mechanism, if the disk is SCSI, load Ntbootdd.sys to access the disk, otherwise use INT13 to access. Here, if the machine does not find the Ntldr file, under the FAT file system, the machine displays "BOOT: Couldn't find NTLDRP", and under NTFS, "NTLDR is missing" (this is not a specific experiment, it is on the book) Said)

2. After NTLDR is loaded, the CLS screen first checks whether there is a legal Hiberfil.sys in the root directory. The function of this file is to save all the information in the memory to hiberfil when the machine is asleep. In the .sys file, the size of this file is always the same as the physical memory size of the system. If you want to recycle this space, please open the "Power Management" under "Control Panel", select the "Hibernate" tab, and remove the checkmark of "Enable Hibernate". The system will automatically Eliminate the hiberfil.sys file. If there is, it will start quickly until the last time the machine is hibernated.

3. Then handle Boot.ini, if there are multiple startup items, then the boot menu is displayed (if there is only one default item, then we can see the startup status bar of WINDOWS immediately) Handling BOOT.ini WINDOWS comes with a tool Bootcfg.exe, you can use this tool to modify, of course, you can use Notepad to open boot.ini to modify, some parameters of boot.ini will be saved in the registry HKLM\\System\\CurrentControlSet Under \\Control\\SystemStartOptions. You can go to the data in the boot.ini parameters.

4. The following is the NTLDR call to execute Ntdetect.com, the role is to detect some basic equipment and configuration information including: time and date information in CMOS, bus type, disk size, type, number, input device The information, the information of the port, the type of video card, and the information is collected and saved under HKLM\\ HARDWARE\\DESCRIPTION. Then in the 2000 version, the "Starting Windows" process bar is displayed, and in xp, 2003 is the LOGO of the WINDOWS

5. During the process of displaying the progress bar, the machine is actually loading the system correspondingly. The kernel and HAL files are generally two files, Ntoskrnl.exe and Hal.dll. If you find that the file is not found during this process, you will see the message "Windows could not start because the following file was missing or corrupt". Then read the registry SYSTEM HIVE (Windows\\System32\\Config\\System) to determine the device drivers that need to be loaded. These device drivers are all in SERVICE_BOOT_START (0)

6. Then load Ntoskrnl.exe, so The mission of NTLDR is over.

The second Ntoskrnl.exe function process here mainly divides the kernel into two phases, and finally creates the Session Manager subsystem (Smss) process.

The third Smss process

1. Create an LPC port object, define symbolic links for MSDOS, such as COM1, LPT1, if you have Terminal Services installed, create \\Sessions directory

2. Run the program defined by HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\BootExecute in the registry. The default is to run Autochk

3. Execute HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager \\PendingFileRenameOperations table key delay, delete, rename operation

4. Load HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\KnownDLLs Initialize paging files and registry

5. Create a system environment Variables, these are defined in HKLM\\System\\CurrentControlSet\\Session Manager\\Environment

6. Load and initialize the kernel module of the WIN32 subsystem Win32k.sys

7. Create the WIN32 subsystem server process, Including Csrss, create a Winlogon process. If one of the two processes here is abnormal, then the system will be interrupted. Previous page12Next page Total 2 pages