Recently, due to the principle of operating system, coupled with your own interest in the underlying, there is a lot of information, it is now combined with "Inside Windows NT" and the article on the Internet, and its own rough understanding, sorting out the details of the operating system startup Information, with sharing, of course, there are many examples of extracts, please forgive the original author, if there is a mistake, please refer to:
At the time of power-on powering, according to the characteristics of the X386CUP, the value of the code segment (CS, Code Segment) register is 1, the value of the instruction counter (IP, INSTRUCTION POINTER) is all 0, both CS = FFFF, IP = 0000. At this time, the CPU executes the instructions at FFFF0H according to the value of CS and IP. Since the FFF0H has reached the top address of the basic memory, the instructions at the fff0h are generally always a JMP instruction, and JUMP to another location in the ROM BIOS (that is, the system test code in the BIOS, with the production of BIOS vendors There will be some differences in different times) it is responsible for booting self-test. Such as checking memory, keyboard, etc. During the self-test, the ROM BIOS is scanned in the UMB, UpperMemory Block to see if there is a legitimate device control card ROM BIOS (such as a ROM on the SCSI card), if there is, Some initialization code. Immediately after the system test code, the control will transfer to the starter in the ROM (ROTSTRAP ROUTINE), which reads the zero zero zone on the disk into the memory (this is the general so-called Boot Sector, If you have exposed to computer viruses, you will have heard its name. Assume that the hard disk is the system's startup disk. The first sector of the hard disk is called the main boot record (MBR, Master Bootrecord). The length of the MBR is 512 bytes. It can be divided into two parts: the first part is the pre-boot area, accounting for 446 bytes; the second part is partition panet, a total of 66 bytes, record the partition information of the hard disk. Pre-boot area One of the functions is to find partitions marked as active and read the boot area of the active partition into memory. If you start your computer with a floppy disk, the ROM BIOS is read into the floppy area, the first fan of the floppy disk. District.), As for where to be read? - Absolute position 07c0: 0000 (ie 07c00h), this is the characteristics of the IBM series PC. After a series of complex operations, the control is transferred to the operating system. For Linux, the boot sector of the boot disk is Linux's bootsect program, that is, bootsect is the first program that is read in memory and executed. (In view of everyone studying Linux, Linux active code can be coded, bootsect.s-> setup.s-> head.s-> main.c, so I will ignore the startup after Linux, mainly watching Windows startup And mainly for NT, 2K is similar.
- Because 9X has become a history) For NT, the boot sector is a boot code for the Windows boot fan (he is written in Windows installation). When the boot sector is booted, he first looks for NTLDR. (This file must exist in the root directory, otherwise the system prompt: boot: couldn't Find NTLDR. Or a kernel file is missing from the disk.nt. Then the deadline) NTLDR first converts the CPU from real mode to the protection mode Next. When NTLDR creates all 1M below the memory page descriptor, the NTLDR will turn on the page mapping function. Now NT can access 4G memory. Then, NTLDR looks up in the root directory through the built-in file system code. And according to Boot.ini (this is also the place where we can modify the starting options), the user can prompt the user to select the operating system. When the user does not choose .NTLDR in the default time. NTLDR is booted. Load NTDect.com. Call INTXX to perform a lot of BIOS system call. Used to perform system configuration. All detected things will be saved under the HKLM / Hardware / Description item of the system registry. Next to load The two files form the core of Windows NT. That is: HAL.DLL, NTOSKRNL.EXE. These two files will be detected when loaded, if there is a problem or can't find .nta. After loading these two files, NTLDR loads all the boot the required drivers, then load the value of the value service_boot_start in HKEY_LOCAL_MACHINE / System / Services. (Not initialized at this time.) Then NTLDR will lock Ntoskrnl.exe MAIN () Function, then transfer the control to Ntoskrnl.exe. Next NT starts your own complex OS core initialization. First call ExpinitializeExecutive, and the function calls the function of the function introduced in HAL.DLL Hallnitsystem (). At this time .n Complete the initialization and time of the interrupt controller. When HallNitsystem () returns, the next thing is to initialize the memory manager, the Security Reference Monitor, Object Manager, Process Manager. In Memory Manager After the initialization, NT displays Microsoft (R) Windows NT (TM) Version 4.0 (Build 1381). The back service pack number is from note HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCAL_MACHINE / SYSTEM / CURRENTCAL_MACHINE / CONTROL / Windows / CSDVERSION Take it out. When the process manager is initialized (the process manager is the last initialized manager in ntoskrnl.exe), the process manager generates two processes. One It is an IDLE process. One is the System process. And when returning to ExpinitializeExecutive, ExpinitializeExecutive has a IDLE thread. The priority of the IDLE thread is the lowest. Now call the HAL to activate the multi-CPU function. Then follow Call Object Manager, Executive, Kernel, Security Manager, Cache Manager, Configuration Manager, I / O Manager, Process Manager. The IO Manager is responsible for the initialization of the driver for the start-up value service_boot_start, followed by, start registration The launch value in the table is loaded for service_system_start.
After all Driver is initialized, there is no User Mode program. There is no environmental subsystem. The system process will call the core function exinitializesystem created a SMSS process. It is the session manager process. SMSS is the first User Mode application. His It is also a true native application. He does not depend on any subsystem. The only need for SMSS is NTDLL.DLL. And he created a Win32 subsystem. Then SMSS started: Create LPC port object /smapipiPort.2 thread, Waiting for customer requests, such as adding subsystems. Create a environment variable. Define the DOS symbol join. Create additional page scheduling files. From HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SESSION Manager / Bootexecute to find the native application loaded when booted Native Application. Usually there is Chkdsk.exe Wait. Call Config Manager Complete the HKEY_LOCAL_MACHINE / SAM, HKEY_LOCAL_MACHINE / SAM / SOFTWARE configuration. Then load win32k.sys. At this time, the system is switched to the graphic state. Start the Win32 subsystem. 即 csrss.exe. Start Winlogon Create the LPC port used to debug and create a thread to monitor. After these work is completed, SMSS will always wait for Winlogon and CSRSS process objects. Hands yourself. Winlogon is started. Start SCM (service management ). Of course, Winlogon does not wait for any service to complete startup. It is very likely that the user has already logged in and the service is not booted. When the user's Start group has some applications It is possible to rely on some of the presence of some service. When all service starts correct, now HKEY_LOCAL_MACHINE / System / CurrentControlSet is a Last Known Good Control Set. When SCM is started, Winlogon creates a workstation, representative KBD, Mouse, Monitor. And make sure that Service cannot access the workstation to ensure security. When the workstation is created, open 3 desktops .app, s Cr Saver, Winlogon. Then you create LSA and LPC join. Used to log in. Log out. Password operation. By calling lsAlookupAuthenticationPackage to verify the identity. Create a Winlogon window class. Make sure the SAS sequence key is pressing the window process Call. Only the Winlogon desktop is unlocked to switch to other application desktops. When Logon, Winlogon calls Gina to confirm that the user will log in. (This also provides a way to replace NT itself login verification operation) When the user verifies the identity, login Success, the desktop is unlocked. And call userinit.exe. This program finds the user's shell and starts him. Then you will end life. In this way, an operating system is fully launched.
