Subscribe to the RSS feed
Last
updated:
08 Nov 2010XP:
xpboot.html
http://www.bleepingcomputer.com/forums/topic138692.html
Vista:
Windows Setup (chooses options that affect the boot process)
BIOS
(Reads the MBR)
ERRORs
in reading the MBR -
Black
screen
MBR
missing
Invalid
partition table
Error
loading operating system
Missing
operating system
FIX =
bootrec /fixmbr
MBR
(Reads the partition boot sectors)
ERRORs
in reading the Boot Sector -
Black
screen
Boot
Sector missing
A disk
read error occurred
BOOTMGR
is missing
BOOTMGR
is compressed
FIX =
bootrec -fixboot
Boot
Sector (Reads the root directory to load Bootmgr)
ERRORs
in reading the Boot Manager -
BOOTMGR
is missing
Windows
could not start because of a computer disk hardware configuration
problem
Could not
read from selected boot disk
Check
boot path and disk hardware
FIX =
bootrec /scanos & bootrec /rebuildbcd
FIX =
bcdedit.exe and rebuild it all
Boot
Manager
Enables access to all memory (could only
access 1st 1mB of memory when launched)
Enables paging
Reads BCD
Shortcuts
to Winresume.exe if system was hibernated
Presents boot menu (if more than one
choice)
x64 - switches to 64 bit mode
Loads Winload.exe (the OS loader)
Winload.exe
Loads Ntoskrnl.exe & dependencies
Bootvid.dll (32 bit)
Hal.dll
Kdcom.dll
Ci.dll
Clfs.sys
Pshed.dll
Loads SYSTEM registry hive
ERROR -
Windows could not start becaue the following file is missing or
corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM
FIX =
chkdsk /r
FIX =
replace w/backup copy (from \Windows\System32\Config\RegBack
FIX =
System Restore
Loads Boot Start drivers
Transfers control to Ntoskrnl.exe
ERROR -
System
file corruption
File
missing or corrupt
STOP
0xC0000135 (UNABLE_TO_LOCATE_COMPONENT)
FIX =
chkdsk /r
FIX =
replace missing components
Ntoskrnl.exe
(2 phase initialization process)
Phase 0
Gives
system control to Hal.dll
Locates
crash messages for BSOD's (earlier crash won't have message?)
Initializes Driver Verifier
Attaches
kernel debugger (if used)
Creates
System Idle Process
Phase
1
Windows
Splash Screen
ERROR -
BSOD
Black
Screen
Blank
Cursor
Mouse works
Causes:
Bug in a
device driver
Corruption in
the registry hive (NOT the SYSTEM hive)
FIX = Last
Known Good Configuration (LKG)
If it works,
compare Control section of registry (pg 1113 of Windows Internals
v5). Ignore changes in the ENUM keys
System time is initialized
Kernel
debugger finishes initializing
Driver
Verifier tracing is enabled
Ntdll.dll
is mapped in
Copies
registry data (Passed from Winload.exe) into HARDWARE and SYSTEM hives
Superfetch/prefetch initialized
Boot log
initialized (if selected)
Boot
Start drivers initialized
System
Start drivers initialized
Smss.exe
is started (creates the user mode environment)
Waits 5 seconds for Smss.exe to exit (if
it does,
system will crash w/SESSION5_INITIALIZATION_FAILED stop code 0x71)
Smss.exe
Autochk.exe
Delayed file rename and delete operations
Creates additional page files (if needed)
Loads SAM, SECURITY, and SOFTWARE
registry hives
Loads KnownDLL's
Creates Session 0
Starts 2 sessions simultaneously:
Session
0
Session1
(and other sessions)
Csrss.exe
Csrss.exe
Win32k.sys
Winlogon.exe (see below)
Video changes fm VGA mode to default
resolution
Wininit.exe
SCM
(Services.exe)
LSASS
(Lsass.exe)
LSM
(Lsm.exe)
Initalizes rest of Registry
User mode initialization
Winlogon.exe
LogonUI.exe (auth by Lsass.exe)
Loads user registry into HKCU
Loads Userinit.exe
Userinit.exe
Runs User scripts
Runs Machine scripts
Loads Shell= from registry
(HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell)