Windows 7 startup

Windows 7 startup phases :

From the point you press the power button until you have your Desktop loaded, Windows 7 has many steps to take.

The normal startup sequence of Windows 7 is:

1- Power-on self-test phase (POST).

2- Initial startup phase.

3- Windows boot manager phase.

4- Windows boot loader phase.

5- Kernel loading phase.

6- Long-on phase.

1- Power-on self-test phase (POST):

During that phase the computer starts executing the BIOS or UEFI program that performs the following tasks:

- Hardware initial checks such as determining the amount of RAM.

- Checks that the devices needed to start the operating system such as the hard drive are present.

- Retrieves the information stored in the CMOS.

2- Initial startup phase:

After the POST, the computer will use the boot order information stored in the CMOS to start, in case the first boot is hard disk that contains Windows 7 the first file to be loaded is Windows boot manager, a BIOS compatible Windows and UEFI compatible Windows load the windows boot manager differently:

- For BIOS compatible it starts by loading the MBR (Master Boot Record) which is located at the first sector of the hard drive and it contains a partition table (a map of the hard drive, with all its partitions) and a small boot code used to read the partition table and locate the active partition, once the active partition is located, the boot sector is read and the location of the Windows boot manager is retrieved for more information read the article BIOS/MBR boot .

- In case of UEFI compatible Windows, there is a built-in boot manager that can be configured in the setup program of the UEFI, the efi system partition contains the file needed to load windows which is something .efi (bootia32.efi ..etc) for more information read the article UEFI /GPT boot.

3- Windows boot manager phase:

During this phase the windows boot manager enables you to choose from multiple of operating systems installed, as we saw in previous articles BIOS/MBR boot and UEFI /GPT boot  that depends on the Windows version installed, in case of BIOS compatible the boot manager bootmgr will read the BCD data base to show the list of installed operating system, or in case of only one installed it wait for the user to press a key to choose advanced boot options, and in case of UEFI compatible Windows the boot manager is integrated in the UEFI itself and will consult the efi system partition to load Windows.

4- Windows boot loader phase.

The windows boot manager will then load the windows boot loader file winload.exe located in C:\windows\system32, this file will start loading Windows by doing the following:

• Loads the kernel (Ntoskrnl.exe) but doesn’t run it.
• Loads the Hardware Abstraction Layer (HAL), Hal.dll located in C:\windows\system32, which will be used by the kernel.
• Loads the system registry hive (C:\Windows\System32\Config\System).
• Loads the drivers configured to boot with the operating system but doesn’t initiate them, the list of drivers configured to be load with the operating system is found in the system registry at HKEY_LOCAL_MACHINE\SYSTEM\Services.
• Give the control to the kernel that will start the next step.

 5- Kernel loading phase:

The Windows kernel Ntoskrnl.exe with the Hall.dll initialize a group of software features that are called the Windows executive, it also start services and drivers configured to boot with the system, and it creates the registry key HKEY_LOCAL_MACHINE\HARDWARE, which contains the hardware data collected at system startup.

After that the kernel starts the session manager (Smss.exe), a user process that continues to run until the operating system is shut down. The session manager performs many tasks such as Starting the Logon Manager (C:\System32\Winlogon.exe) which handles the next step and renaming delayed files, for example when you install an application and you’re prompt to restart your computer so that the files in use will be rename.

6- Long-on phase:

Windows logon winlogon.exe enable the user to log on and off, in addition it does the following:

• Starts the services subsystem (services.exe) that manages services and starts all the services configured to be start with the system.
• Starts the Local Security Authority (LSA) process (Lsass.exe).
• Checks whether the Ctrl+Alt+Delete key combination are pressed in case the computer is part of an active directory domain.
• The registry entry LastKnownGood (located in HKLM\SYSTEM\Select) is updated with the contents in the CurrentControlSet subkey.
• Winlogon then starts Userinit.exe and the Windows Explorer shell.
• Userinit.exe will then starts the applications configured to start with the operating system.

Don't forget to like us on Facebook 

Next                                                  Previous