Windows 2000 & divide; XP Boot Process Detailed Explanation
Windows 2000 & divide; XP is an excellent operating system. It has powerful functions, is secure and stable, and is deeply loved by a wide range of computer users. However, during use, we significantly feel that its boot time is much longer than Windows 98, testing our patience more than Windows 98. So, what tasks does the system perform during this time? Don't worry, let me explain it step by step and see why it's so slow.
On Intel-based computers, the Windows 2000 & divide; XP boot process can roughly be divided into five steps: pre-boot, boot, kernel loading, kernel initialization, and user login. Below, I will introduce each step separately: Electric Table
One. Pre-boot
First, the computer powers on for self-test, and the BIOS (Basic Input Output System) completes basic hardware configuration. Then it reads the MBR (Master Boot Record) of the hard drive to check the hard disk partition table to determine the boot partition, and loads the operating system boot sector of the boot partition into memory for execution, which executes the NTDLR (Operating System Loader) file here.
& times; Windows 2000 & divide; XP supports multi-booting. During installation, it first saves the existing other operating system boot sectors as BOOTSECT.DOS files (located in the root directory of the active partition) and modifies the system boot sector so that the system loads the NTDLR file at startup to achieve multi-booting. Windows 98 does not have this function, so if you install Windows 2000 & divide; XP first and then Windows 98, it will destroy the boot record of Windows 2000 & divide; XP, causing 2000 & divide; XP to fail to boot.
Two. Boot
1. First initialize, NTDLR will convert the processor from real mode to 32-bit protected mode.
2. Read the BOOT.INI file. This file is located in the root directory of the active partition, and its role is to make the system display a selection menu during the boot process, allowing the user to choose the desired operating system to boot. If choosing to boot Windows 2000 & divide; XP, NTDLR will continue to guide the following process; if choosing a non-Windows 2000 & divide; XP system, NTDLR will read the system boot sector original BOTSECT.DOS and transfer control to boot the corresponding system.
& times; The [Boot Loader] refers to the operating system loader, specifying the default waiting time and default boot operating system for the system selection menu. You can manually modify it or modify it in the Control Panel. For safety reasons, it is recommended to modify it in the Control Panel. Sequentially select Control Panel - > System - > Advanced - > Startup and Recovery to change related settings. (In Windows XP, there is another method, which is running MSCONFIG (System Configuration Utility).Rubber Hardware
[Operating Systems] segment specifies the list of operating systems. The part enclosed in double quotes is the content displayed in the list, which can be freely modified to make it more personalized.
& times; Sentences in the form of multi(0)disk(0)rdisk(0)partition(1) are called ARC paths, and their format is: multi() - - specify the disk controller (if it is a SCSI controller, then it should be replaced with SCSI()); disk() - - specify the SCSI device number (for MULTI, the value here is always 0); rdisk() - - specify the IDE device number (for SCSI, this is ignored); partition() - - specify the partition number. Except for the partition number starting from 1, all other numbers start from 0.Rubber Hardware
Parameter / fastdetect indicates disabling serial mouse detection, which is the system default value. There are a few common parameters: maxmem - - specifies the available memory capacity for Windows 2000 & divide; XP; basevideo - - uses standard VGA display driver order; noguiboot - - does not display the graphical screen during the boot process; sos - - displays the name when loading device driver orders.
& times; The Chinese font in the operating system selection menu is provided by the BOOTFONT.BIN file located in the root directory of the active partition.
3. The system loads the NTDTECT.COM file. It detects machine hardware such as parallel ports, display adapters, etc., and returns the collected hardware list to NTDLR for future registration and saving in the registry.
4. If Windows 2000 & divide; XP has multiple hardware profiles, a selection menu will appear at this point, waiting for the user to confirm the hardware profile to be used; otherwise, this step will be skipped directly, and the default configuration will be enabled. Pneumatic Tools
& times; A hardware profile is a system file that saves the specific hardware configuration of a computer. Multiple different hardware profiles can be created to meet the needs of a computer in different environments. You can sequentially select Control Panel - > System - > Hardware - > Hardware Profiles to make modifications.
Three. Loading the Kernel
The boot process begins to load the Windows 2000 & divide; XP kernel NTOSKRNL.EXE. This file is located in the SYSTEM32 folder under the Windows 2000 & divide; XP installation folder. Subsequently, the Hardware Abstraction Layer (HAL) is loaded by the boot process, completing this step.
& times; Hardware Abstraction Layer (HAL): hides the details of specific platform hardware interfaces, providing a virtual hardware platform for the operating system, making it hardware-independent and portable across multiple platforms.
Four. Initializing the Kernel
The kernel completes initialization, and NTDLR transfers control to the Windows 2000 & divide; XP kernel, which begins to load and initialize device drivers, as well as start the Win32 subsystem and Windows 2000 & divide; XP services.
Five. User Login
Start the login process. The Win32 subsystem starts WINLOGON.EXE, and it starts LOCAL SECURITY AUTHORITY (LSASS.EXE) to display the login dialog box. After the user logs in, Windows 2000 & divide; XP will continue to configure network devices and the user environment. Finally, accompanied by the Microsoft sound and the familiar customized desktop, the long boot process of Windows 2000 & divide; XP is finally complete. Ha, did you fall asleep? Wake up! The system has booted successfully, now you can do whatever you need to do!Finned Tube
The Task Manager in Windows 2000 & divide; XP is a very useful tool that provides us with a lot of information, such as the current processes (programs) running in the system. However, facing those executable filenames, we might feel a bit lost, not knowing what they do and whether there are any suspicious processes (viruses, trojans, etc.). The goal of this article is to provide some commonly used process names in Windows 2000 and briefly explain their purposes.
In Windows 2000, the system contains the following default processes:
CSRSS.EXE
EXPLORER.EXE
INTERNAT.EXE
LSASS.EXE
MSTASK.EXE
SMSS.EXE
SPOOLSV.EXE
SVCHOST.EXE
SERVICES.EXE
SYSTEM
SYSTEM IDLE PROCESS
TASKMGR.EXE
WINLOGON.EXE
WINMGMT.EXE
More processes and their brief explanations are listed below.
Process Name Description
SMSS.EXE Session Manager
CSRSS.EXE Subsystem Server Process
WINLOGON.EXE Manages user login
SERVICES.EXE Contains many system services
LSASS.EXE Manages IP security policies and launches ISAKMP/OAKLEY (IKE) and IP security driver orders.
SVCHOST.EXE Windows 2000 & divide; XP File Protection System
SPOOLSV.EXE Loads files into memory for later printing.
EXPLORER.EXE Resource Manager
INTERNAT.EXE Pinyin icon in the tray area
MSTASK.EXE Allows programs to run at specified times.
REGSVC.EXE Allows remote registry operations. (System Service) - > RemoteRegister
WINMGMT.EXE Provides system management information (System Service).
INETINFO.EXE MSFTPSVC, W3SVC, IISADMN
TLNTSVR.EXE TLRVSR
TFTPD.EXE Implements the TFTP Internet standard. This standard does not require a username and password.
TERMSRV.EXE TermService .Wheat Gluten Washing Machine
DNS.EXE Responds to queries and update requests for Domain Name System (DNS) names.
TCPSVCS.EXE Provides the ability to remotely install Windows 2000 Professional on PXE remotely bootable client computers.
ISMSERV.EXE Allows sending and receiving messages between Windows Advanced Server sites.
UPS.EXE Manages uninterruptible power supplies (UPS) connected to the computer.
WINS.EXE Provides NetBIOS name service for TCP/IP clients registering and resolving NetBIOS-type names.
LLSSRV.EXE Certificate Logging Service
NTFRS.EXE Maintains file synchronization of directory contents across multiple servers.
RSSUB.EXE Controls media used for remote data storage.
LOCATOR.EXE Manages the RPC name service database.
LSERVER.EXE Registers client licenses.
DFSSVC.EXE Manages logical volumes distributed across local area networks or wide area networks.
CLIPSRV.EXE Supports "Clipboard Viewer" so that clipboard pages can be viewed from a remote clipboard.
MSDTC.EXE Parallel transactions, distributed across two or more databases, message queues, file systems, or other transaction-protected resource managers.
FAXSVC.EXE Helps you send and receive faxes.
CISVC.EXE Index Service
DMADMIN.EXE Disk Management Request System Management Service.
MNMSRVC.EXE Allows authorized users to remotely visit the Windows desktop using NetMeeting.
NETDDE.EXE Provides networking transmission and security features for Dynamic Data Exchange (DDE).
SMLOGSVC.EXE Configures performance logs and alerts.
RSVP.EXE Provides network signaling and local communication control setup functionality for applications and control applications that depend on Quality of Service (QoS).
RSENG.EXE Coordinates services and management tools used to store infrequently used data.
RSFSA.EXE Manages operations on remotely stored files.
GROVEL.EXE Scans Single Instance Storage (SIS) volumes for duplicate files and points duplicate files to a single data storage location to save disk space (only effective for NTFS file systems).
SCARDSVR.EXE Manages and controls access to smart cards inserted into the computer's smart card browser.
SNMP.EXE Contains an agent program that can monitor network device activity and report to network management consoles.
SNMPTRAP.EXE Receives trap messages generated by local or remote SNMP agent programs and passes the messages to SNMP management programs running on this computer.
UTILMAN.EXE Starts and configures auxiliary tools from a window.Beijing Logistics Company
MSIEXEC.EXE Installs, repairs, and deletes software based on commands contained in .MSI files.
Summary: The secret to finding suspicious processes is to look at the process list in the Task Manager often. After looking at it frequently, you can easily spot suspicious processes, just like finding a stranger among a group of familiar people.
Using pure DOS in Windows 2000
There is a very clever way to enter pure DOS after installing Windows 2000: Before installing Windows 2000, start with a Windows 98 boot disk and transfer the system to drive C via the SYS C: command, then install Windows 2000 conventionally. After successful installation, a Microsoft Windows option will appear in the boot menu under the default Microsoft Windows 2000 menu. Selecting this option will start Windows, but since we haven't installed Windows 98, a DOS window will appear, and it will be a genuine real mode.