Windows startup process
Encyclopedia
The Windows Startup Process is the process by which Microsoft
's Windows
series of operating system
s initializes.
was executed. It then loaded win100.bin/win200.bin and win100.ovl/win200.ovl, along with the configuration settings file WIN.INI
. The default shell is the MS-DOS Executive.
The modules GDI.EXE, KERNEL.EXE and USER.EXE, fonts, and the various device drivers (such as comm.drv, mouse.drv, keyboard.drv) are incorporated in win100.bin/win200.bin and win100.ovl/win200.ovl.
and 95/98/ME
, the boot loader phase is handled by MS DOS. During the boot phase, the Autoexec.bat
and Config.sys
are executed, along with the configuration settings files WIN.INI
and SYSTEM.INI
. Virtual device drivers are also loaded in the startup process : they are most commonly loaded from the registry (HKLM\System\CurrentControlSet\Services\VxD) or from the SYSTEM.INI file.
When all system configuration files and device drivers have been loaded, the 16-bit modules, krnl386.exe, gdi.exe, and user.exe, are loaded, then the 32-bit DLLs (kernel32.dll, gdi32.dll, and user32.dll) are loaded. The 32-bit VxD message server (Msgsrv32) starts Mprexe.exe, which is responsible for loading the network logon client (such as Client for Microsoft Networks, Microsoft Family Logon or Windows Logon).
When a user is logging on to Windows, the startup sound is played, the shell (usually Explorer.exe) is loaded from the [boot] section of the SYSTEM.INI file, and startup items are loaded.
In all DOS-based versions of Windows except ME, it is also possible to load Windows by booting to a DOS prompt and typing "win". There are some command line switches that can be used with the "Win" command: with the /d switch, Windows boots to safe mode, and with the /d:n switch, Windows boots to safe mode with networking. The latter switch only works properly with Windows 95 . In Windows 3.1, additional options are available, such as /3, which starts Windows in 386 enhanced mode, and /s, which starts Windows in standard mode
, the boot loader is called NTLDR
. It is responsible for accessing the file system on the boot drive, for starting Ntoskrnl.exe
and for loading boot-time device drivers into memory. Once all the Boot and System drivers have been loaded, the kernel (system thread) starts the Session Manager Subsystem (smss.exe), which in turn starts Winlogon
, which loads the graphical identification and authentication
library.
After a user has successfully logged in to the machine, Winlogon does the following:
In Windows 95/98/ME, it was also possible to run a program before the user logs on by using RunServicesOnce or RunServices keys. In Windows NT, this has been replaced by the Services.exe program, which is able to load a set of system services before a user logs on.
Additionally, on English versions of Windows, the startup folder was called "StartUp" instead of "Startup" in Win9x.
Adware, Spyware, and other unwanted software might add itself to the system registry in order to be automatically started when a Windows NT system logs on.
is slightly different from any previous version of Windows that uses the NT kernel. The operating system boot loader
in Vista is called winload.exe, and is invoked by Windows Boot Manager. Additionally, the GINA
that has been in use with all versions of Windows NT since 3.1 has been entirely replaced by "Credential Providers".
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
's Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
series of operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s initializes.
Windows 1.x/2.x
In Windows versions 1.01 to Windows/386, the system was loaded when WIN.COMWIN.COM
WIN.COM is the executable file used to load versions of Windows that run from DOS. In Windows 3.1 and its predecessors, it is executed either manually from the DOS prompt or as a line in AUTOEXEC.BAT. In Windows 95 and onward it is automatically invoked by IO.SYS after AUTOEXEC.BAT is processed...
was executed. It then loaded win100.bin/win200.bin and win100.ovl/win200.ovl, along with the configuration settings file WIN.INI
WIN.INI
WIN.INI is a basic INI file that was used in versions of the Microsoft Windows operating environment up to Windows 3.11 to store basic settings at boot time. By default, all font, communications drivers, wallpaper, screen saver, and language settings were stored in WIN.INI by Windows 3.x...
. The default shell is the MS-DOS Executive.
The modules GDI.EXE, KERNEL.EXE and USER.EXE, fonts, and the various device drivers (such as comm.drv, mouse.drv, keyboard.drv) are incorporated in win100.bin/win200.bin and win100.ovl/win200.ovl.
Windows 3.x/9x
In Windows 3.xWindows 3.1x
Windows 3.1x is a series of 16-bit operating systems produced by Microsoft for use on personal computers. The series began with Windows 3.1, which was first sold during March 1992 as a successor to Windows 3.0...
and 95/98/ME
Windows 9x
Windows 9x is a generic term referring to a series of Microsoft Windows computer operating systems produced since 1995, which were based on the original and later modified Windows 95 kernel...
, the boot loader phase is handled by MS DOS. During the boot phase, the Autoexec.bat
AUTOEXEC.BAT
AUTOEXEC.BAT is a system file found originally on DOS-type operating systems. It is a plain-text batch file that is located in the root directory of the boot device...
and Config.sys
CONFIG.SYS
CONFIG.SYS is the primary configuration file for the DOS, OS/2 as well as similar operating systems. It is a special file that contains setup or configuration instructions for the computer system.- Usage :...
are executed, along with the configuration settings files WIN.INI
WIN.INI
WIN.INI is a basic INI file that was used in versions of the Microsoft Windows operating environment up to Windows 3.11 to store basic settings at boot time. By default, all font, communications drivers, wallpaper, screen saver, and language settings were stored in WIN.INI by Windows 3.x...
and SYSTEM.INI
SYSTEM.INI
SYSTEM.INI was an initialization used in early versions of Microsoft Windows to load device drivers and the default Windows shell , among other system settings. Many of these settings were honored in Windows 9x , although the INI files had begun to be phased out in favor of the Windows Registry...
. Virtual device drivers are also loaded in the startup process : they are most commonly loaded from the registry (HKLM\System\CurrentControlSet\Services\VxD) or from the SYSTEM.INI file.
When all system configuration files and device drivers have been loaded, the 16-bit modules, krnl386.exe, gdi.exe, and user.exe, are loaded, then the 32-bit DLLs (kernel32.dll, gdi32.dll, and user32.dll) are loaded. The 32-bit VxD message server (Msgsrv32) starts Mprexe.exe, which is responsible for loading the network logon client (such as Client for Microsoft Networks, Microsoft Family Logon or Windows Logon).
When a user is logging on to Windows, the startup sound is played, the shell (usually Explorer.exe) is loaded from the [boot] section of the SYSTEM.INI file, and startup items are loaded.
In all DOS-based versions of Windows except ME, it is also possible to load Windows by booting to a DOS prompt and typing "win". There are some command line switches that can be used with the "Win" command: with the /d switch, Windows boots to safe mode, and with the /d:n switch, Windows boots to safe mode with networking. The latter switch only works properly with Windows 95 . In Windows 3.1, additional options are available, such as /3, which starts Windows in 386 enhanced mode, and /s, which starts Windows in standard mode
Windows NT
In Windows NTWindows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
, the boot loader is called NTLDR
NTLDR
NTLDR is the boot loader for all releases of Windows NT operating system up to and including Windows XP and Windows Server 2003. NTLDR is typically run from the primary hard disk drive, but it can also run from portable storage devices such as a CD-ROM, USB flash drive, or floppy disk...
. It is responsible for accessing the file system on the boot drive, for starting Ntoskrnl.exe
Ntoskrnl.exe
ntoskrnl.exe is the kernel image for the family of Microsoft Windows NT operating systems...
and for loading boot-time device drivers into memory. Once all the Boot and System drivers have been loaded, the kernel (system thread) starts the Session Manager Subsystem (smss.exe), which in turn starts Winlogon
Winlogon
In computing, Winlogon is the component of Microsoft Windows operating systems that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screensaver is running...
, which loads the graphical identification and authentication
Graphical identification and authentication
The graphical identification and authentication library is a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services....
library.
After a user has successfully logged in to the machine, Winlogon does the following:
- User and Computer Group PolicyGroup PolicyGroup Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules that control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and...
settings are applied. - Startup programs are run from the following locations:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
All Users ProfilePath\Start Menu\Programs\Startup\
(please note that this path is localized on non-English versions of Windows)Current User ProfilePath\Start Menu\Programs\Startup\
(please note that this path is localized on non-English versions of Windows)
In Windows 95/98/ME, it was also possible to run a program before the user logs on by using RunServicesOnce or RunServices keys. In Windows NT, this has been replaced by the Services.exe program, which is able to load a set of system services before a user logs on.
Additionally, on English versions of Windows, the startup folder was called "StartUp" instead of "Startup" in Win9x.
Adware, Spyware, and other unwanted software might add itself to the system registry in order to be automatically started when a Windows NT system logs on.
Windows Vista
The sequence of booting Windows VistaWindows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
is slightly different from any previous version of Windows that uses the NT kernel. The operating system boot loader
Booting
In computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
in Vista is called winload.exe, and is invoked by Windows Boot Manager. Additionally, the GINA
Graphical identification and authentication
The graphical identification and authentication library is a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services....
that has been in use with all versions of Windows NT since 3.1 has been entirely replaced by "Credential Providers".