Windows 7 Startup . So I have provided a couple of supporting articles on basic terms used to describe how Windows works and an overview of many of the main components of Windows. This article will be most useful to confident users because it provides clarity and detail that is quite difficult to find elsewhere.
Assign Computer Startup Scripts. Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012. This article describes the steps and phases in Windows 7 startup using diagrams to illustrate the flow of programs. Small utility allows you to easily ping multiple host names and IP addresses. Simple IP/IP Range Ping simply pings each IP address and displays the number of succeed. For example, what the heck is "Btmshellex" in the list on my.
All the information in this article can be found on the Web but you will find that there are no easy overviews. Most of the sources conflate (mix together) Windows components, features, and versions. I've still had to rely on other commentaries as I've only used the tools that would be used by a confident user. That's why there is no mention of advanced tools for programmers like kernel debuggers or the special debug version of Windows (a checked build).
It should not be relied upon for making any changes to your system. Instead you should confirm any change through the relevant support channels for Microsoft Windows or the particular application you are dealing with. If you do want more detail in some area then let me know by registering with this site and leaving a comment. Although it is very similar to Vista there are major differences in the startup processes.
I have pointed out some of those differences where it improves this article. For any thing else related to earlier version of Windows you will have to look elsewhere.
The examples I am using are based on startup traces I ran on my test PC running Windows 7 6. I use 6. 4- bit Windows because it is the future and I need to highlight how 6. Windows handles 3. The traces provide some timings to give you a relative indication of the time taken by the startup phases and it also provides you with the option to compare it with your own Windows startup. Just be aware that there are several reasons why your relative timings may be considerably different to mine.
If your display is smaller, particularly if it is below 1. Printer- friendly view' to remove the sidebars so you can read them more easily. The diagrams are not digital images such as bitmaps or vector- based drawings.
The startup process of Windows Vista, Windows Server 2008 and their successors differs from the startup process part of previous versions of Windows. Startup Managers (sometimes called “Setup” or “Configuration” tools) allow you to control, configure and review the programs and services that start with. Table of Contents. Overview of the Windows Vista Repair options; How to perform an automatic repair of Windows Vista using Startup Repair; Advanced Tools overview.
They are only HTML characters and HTML/CSS formatting. This means that you may have to change your web browser settings.
Set the page encoding to Unicode or Auto- detect so the arrows and other symbols are visible. For example, in Firefox this is under the Menu . Where a registry key is too long to fit in one line of a table then I have also inserted line breaks to break it up.
It runs our applications programs on top of layers of services and subsystems that are mainly provided by the Windows Kernel mode. Kernel mode sits between the hardware and our application programs, supervises the running of the computer, and provides subsystems and services for User- mode programs to use. Kernel mode startup roughly corresponds to the time that the . During Kernel- mode startup there is very little for you to see apart from the Starting Windows screen. During User- mode startup the logon screen and the desktop screens are almost always visible. An important attribute of this division is that Kernel mode is mainly sequential because there are many dependent processes and prerequisites.
So the Kernel- mode sub- systems are largely built up in a specific order. Whereas User mode is a virtual explosion of processes spawning other processes and almost always running in parallel because most of the dependencies are incorporated in the Kernel mode. Windows also has Ready. Boot and prefetch to ensure that needed components are ready to memory when needed to load or start.
To maintain responsiveness, Windows delays the starting of many programs. Services and drivers good examples of this.
Boot start and system start drivers start during the kernel- mode phase. In the meantime, other startup processes like user logon have started more quickly. That is unless Windows has booted in debugging mode in which case the debugger will appear. System process for the Kernel (NTOSKrnl.
Diagram 1 is a simple flowchart of the major programs that control the sequence of a normal Windows startup. There are many more essential programs that are initialised and run by these programs.
I didn't include any of them although many are listed in the more detailed startup steps later in this article. This diagram matches Diagram 2, 'Phases of Windows Startup for immediate logon'. The colors here largely match the Boot Phase scheme in Diagram 2. As do the times on the left which startup trace times in seconds. Until the user logon screen appears at 3.
Diagram 3, 'Phases of Windows Startup for a delayed logon'. Diagram 1 - An overview of Windows startup. Firmware boot(BIOS or UEFI). But most processes continue to run for longer and many run until Windows is shutdown - I've indicated these with the infinity icon ( .
You will notice that the processes that interact directly with users (Logon. UI and Explorer) are not critical so if they fail they do not automatically crash Windows. But this is also the time when many kernel- mode sub- systems, the Windows APIs and the registry are also starting. It won't be discussed again in the more detailed discussion of Windows startup. When you turn on the power switch of your computer there is a standardized process for your computer to know what to do without any input from yourself.
This is called bootstrapping or, as it is commonly known, booting. It is based on the idea of pulling yourself up by the bootstraps of the boots that you are wearing. For a computer, booting means running a small program stored in a specific address in memory. This program is very simple and mainly works to load a larger more complex program called a boot loader which can then itself load a larger more complex program such as the Windows boot loader.
Again that Windows boot loader loads the much more complex Windows kernel- mode which eventually leads to the Windows operating system being loaded for you to use in User mode. This combination of non- volatile memory and program code is called firmware. Currently there are two main firmware interfaces that have been standardized for Windows computers. The old version which was used on the original IBM PC is called the BIOS (Basic Input/Output System). The other more modern design of firmware is called UEFI (Unified Extensible Firmware Interface) and has only been widely used since 2. If so skip some tests. It is loaded into memory at the address 0x.
C0. 0 and it is executed or run. Initially, a real- mode stub is which then passes control to a 3. Boot Manager. The Windows Boot Manager can provide a boot option menu for you to select from. It is called the Extensible Firmware Interface (EFI) because has the capacity to run other programs and it can confirm the software and hardware to prevent untrusted components from operating.
If so use the TPM (Trusted Platform Module) to enhance security. This does not mean that it runs like a BIOS only that it uses the same interface. This initialization includes the secure boot verification of hardware.
Initialize CPU. Initialize chipset. Initialize motherboard, RAM and other interfaces.
Load the Driver execution environment (DXE) for discovered resources. Option ROMs on adapter cards including on NICs. Load the UEFI boot manager which has a boot menu option which the BIOS does not have. It is not limited to a disk drive or a NIC. The Boot Manager can display a boot menu but I am describing the simplest startup process so those options are not discussed here. It is also not timed so it is not included in discussions of the example trace.
The Boot Manager log is Boot. Start. dat in the Windows directory or the \Boot directory of the system partition.
This location can be set in the BCD. If the previous start failed then the Boot Manager displays its boot menu. As I'm not looking at failed starts this is not discussed here. The Microsoft memory tester, memtest. Again, I am not discussing this feature.
Up until the point where the Windows Boot Manager hands over control to the Windows Loader there is no record of the time. Form this point there are several ways of describing the Windows startup phases. You may find that the differing intervals and terminology are a hindrance when either reading articles about Windows startup or trying to interpret the diagnostic results from various tools. The remainder of this section illustrates the similarities and differences between these schemes before I discuss the startup components in more detail. You could say that they move from user- oriented on the left to more technical on the right but really only the first category is accessible to most users.
Visible to Users is what you see on your screen. These events normally occur some time after the start of the interval. Boot Time is used in the Windows Event Manager and those statistics are available at any time. Windows Focus indicates the process that is currently awaiting input and is usually visible. Focus is the graphical equivalent of the text- based cursor.
Boot Interval is used in the Boot Phase analysis of Windows Performance Analysis (WPA) when summarizing trace data provided by Windows Performance Recorder (WPR). It is very similar to the Boot Phase analysis which is different only in that the Pre Session interval is divided into the OS Loader and Kernel- mode initialization. Boot Phase is widely used in Microsoft tutorials on analysing Windows startup. It is probably the most useful to understand simply because it is often used to describe what is happens when you delve more deeply into Windows startup.
The Drivers & Services category, as I've called it, is focused on kernel mode Plug and Play (Pn. P) Manager which loads devices and drivers in three main phases which correspond to the three categories of devices and drivers. Boot. Start devices and drivers are those that are run before the Windows Kernel mode is completely running. They are run when they are required so they are not part of the startup phases.