计算机系 信息处理实验室 lecture 5 startup and shutdown xlanchen@03/18/2005
TRANSCRIPT
计算机系•信息处理实验室
Lecture 5 Startup and Shutdown
xlanchen@03/18/2005
xlanchen@03/18/2005 Understanding the Inside of Windows2000
2计算机系信息处理实验室
Contents
Boot Process
Safe Mode
Recovery Console
Shutdown
System Crashes
xlanchen@03/18/2005 Understanding the Inside of Windows2000
3计算机系信息处理实验室
Background
BIOS (Basic Input/Output System)
Typically placed on a ROM chip of the computer
Low-level routines specific to the hardware supplied with the motherboard
POST (Power On Self Test) routines
Boot up the system
xlanchen@03/18/2005 Understanding the Inside of Windows2000
4计算机系信息处理实验室
Boot from power-on
Power-on or reset
The processor is pre-programmed, the value in IP register is 0xFFFFFFF0
The instruction tells the processor:
“jump to the real BIOS startup program at XXXXX”
POST
…
Search for a boot device
For disk, MBR (Master Boot Record)
The code in MBR controls the processor
xlanchen@03/18/2005 Understanding the Inside of Windows2000
5计算机系信息处理实验室
MBR (Master Boot Record)
The first sector on the disk:
cylinder 0, head 0, sector 1
Master partition table (only 4 entries)
Primary partitions
Active (primary) partitions, only one
Extended partitions
xlanchen@03/18/2005 Understanding the Inside of Windows2000
6计算机系信息处理实验室
Hard disk layout
MBR
xlanchen@03/18/2005 Understanding the Inside of Windows2000
7计算机系信息处理实验室
Master Boot Code
Find an active partition, and boot
Volume/partition boot sector
xlanchen@03/18/2005 Understanding the Inside of Windows2000
8计算机系信息处理实验室
Volume boot sector
Disk parameter block
Size
Sector numbers
Label name
Sectors per cluster
…
Volume boot code
Boot an operating system or a boot manager
This is operating specific
xlanchen@03/18/2005 Understanding the Inside of Windows2000
9计算机系信息处理实验室
Windows setup
Writes MBR
Formats the boot partition with user specified file system format (FAT, FAT32, or NTFS )
Writes volume boot sector
Copies files including two boot files: Ntldr and Ntdetect.com
Create a boot menu file, Boot.ini, in the root directory of the boot partition
…
xlanchen@03/18/2005 Understanding the Inside of Windows2000
10计算机系信息处理实验室
Boot.ini
Contains options for starting the version of Windows 2000 and any preexisting Windows 2000 installations
Example:[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINNT [operating systems]multi(0)disk(0)rdisk(0)partition(1)\WINNT=“Microsoft windows 2000 professional“ /fastdetectC:\="Microsoft 燱 indows"
xlanchen@03/18/2005 Understanding the Inside of Windows2000
11计算机系信息处理实验室
Windows 2000 boot sector
The content depends on the file system format
FAT, FAT32 or NTFS
The role of the boot-sector code
To give Windows 2000 information about the structure and format of a logical disk drive
to read in Ntldr
xlanchen@03/18/2005 Understanding the Inside of Windows2000
12计算机系信息处理实验室
Ntldr
Real mode protected mode
20bits memory access 32bits memory access
creating enough page tables to make memory below 16 MB accessible
enables paging
Read Boot.ini
loads and executes Ntdetect.com
xlanchen@03/18/2005 Understanding the Inside of Windows2000
13计算机系信息处理实验室
Background
Real mode vs. protected mode
xlanchen@03/18/2005 Understanding the Inside of Windows2000
14计算机系信息处理实验室
Ntldr
Loading the files needed to start the kernel initialization
Ntoskrnl.exe, Hal.dll
Determine, locate, and load the necessary boot device drivers
May need to adds the necessary file system driver for those boot device drivers
Prepares CPU registers for Ntoskrnl.exe
xlanchen@03/18/2005 Understanding the Inside of Windows2000
15计算机系信息处理实验室
Call Ntoskrnl
Ntldr passes the following parameters:
The selected menu option
The memory tables
The in-memory copy of the HARDWARE and SYSTEM registry hives
The list of loaded boot drivers
xlanchen@03/18/2005 Understanding the Inside of Windows2000
16计算机系信息处理实验室
Ntoskrnl
Initializing the Kernel and Executive Subsystems
Phase0
To build the rudimentary structures required to allow the services needed in phase 1 to be invoked.
phase1
Initialize
xlanchen@03/18/2005 Understanding the Inside of Windows2000
17计算机系信息处理实验室
Smss
Smss
start the Win32 subsystem
Csrss
Winlogon
THE END
xlanchen@03/18/2005 Understanding the Inside of Windows2000
18计算机系信息处理实验室
Boot Process
Boot Process Components
Master boot record (MBR) code
Boot sector
Ntldr
Ntoskrnl.exe
Smss
Winlogon
Service control manager (SCM)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
19计算机系信息处理实验室
Safe Mode
Safe mode is a concept Windows 2000 borrows from Consumer Windows—a boot configuration that consists of the minimal set of device drivers and services.
By relying on only the drivers and services that are necessary for booting, Windows 2000 avoids loading third-party and other nonessential drivers that might crash.
Key “F8”
xlanchen@03/18/2005 Understanding the Inside of Windows2000
20计算机系信息处理实验室
Recovery Console
In some situations a safe-mode boot won't help the system boot
The Recovery Console allows you to boot into a limited command-line shell from the Windows 2000 CD or boot disks to repair an installation without having to boot the installation.
xlanchen@03/18/2005 Understanding the Inside of Windows2000
21计算机系信息处理实验室
Shutdown
ExitWindowsEx
Winlogin
Csrss
NtSetSystemPowerState
xlanchen@03/18/2005 Understanding the Inside of Windows2000
22计算机系信息处理实验室
System Crashes
Why ?
unhandled exception in kernel mode
reschedule when IRQL is DPC/dispatch level or higher.
A page fault on memory backed by data in a paging file or a memory mapped file occurs at an IRQL of DPC/dispatch level or above
explicitly crash after detecting an internal error condition
hardware error
xlanchen@03/18/2005 Understanding the Inside of Windows2000
23计算机系信息处理实验室
The Blue Screen
xlanchen@03/18/2005 Understanding the Inside of Windows2000
24计算机系信息处理实验室
Crash Dump Files
Default option
Three levels of information can be recorded on a system crash
Complete memory dump
Kernel memory dump
Small memory dump