How PC Works PC Works Based on Memory handling The registry Windows boot Windows architecture o systems and subsystem details o PE files  exe and dll.

Slides:



Advertisements
Similar presentations
Windows Under the Hood.
Advertisements

Troubleshooting Startup Problems
Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.
Windows Vista Boot process. All the computer running Windows vista have the same start up sequence: Power-on self test (POST) phase Initial startup phase.
DIT314 ~ Client Operating System & Administration CHAPTER 4 CONFIGURING HARDWARE DEVICES AND STARTUP PROCESS Prepared By : Suraya Alias.
The power supply performs a self-test. When all voltages and current levels are acceptable, the supply indicates that the power is stable and sends the.
计算机系 信息处理实验室 Lecture 5 Startup and Shutdown
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 3 Configuring the Windows Server 2008 Environment.
Basic Input Output System
Registry Analysis What is it? What does it contain?
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 4: Troubleshoot System Startup and User Logon Problems.
11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.
1 Web Server Administration Chapter 3 Installing the Server.
Administering Windows 7
Hands-On Microsoft Windows Server 2008
LECTURE 14 Operating Systems and Utility Programs
Lesson 4 Computer Software
Operating Systems Operating System
COMP1321 Digital Infrastructure Richard Henson February 2012.
Host and Application Security Lesson 4: The Win32 Boot Process.
Computer Startup Sequence Overview
Administering Windows 7 Lesson 11. Objectives Troubleshoot Windows 7 Use remote access technologies Troubleshoot installation and startup issues Understand.
Chapter 5 Basic Input/Output System (BIOS)
Booting in Windows XP Presented and Designed By: Luke Ladd.
Basic Input Output System
Hands-On Microsoft Windows Server 2008
By the end of this lesson you will be able to explain: 1. What is the BOOT process 2. A Cold Boot 3. A Warm Boot.
© 2015 by McGraw-Hill Education. This proprietary material solely for authorized instructor use. Not authorized for sale or distribution in any manner.
Computer Maintenance Unit Subtitle: Basic Input/Output System (BIOS) Excerpted from 1 Copyright © Texas Education Agency, All.
A Look under the Hood Chapter 8 The registry is a database that includes settings for: Device drivers Services Installed applications Operating system.
The Basic Input/Output System Unit objectives: Access the BIOS setup utility, change hardware configuration values, and research BIOS updates Explain the.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 14 Managing and Troubleshooting Windows 2000.
Computer Hardware PC Operating Systems. What is an operating system? An OS is the interface between the user and the computer hardware It provides the.
DOS  In the 1980s or early 1990s, the operating system that shipped with most PCs was a version of the Disk Operating System (DOS) created by Microsoft:
Booting. Booting is the process of powering it on and starting the operating system. power on your machine, and in a few minutes your computer will be.
What is system software and what are its parts? Programs that control operation of computer Two parts are operating systems utility programs.
Guide to Linux Installation and Administration, 2e1 Chapter 2 Planning Your System.
What is a BIOS? * basic input/output system (BIOS), also known as the System BIOS * The BIOS software is built into the PC on a non-volatile ROM and is.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 13 Understanding and Installing Windows 2000 and Windows NT.
14 Step-by-Step Instructions for an Upgrade Installation n Prepare for the installation Verify that all devices and applications are Windows 2000 compatible.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 7 Under the Windows Desktop McGraw-Hill.
Windows Server 2008 Chapter 3 Last Update
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 13 Understanding and Installing Windows 2000 and Windows NT.
BIOS Training Eric Chiu AE Dept What is BIOS ? Pronounced "bye-ose," an acronym for Basic Input/Output System. The BIOS is built-in software.
1 Windows 98 Ancillary Systems x The Process Scheduler provides system resources. The Windows Driver Model (WDM) allows Windows 98 and Microsoft Windows.
Supporting Windows 9x Chapter 12 Key Terms By Bill Ward.
Cody, Brian, and Jerry. Contains configuration options for a boot menu. The file is hidden and read-only to protect it from user configuration. Microsoft’s.
Basic Input/Output System
Chapter Thirteen Booting Windows XP. Objectives Understand the Windows XP boot process Understand the Windows XP boot process Troubleshoot system restoration.
Basic Input/Output System (BIOS). 5.1Introduction to BIOS Basic Input / Output System (BIOS) boot the computer by providing a basic set of instructions.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 7 Under the Windows Desktop McGraw-Hill.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 7 Under the Windows Desktop McGraw-Hill.
POST and The Boot Process
Computer Maintenance I
BIOS Identification and initialization of hardware devices Power-on self-test (POST) is started Bootmgr.exe starts once POST detects system.
Computer Technician POST and The Boot Process ©UNT in Partnership with TEA1.
Troubleshooting Windows Vista Lesson 11. Skills Matrix Technology SkillObjective DomainObjective # Troubleshooting Installation and Startup Issues Troubleshoot.
IT Chapter 2 Part A How Computers Work Input, process, output, and storage The operating system helps the computer perform four basic operations,
Chapter Objectives In this chapter, you will learn:
Computer Maintenance Unit Subtitle: Basic Input/Output System (BIOS)
TOPIC 6: SYSTEM START-UP AND CONFIGURATION
Unit OS11: Performance Evaluation
Files Used in the Boot Process
Under the Windows Desktop
CONFIGURING HARDWARE DEVICE & START UP PROCESS
Windows Internals Brown-Bag Seminar Chapter 1 – Concepts and Tools
Starting the computer. Every day we are using an operating system and most specifically a Windows operating system but most of us are not aware of the.
Windows Under the Hood Chapter 13.
Motherboard BIOS and Troubleshooting
Presentation transcript:

How PC Works PC Works Based on Memory handling The registry Windows boot Windows architecture o systems and subsystem details o PE files  exe and dll

Memory handling Boundary between the OS and user applications relies heavily on hardware-based mechanisms Intel 32 based processors (and variants) implements memory protection through both segmentation and paging

The registry Basically a database for info and config for everything. regedit.exe The 5 hives: HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_CONFIG

HKEY_CLASSES_ROOT o Contains file type associations HKEY_CURRENT_USER o Contains preferences and settings of the currently logged on user  Sup  porting files: Ntuser.dat, Ntuser.dat.log .dat, a common file format (typically, generic file extension for data files by various applications with no universal format)file format

HKEY_LOCAL_MACHINE o PnP and HAL info is gathered here about the system's hardware o contains software, hardware, and security info o Also pulls info from the 4 other hives:  System  Software  Security  SAM o is one of the most major hive structures

HKEY_LOCAL_MACHINE (HKLM) o supporting files:  HKLM \SAM: Sam, Sam.log, Sam.sav  HKLM \Security: Security, Security.log, Security.sav  HKLM \Software: Software, Software.log, Software.sav  HKLM \System:System, System.alt, System.log, System.sav o all are stored in %System Root%\System32\config  stores all registry files  usually is C:\Windows\System32\config

HKEY_USERS o Contains data from every user in the SAM  contains info for that user's: desktop environment program settings network connections printers HKEY_CURRENT_CONFIG o contains PnP data about system's hardware devices that are used in the loading/startup process Each time a user logs on, a new hive ("user profile hive") is dynamically built for that user o located under HKEY_USERS Is dynamically created each time the system is booted

booting (also known as booting up) is the initial set of operations that a computer system performs after electrical power to the CPU is switched on or when the computer is reset. computer system the boot process begins with the execution of an initial program stored in boot ROM Booting often involves processes such as performing self-tests,self-tests loading configuration settings,configuration loading a BIOS, resident monitors, a hypervisor, an operating system, or utility softwareBIOSresident monitorshypervisoroperating systemutility software A boot loader is a computer program that loads the main operating system or runtime environment for the computer after completion of the self-tests.computer programruntime environment

Second-stage boot loaders, such as GNU GRUB, BOOTMGR, Syslinux, or NTLDRGNU GRUBBOOTMGRSyslinuxNTLDR for dual or multi-booting from different partitions or drivesdual or multi-booting personal computers boot in about 1 minute, of which about 15 seconds are taken by a power-on self-test (POST) and a preliminary boot loader, and the rest by loading the operating system and other softwarepower-on self-test BIOS supports booting from various devices, typically a local hard disk drive via the Master Boot Record (MBRBIOSMaster Boot Record PE format is used for EXE, DLL, SYS (device driver), and other file typesEXEDLLSYSdevice driver Software Compiler Installer Process

The principal duties of the main BIOS during POST are as follows: verify CPU registers verify the integrity of the BIOS code itself verify some basic components like DMA, timer, interrupt controller find, size, and verify system main memorymain memory initialize BIOS pass control to other specialized BIOSes (if and when required) identify, organize, and select which devices are available for booting The functions above are served by the POST in all BIOS versions back to the very first. In later BIOS versions, POST will also: discover, initialize, and catalog all system buses and devicessystem buses provide a user interface for system's configurationuser interface construct whatever system environment is required by the target operating systemoperating system (In early BIOSes, POST did not organize or select boot devices, it simply identified floppy or hard disks, which the system would try to boot in that order, always.)

Original IBM POST beep codes BeepsMeaning 1 short beepNormal POST – system is OK 2 short beepsPOST error – error code shown on screen No beep Power supply, system board problem, disconnected CPU, or disconnected speaker Continuous beep Power supply, system board, or may be RAM problem, keyboard problemkeyboard Repeating short beeps Power supplyPower supply or system board problem or keyboard 1 long, 1 short beepSystem boardSystem board problem 1 long, 2 short beepsDisplay adapterDisplay adapter problem (MDA, CGA) 1 long, 3 short beepsEnhanced Graphics AdapterEnhanced Graphics Adapter (EGA) 3 long beeps3270 keyboard card

POST AMI BIOS beep codes BeepsMeaning 1Memory refreshMemory refresh timer error 2Parity errorParity error in base memory (first 64 KiB block)KiB 3Base memoryBase memory read/write test error 4MotherboardMotherboard timer not operational (check all PSU to MB connectors seated) 5Processor failure Gate A20 test error (cannot switch to protected mode)A20 7General exception error (processor exception interrupt error) 8Display memory error (system video adapter) 9AMI BIOS ROM checksum fixchecksum 10CMOSCMOS shutdown register read/write fix 11Cache memoryCache memory test failed 12MotherboardMotherboard does not detect a RAM module (continuous beeping)RAM

Important beeps BeepsMeaning Steady, short beepsPower supply may be bad Long continuous beep toneMemory failure Steady, long beepsPower supply bad No beep Power supply bad, system not plugged in, or power not turned on No beep If everything seems to be functioning correctly there may be a problem with the 'beeper' itself. The system will normally beep one short beep. One long, two short beepsVideo card failure

The Windows Boot 1.Post 2.CMOS 3.MBR - points to bootmgr - the windows boot manager 4.Bootmgr - loads and reads the Boot Configuration Data (BCD) file/store 5.BCD Store - reads which OSes are specified in the BCD store, and displays a menu to select which one

The Windows Boot 6.bootmgr resumes - loads Winload.exe, the windows boot loader 7.Winload.exe - o loads the kernel (ntoskrnl.exe), and loads HAL.dll into memory. o Then loads the SYSTEM registry hive 8.These processes are used to create registry key HKEY_LOCAL_MACHINE\SYSTEM 9.Winload uses the HKLM\SYSTEM key to load device drivers into memory (without starting them)

The Windows Boot 10.Winload checks if user wants to start using Last Known Good Configuration (pressing F8 key) 11. Winload starts: o memory paging (pagefile.sys) and o startup control passes to the ntoskrnl.exe (the windows kernel) 12. ntoskrnl.exe - causes the HAL to become active o builds HKEY_LOCAL_MACHINE\HARDWARE from info collected thusfar 13. ntoskrnl.exe starts critical services and drivers o located in C:\Windows\System32\Drivers

The Windows Boot 14.ntoskrnl.exe starts smss.exe (Session Manager SubSystem) o responsible for handing sessions running on a machine o starts the kernel and user modes of the Win32 subsystem  win32k.sys (kernel mode)  winsrv.dll and csrss.exe (both user mode) o starts any subsystems listed with the "Required" value in the following registry key: HKLM\System\CurrentControlSet\Control\Session Manager\Subsystems o creates environment variables, virtual memory paging files o smss.exe = historically common target for malware  first native application in boot/startup

The Windows Boot 15.smss.exe starts the Win32 graphics subsystem 16.smss.exe starts csrss.exe (Client Server Runtime SubSystem) o provides the user mode side of the Win32 subsystem o console handling and GUI shutdown o the second native application 17.smss.exe starts Winlogon.exe (the logon manager) 18.Winlogon.exe starts services.exe (Service Control Manager)

The Windows Boot 19.Winlogon.exe starts lsass.exe (Local Security Authority Process) a. displays the logon screen, prompting for user id and password. b. handles authentication 20.Winlogon.exe executes userinit.exe 21.Userinit.exe a. applies Group Policy settings and startup and policy settings i. in the local user registry ii. not overridden by the Active Directory Group Policy

The Windows Boot 22.Winlogon launches Explorer.exe, the windows graphical Window Manager and shell Whew thats a lot that happens!

Subsystem Startup Subsystems are started by the Session Manager (Smss.exe) process Smss information is stored at: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Subsystems starts any subsystems listed with the "Required" value in the following registry key

WINDOWS XP / WINDOWS 2000

WINDOWS 7 / WINDOWS VISTA Source: Windows Internals 6th edition, Part 1 SUA = Subsystem for Unix- based Applications

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.