Click here to Skip to main content
Click here to Skip to main content
Search within:



 
Comments & Discussions (15)

The Birth of Windows Desktop

By , 28 Jun 2012
 

Introduction

Have you ever thought of how your operating system (Windows) is loaded? It’s quite interesting to know about the miniature details that are involved in the process. This article will shed some light on this topic.

Process

The actual execution of the processor begins when you power on the system. Following are the major steps involved.

  1. BIOS performs some initial check and read the Zero sector of the hard disc, This Zero sector has a special name - MBR(Master Boot Record).

    TheBirthOfWindowsDesktop/1.png

  2. MBR contains two sections:
    1. Boot Code (446 bytes)
    2. Partition Table Entries (16 bytes colored entries in the bottom)
  3. The purpose of boot code is to iterate over all the partition table entries and check for a bootable partition (if the first byte of the partition entry is 0x80, then it is a bootable partition. Also called as boot partition or system volume). (There can be only four entries specified in the MBR, does it mean we are limited with 4 drives ?) (this is where extended partitions come into the picture).
  4. Now besides locating the boot partition, it will know exactly from which sector the boot partition begins. This is done by examining the 8th-12th bytes in the partition entry (so in the above picture 3f 00 00 00 converted to little endian we get 0000003f = 63rd Sector). In general, it will be 63rd sector.
  5. Again the first sector (63rd) of the bootable partition is called as Boot Sector which contains enough code to read a special file named ntldr (NT loader) from the root (c:\) drive. This is the time where you may at times see “NTLDR is missing” error message. Following are the tasks performed by ntldr.
    1. The main purpose of ntldr is to setup the stage for the windows kernel to load.
    2. It enables paging and preliminary hardware detection using BIOS routines(int) and ntdetect.com
    3. Reads boot.ini to display boot menu.

      TheBirthOfWindowsDesktop/2.png

    4. If the system is hibernated during the last shutdown, it will resume from hiberfil.sys.
    5. Most importantly, it loads boot start drivers (these are the core drivers for proper functioning of OS). Following are the examples for boot start drivers:

      TheBirthOfWindowsDesktop/3.png

    6. Sets CPU registers, etc., and pass on the control to ntoskrnl.exe (NT OS Kernel). This ends the life of ntldr.
  6. Ntoskrnl is mainly responsible for setting up the following OS services (here, you will see Windows XP logo progress bar).
    1. Phase 0 Initialization
      1. Memory Management Services
      2. Process Management Services (First kernel mode process the system process is created)
      3. Object Manger Services
      4. Plug and Play Management Services
      5. Security Reference Monitor Services
    2. Phase 1 Initialization
      1. Hal initialization (Hardware Abstraction Layer)
      2. Multi processor support
      3. Scheduler support (inherently dependent on processor architecture)
      4. Power management

        TheBirthOfWindowsDesktop/4.png

  7. Now the control is passed on to smss.exe (Session Manager Subsystem). It is the first user mode process that is created in the life span of windows.

    TheBirthOfWindowsDesktop/5.png

    1. The following are the tasks performed by smss process:
      1. Runs check disk (disc check):

        TheBirthOfWindowsDesktop/6.png 

      2. Pending file copy and file deletes (some softwares need to overwrite the files which are in use by the OS and they will ask you for reboot) and this is the phase where those pending copy and deletes will be performed.
      3. Page file is created (pagefile.sys):

        TheBirthOfWindowsDesktop/7.png

    2. Loads registry hives from \Windows\System32\Config\*.*.
    3. Finally, it creates two processes csrss.exe (Client Server Run-Time Subsystem), Winlogon.exe. 
      1. Csrss.exe is responsible for user mode functionality of the system and sits as an interface for windows API)
      2. Winlogon.exe is responsible for starting all auto-start services (services.exe) and creating the lsass.exe (Local Security and Authentication Subsystem) this process is for authenticating the user logins 
      3. Next winlogon will show the logon screen to the user, upon successful logon winlogon will load the explorer.exe under the current user profile. This is where you will see the desktop.

TheBirthOfWindowsDesktop/8.png

TheBirthOfWindowsDesktop/9.png

TheBirthOfWindowsDesktop/10.png

Though the actual process involves more complicated steps, I have oversimplified the overall flow in favor of novice users and tried not to lose the brevity of the content. Please feel free to comment on the post. Positive criticism is most welcome.

References

  1. Windows Internals 4th Ed By Mark E. Russinovich, David A. Solomon
  2. http://www.yale.edu/pclt/BOOT/PARTITIO.HTM
  3. http://thestarman.pcministry.com/asm/mbr/NTLDR.htm

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

 Vineel Kumar Reddy Kovvuri
Software Developer NVIDIA
India India
Member
Hello, This is Vineel Kumar Reddy Kovvuri, I am interested in Systems Programming, love to tinker with low level functionality of Windows and Linux. Works for NVIDIA,
 
vineelkumarreddy.wordpress.com

Article Top
 
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
You must Sign In to use this message board.
Search this forum  
    Spacing  Noise  Layout  Per page   
First Prev Next
GeneralMy vote of 5 PinmemberAbinash Bishoyi4 Mar '13 - 3:46 
GeneralMy vote of 5 Pinmembergndnet12 Oct '12 - 13:19 
GeneralMy vote of 5 PinmemberSergio Andrés Gutiérrez Rojas28 Jun '12 - 12:39 
QuestionMy vote of 5 Pinmembereka80828 Jun '12 - 6:02 
QuestionCorrecting a 'math' error: PinmemberThe Starman22 Jun '12 - 20:15 
General+some more Pinmemberxawari1 Dec '10 - 7:12 
GeneralMy vote of 5 Pinmembersjelen30 Nov '10 - 2:32 
GeneralMy vote of 5 PinmemberKraeven29 Nov '10 - 20:45 
GeneralMy vote of 5 Pinmemberjose.mira22 Nov '10 - 23:55 
GeneralMy vote of 5 PinmemberDileep7722 Nov '10 - 23:40 
GeneralMy vote of 5 PinmemberRaviRanjankr22 Nov '10 - 17:23 
GeneralMy vote of 5 PinmentorKunalChowdhury22 Nov '10 - 17:07 
GeneralNice Info PinmemberCybercockroach22 Nov '10 - 16:57 
GeneralMy vote of 5 PinmemberSledgeHammer0122 Nov '10 - 9:50 
Last Visit: 31 Dec '99 - 18:00     Last Update: 20 May '13 - 13:42Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

About Article
Steps involved in getting to your windows desktop from your power on the machine
Type Article
Licence CPOL
First Posted 22 Nov 2010
Views 17,634
Bookmarked 77 times
Top News

Math Primers for Programmers

Get the Insider News free each morning.
Related Videos
Windows 8: File Associations
Windows 8: Windows 8 Application Settings
Virtual Desktop: A Simple Desktop Management Tool
Multiple Desktops
Sort List Control
Church+
Remote Desktop Viewer Lite
Impersonate Linux's Multi-desktop Feature on Windows Platform
Desktop Switching
Open a command prompt anywhere.
Vista Thumbnail-Enhanced Virtual Desktop Manager
Audio Mixing Console Fader/Slider Control
Lock Windows Desktop
Dialog Boxes Management in WPF Application
Desktop Manager for Multiple Screens
Remotely Unlock a Windows Workstation
Palantir - Remote Desktop Manager
History of Internet Explorer [Birth of #IE to #IE9]
Extending Microsoft's Terminal Services Client To Provide Seamless Windows
System - Virtual Desktop Manager
Switch to and create new desktops under Win2K, WinXP
Transparent Desktop Video
Permalink | Advertise | Privacy | Mobile
Web02 | 2.6.130516.1 | Last Updated 28 Jun 2012
Article Copyright 2010 by Vineel Kumar Reddy Kovvuri
Everything else Copyright © CodeProject, 1999-2013
Terms of Use
Layout: fixed | fluid