The booting process of Microsoft Windows varies between different releases.
In Windows versions 1.01 to Windows 2.11, the system was loaded when WIN.COM was executed. It then loaded WIN100.BIN or WIN200.BIN and WIN100.OVL or WIN200.OVL, along with the configuration settings file WIN.INI. The default shell is the MS-DOS Executive.
WIN.COM
WIN100.BIN
WIN200.BIN
WIN100.OVL
WIN200.OVL
WIN.INI
The modules GDI.EXE, KERNEL.EXE and USER.EXE, fonts, and the various device drivers (such as COMM.DRV, MOUSE.DRV, KEYBOARD.DRV) are incorporated in WIN100.BIN/WIN200.BIN and WIN100.OVL/WIN200.OVL.
GDI.EXE
KERNEL.EXE
USER.EXE
COMM.DRV
MOUSE.DRV
KEYBOARD.DRV
In Windows 3.x and 95/98/ME, the boot loader phase is handled by MS-DOS. During the boot phase, CONFIG.SYS and AUTOEXEC.BAT are executed, along with the configuration settings files WIN.INI and SYSTEM.INI. Virtual device drivers are also loaded in the startup process: they are most commonly loaded from the registry (HKLM\System\CurrentControlSet\Services\VxD) or from the SYSTEM.INI file.
CONFIG.SYS
AUTOEXEC.BAT
SYSTEM.INI
HKLM\System\CurrentControlSet\Services\VxD
MS-DOS starts WIN.COM. In Windows 3.x, the WIN.COM starts KRNL286.EXE (standard mode) or KRNL386.EXE (386 enhanced mode). In Windows 9x, the WIN.COM starts VMM32.VXD.
KRNL286.EXE
KRNL386.EXE
VMM32.VXD
When all system configuration files and device drivers have been loaded, the 16-bit modules, KRNL386.EXE, GDI.EXE, and USER.EXE, are loaded, then the 32-bit DLLs (KERNEL32.DLL, GDI32.DLL, and USER32.DLL) are loaded. The 32-bit VxD message server (MSGSRV32) starts MPREXE.EXE, which is responsible for loading the network logon client (such as Client for Microsoft Networks, Microsoft Family Logon or Windows Logon).
KERNEL32.DLL
GDI32.DLL
USER32.DLL
MPREXE.EXE
When a user is logging on to Windows, the startup sound is played, the shell (usually EXPLORER.EXE) is loaded from the [boot] section of the SYSTEM.INI file, and startup items are loaded.
EXPLORER.EXE
In all versions of Windows 9x except ME, it is also possible to load Windows by booting to a DOS prompt and typing "win". There are some command line switches that can be used with the WIN command: with the /D switch, Windows boots to safe mode, and with the /D:n switch, Windows boots to safe mode with networking. The latter switch only works properly with Windows 95.[1] In Windows 3.1, additional options are available, such as /3, which starts Windows in 386 enhanced mode, and /S, which starts Windows in standard mode[2]
/D
/D:n
/3
/S
A startup sound was first added in Windows 3.0 after installing the Multimedia Extensions (MME),[3] but not enabled by default until Windows 3.1.
In Windows NT, the booting process is initiated by NTLDR in versions before Vista and the Windows Boot Manager in Vista and later.[4] The boot loader is responsible for accessing the file system on the boot drive, starting ntoskrnl.exe, and loading boot-time device drivers into memory. Once all the boot and system drivers have been loaded, the kernel starts the session manager, which begins the login process. After the user has successfully logged into the machine, winlogon applies User and Computer Group Policy setting and runs startup programs declared in the Windows Registry and in "Startup" folders.[5]
In Windows 95/98/ME, it was also possible to run a program before the user logs on by using RunServicesOnce or RunServices keys. In Windows NT, this has been replaced by the services.exe program, which is able to load a set of system services before a user logs on. Additionally, in English-language versions of Windows, the startup folder was called "StartUp" instead of "Startup" in Win9x.
Due to the minimally restricted environment of these operating systems, any program can add itself to the Startup registry key or system folder. This method is frequently used by malware.
Lokasi Pengunjung: 3.239.76.211