· From installing
· From booting
· From applications, systems, and user interaction
Every component of Windows XP uses the registry without exception. A set of APIs allows both Windows and other applications to access registry information easily and quickly. It starts to use the registry at the very beginning stages of system bootup. XP boot process is based on file format installed, though important parts are identical in either case.
Windows XP boot process consists of the following steps:
1. POST (Power-On-Self-Tests) is perform by BIOS (Basic Input Output System) then Video is initialized and hardware test are perform.
2. After running POST, the system initializes each adapter.
3. After all the adapters have been initialized by BIOS, the system boot loader reads the sector located at the very beginning of the first bootable disk drive and passes commands to this code. This sector is called the boot sector, or the MBR (Master Boot Record), and it is written by the operating system when the operating system is installed.
4. The code in the MBR loads the NTLDR file. Once loaded, the MBR passes control to the code in NTLDR.
5. NTLDR then switches into 32-bit mode, it then loads the necessary file system I/O files and reads in the file boot.ini.
6. The file boot.ini has information about each operating system that can be loaded. NTLDR then processes boot.ini, displaying boot information that allows the user to select which operating system will be loaded.
7. NTLDR loads the file ntdetect.com. This program then collects information about the installed hardwares and saves for the registry. Most of this information are stored in the HKEY_LOCAL_MACHINE hive.
8. Once NTDETECT detects the hardware, control is passed back to NTLDR, and the boot process continues. At this point, the registry has been substantially updated with the current hardware configuration, which is stored in HKEY_LOCAL_MACHINE\Hardware.
9. The prompt to select the configuration is then presented, which allow Windows XP to use a specific configuration as stored in the registry hive HKEY_LOCAL_MACHINE.
10. Following the detection of NTDETECT, NTLDR loads and initializes the Windows NT kernel, loads the services, and then starts Windows.
11. When kernel is loaded, the HAL is also loaded. (The HAL—Hardware Abstraction Layer—is used to manage hardware services.) Next, the registry system sub key HKEY_LOCAL_MACHINE\_System is loaded into memory. Windows XP scans the registry for all drivers with a start value zero.
12. Again, the system scans the registry and finds all drivers that must be started at the kernel initialization stage.
13. From this point, Windows XP starts various components and systems. Each component and system reads the registry and performs various tasks and functions. In the final stage, the program that manages the user logon, WinLogon, starts.
Once Windows is booted, both the OS and applications use the registry. The registry is dynamic, but usage of the registry may be dynamic or static. Some registry are read one time and never reread until the system is restarted. Other items are read every time they are referenced.
1. Application-related is read when the application starts.
2. User-interface data is sometimes dynamic, sometimes static.
3. System data is either static or buffered. Many system-related registry changes become effective after the system is restarted. Some system data is rewritten, or created, at startup, precluding changes by users.
4. Many of the items in HKEY_LOCAL_MACHINE may be reset at system boot, especially those hardware related items.
What are the Registry and their functions?
The %SystemRoot%\System32\Config directory includes the following set of files, each of which is a critical component of the registry. These files are backed up to the Repair
directory, so that they may be restored as necessary in the event of a registry failure.
* autoexec.nt The file that initializes the MS-DOS environment
* config.nt The file that initializes the MS-DOS environment unless a different startup
file is specified in an application's PIF.
* Default The default registry file.
* SAM The SAM (Security Accounts Manager) registry file.
* Security The security registry file.
* setup.log The file that contains a record of all files that were installed with Windows
XP and other components of Windows use the information in this file to
XP and other components of Windows use the information in this file to
Update the operating system.
* Software The application software registry file.
* System The system registry file.
* SecDC.inf The default security settings that have been updated for domain
controllers.
controllers.
* SecSetup.inf The out-of-the-box default security settings.
In a typical Windows XP installation, the %SystemRoot%\System32\Config directory contains the following files:
AppEvent.evt : The application(s) event log file.
DEF$$$$$.del : The default registry recovery file.
Default : The default registry file.
Default.sav : A backup copy of the information contained in the default registry file.
DnsEvent.evt : The DNS server event log.
File Rep.evt : One of two File Replication Service event log files.
Netlogon.dnb : A NetLogon support file.
Netlogon.dns : A NetLogon support file.
NTDS.evt : The Windows XP directory service event log.
NtFrs.evt : The second of two File Replication Service event log files.
SAM : The Security Accounts Manager registry file.
SecEvent.evt : The security event log.
Security : The security registry file.
SOF$$$$$.del : The software registry recovery file.
Software : The application software registry file.
Software.sav : A backup copy of the information contained in the software registry file.
SYS$$$$$.del : The system registry recovery file.
SysEvent.evt : The system events log.
System : The system registry file.
System.alt : A copy of the information contained in the system registry file.
System.sav : A backup copy of the information contained in the system registry file.
Userdiff : The file that migrates preexisting user profiles from previous versions of
Windows
Windows
No comments:
Post a Comment