关闭

WinPE2.0运行过程

2561人阅读 评论(0) 收藏 举报

Windows PE 2.0 是一个基于Windows Vista内核,运行在保护模式下的Win32子系统,以下是Windows PE2.0的执行过程:(以CD/DVD为例)

1.首先计算机从CD/DVD启动,读取光盘引导部分,然后交由Bootmgr控制,Bootmgr从Boot Configuration Data (BCD)中提取基本的启动信息,然后由winload.exe控制,winload.exe加载相应的硬件抽象层HardwareAbstraction Layer (HAL)、系统注册表和一些必需的驱动程序,完成这个过程后就开始加载系统内核Ntoskrnl.exe文件。

2.Ntoskrnl.exe执行并完成系统的安装,然后交由 Session Manager (SMSS)控制。

3.SMSS加载其余的注册表项,配置Win32子环境(Win32k.sys)以及执行它的各种进程。然后SMSS加载系统登陆进程(Winlogon.exe)创建用户会话,然后启动服务、安全子系统和其他非必需的驱动程序。

4.Winlogon.exe 根据注册表HKLM/SYSTEM/Setup/CmdLine值进行配置,Winpeshl.exe 会执行%SYSTEMDRIVE%/sources/setup.exe,如果文件不存在,Winpeshl.exe会从%SYSTEMROOT%/system32/winpeshl.ini中读取信息并执行相应的程序,如果没有指定,则执行cmd /k %SYSTEMROOT%/system32/startnet.cmd命令。默认环境下WinPE会原带Startnet.cmd文件指向Wpeinit.exe,Wpeinit.exe加载并运行网络配置信息。

5. Wpeinit.exe运行结束,出现命令行窗口,WinPE的启动过程结束。

 

注:由于WinPE的所有文件都是加载到内存当中的,所以对它的任何修改都不会影响原来的WinPE文件,如果想修改注册表,可以在WinPE命令行窗口中执行regedit,然后进行修改,刷新,关闭,然后将%SYSTEMROOT%/system32/Config下的所有文件用copy命令复制到U盘或本机硬盘中,退出WinPE,在WinPE原文件中解开boot.wim将%SYSTEMROOT%/Windows/System32/config相应的文件替换为刚才复制的,重新制作boot.wim、ISO、刻盘。

 

 

Order of Operations in Windows PE

The boot process of Windows PE is as follows.

1.The boot sector on the particular media is loaded. Control is passed to Bootmgr. Bootmgr extracts basic boot information from the Boot Configuration Data (BCD) and passes control to winload.exe that is contained in Boot.wim. Winload.exe then loads the appropriate Hardware Abstraction Layer (HAL), and loads the System registry hive and necessary boot drivers. After it finishes loading, it prepares the environment to execute the kernel, Ntoskrnl.exe.

2.Ntoskrnl.exe is executed and finishes the environment setup. Control is passed to the Session Manager (SMSS).

3.SMSS loads the rest of the registry, configures the environment to run the Win32 subsystem (Win32k.sys) and its various processes. SMSS loads the Winlogon process to create the user session, and then starts the services and the rest of the non-essential device drivers and the security subsystem (LSASS).

4.Winlogon.exe runs setup based on the registry value HKLM/SYSTEM/Setup/CmdLine. Winpeshl.exe will launch %SYSTEMDRIVE%/sources/setup.exe if it exists, otherwise it looks for an application specified in %SYSTEMROOT%/system32/winpeshl.ini. If no application is specified, Winpeshl.exe will execute cmd /k %SYSTEMROOT%/system32/startnet.cmd. By default, Windows PE contains a Startnet.cmd file which will launch Wpeinit.exe. Wpeinit.exe loads network resources and coordinates with networking components like DHCP.

5.When Wpeinit.exe completes, the Command Prompt window is displayed. The boot process of Windows PE is complete.

 

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:9759次
    • 积分:194
    • 等级:
    • 排名:千里之外
    • 原创:7篇
    • 转载:1篇
    • 译文:1篇
    • 评论:1条
    最新评论