Windows System Process Initialization

After the Windows kernel finishes initilization, it begins dispatching processes. Once this happens, the following actions occur:
  1. When the system is first started there are two "pre-existing" processes:
    1. IDLE - which runs whenever no other process is ready to run. This is the lowest-priority process in the system.
    2. SYSTEM - which contains a number of kernel threads that perform various tasks on behalf of the kernel.
  2. Thread 0 of the SYSTEM process launches SMSS.EXE, the session manager, as the first "created" process in the system.
  3. SMSS creates a process for each subsystem marked in the registry as "required". Normally this is only CSRSS.EXE, the WIN32 subsystem. (Other subsystems include the Posix subsystem, and in older versions of Windows, the OS/2 subsystem. Each subsystem provides its own API (Application Programming Interface).
  4. SMSS then starts a process for WINLOGIN.EXE, the the login manager.
  5. WINLOGIN starts the following processes:
    1. SERVICE.EXE, the Service control manager.
    2. LSASS.EXE: The Local Security Authority Subsystem.
  6. SERVICE starts any device drivers that are marked "AUTOMATIC" in the registry.
  7. SERVICE then starts any service process marked in the registry for automatic startup.
  8. Meanwhile, (concurrently with and subsequent to the previous two steps) WINLOGIN waits for a user to log in.

Next: winlogin

Return to main PC Boot Sequence page

Return to my writing page

Return to my home page Return to my writing page

Return to my home page