05

Question 1

____________ before OS starts, firmware and system configurations are used to locate and load the second stage boot loader which is called?

Answer 1

Pre-Boot
BootMGR

Question 1

_________ windows boot programs are used to locate and load the kernel and its dependencies

Answer 1

Boot

Question 2

_________ kernel is initialized

Answer 2

kernel initialization

Question 3

_________ user mode system processes start

Answer 3

User Mode Startup

Question 4

What is the order of steps of Boot Phase? 1-5

1-5 PBWD0x

Answer 4

Switches from real to protected mode (protected mode)
Reads BCD (BCD)
Starts winload.exe (winload,exe)
Loads the Ntoskrnl.exe and Hal.dll (Ntoskrnl)
Starts the drivers with start values of (0x0)

Question 5

What is the order of steps for the kernel initialization phase? 6-9

6-9 MHDS

Answer 5

Ntdll.dll is mapped into address space (Mapped)
Creates HKLM\Hardware (HKLM)
starts drivers with start values of (0x1) (drivers)
stars smss.exe (0) process (smss.exe

Question 6

What is the start value for each of the following?
0x0 _____
0x1 _____
0x2 _______
0x3 ______
0x4 ______

Answer 6

Boot
System
Automatic
Manuel
Disabled

Question 7

What does eaxh type value tell us about a service?
0x10
0x20

Answer 7

Has its own executable
is a library and relies on svchost.exe