Oldster said:
As a subsiduary question... How does windows know which drivers
to load in "safe" mode?
It gets the information from the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot Registry
key**. Also, before the kernel reads that key ntldr reads the registry
looking for device drivers with a start value of 0, telling it (ntldr)
that the device driver is to be loaded at boot time, typically these are
low level hardware device drivers, things like the keyboard, mouse, disk
and controller drivers, etc. The drivers with a start value of 0 are
"loaded" by ntldr but they are "started" by the kernel.
** The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot does
not exist when the computer is shut down, this key is created form one
of the numbered Control Sets when Windows is booted, so when booting to
Safe Mode the information will actually be retrieved from one of the
numbered Control Sets. We usually say that the information is obtained
from the Current Control Set because the information in the numbered
Control Set will be identical and it is easier for users to look at the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet to get the information
accurately, otherwise the HKEY_LOCAL_MACHINE\SYSTEM\Select key has to be
consulted to obtain the proper Control Set, see below for explanations
about the Select key.
Or, for that matter,in "last good" mode?
When you boot the computer and select a boot option ntldr reads the
HKEY_LOCAL_MACHINE\SYSTEM\Select key to determine which Control Set it
should load. The Select key contains the following values:
Current
Default
Failed
LastKnownGood
These values typically contains data as shown here:
"Current"=dword:00000001
"Default"=dword:00000001
"Failed"=dword:00000000
"LastKnownGood"=dword:00000002
The data may be different, if you have had failed boots you may have
different numbers (like 00000003) and the numbers assigned to the values
may be different than shown above. These numbers tell ntldr which
Control Set to load, the Control Sets are also held in the
HKEY_LOCAL_MACHINE\SYSTEM key, typically:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002
When you boot the computer normally ntldr looks for the "Default" value
and loads the Control Set assigned to it, in the above example it would
load HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001, if you boot to Last Known
Good ntldr looks at, of course, the "LastKnownGood" value and loads the
corresponding Control Set.
The Last Known Good set is only copied and recorded after a user
successfully logs on. In the above example, if you boot normally,
Windows will be booted using ControlSet001, after a user successfully
logs on the ControlSet001 will be copied to ControlSet002 and the
control set number will be recorded in the Select key. The value of the
Select key and the ControlSetnnn of the "LastKnownGood" configuration
will not change until the next successful logon. Booting successfully
to Safe Mode does not change the "LastKnownGood" Control Set, in only
changes when booting Windows normally.
John
