Читаем Windows® Internals, Sixth Edition, Part 2 полностью

Additionally, the !loadermemorylist command can be used on the MemoryDescriptorListHead field to dump the physical memory ranges:0: kd> !loadermemorylist 0x80a00000 Base Length Type 1 00000001 HALCachedMemory 2 00000004 HALCachedMemory ... 4a32 00000023 NlsData 4a55 00000002 BootDriver 4a57 00000026 BootDriver 4a7d 00000014 BootDriver 4a91 0000016f Free 4c00 0001b3f0 Free 1fff0 00000001 FirmwarePermanent 1fff1 00000002 FirmwarePermanent 1fff3 00000001 FirmwarePermanent 1fff4 0000000b FirmwarePermanent 1ffff 00000001 FirmwarePermanent fd000 00000800 FirmwarePermanent fec00 00000001 FirmwarePermanent fee00 00000001 FirmwarePermanent ffc00 00000400 FirmwarePermanent Summary Memory Type Pages Free 0001bc50 ( 113744) LoadedProgram 0000013d ( 317) FirmwareTemporary 000006dd ( 1757) FirmwarePermanent 00000c37 ( 3127) OsloaderHeap 0000022a ( 554) SystemCode 000005dc ( 1500) BootDriver 00000968 ( 2408) RegistryData 00002940 ( 10560) MemoryData 00000035 ( 53) NlsData 00000023 ( 35) HALCachedMemory 0000001e ( 30) ======== ======== Total 00020bc5 ( 134085) = ~523MB

Ntoskrnl then begins phase 0, the first of its two-phase initialization process (phase 1 is the second). Most executive subsystems have an initialization function that takes a parameter that identifies which phase is executing.

During phase 0, interrupts are disabled. The purpose of this phase is to build the rudimentary structures required to allow the services needed in phase 1 to be invoked. Ntoskrnl’s main function calls KiSystemStartup, which in turn calls HalInitializeProcessor and KiInitializeKernel for each CPU. KiInitializeKernel, if running on the boot CPU, performs systemwide kernel initialization, such as initializing internal lists and other data structures that all CPUs share. It also checks whether virtualization was specified as a BCD option (hypervisorlaunchtype), and whether the CPU supports hardware virtualization technology. The first instance of KiInitializeKernel then calls the function responsible for orchestrating phase 0, InitBootProcessor, while subsequent processors only call HalInitSystem.

InitBootProcessor starts by initializing the pool look-aside pointers for the initial CPU and by checking for and honoring the BCD burnmemory boot option, where it discards the amount of physical memory the value specifies. It then performs enough initialization of the NLS files that were loaded by Winload (described earlier) to allow Unicode to ANSI and OEM translation to work. Next, it continues by calling the HAL function HalInitSystem, which gives the HAL a chance to gain system control before Windows performs significant further initialization. One responsibility of HalInitSystem is to prepare the system interrupt controller of each CPU for interrupts and to configure the interval clock timer interrupt, which is used for CPU time accounting. (See the section “Quantum Accounting” in Chapter 5, “Processes, Threads, and Jobs,” in Part 1 for more on CPU time accounting.)

When HalInitSystem returns control, InitBootProcessor proceeds by computing the reciprocal for timer expiration. Reciprocals are used for optimizing divisions on most modern processors. They can perform multiplications faster, and because Windows must divide the current 64-bit time value in order to find out which timers need to expire, this static calculation reduces interrupt latency when the clock interval fires. InitBootProcessor then continues by setting up the system root path and searching the kernel image for the location of the crash message strings it displays on blue screens, caching their location to avoid looking up the strings during a crash, which could be dangerous and unreliable. Next, InitBootProcessor initializes the quota functionality part of the process manager and reads the control vector. This data structure contains more than 150 kernel-tuning options that are part of the HKLM\SYSTEM\CurrentControlSet\Control registry key, including information such as the licensing data and version information for the installation.

InitBootProcessor is now ready to call the phase 0 initialization routines for the executive, Driver Verifier, and the memory manager. These components perform the following initialization steps: