Language
Country/Area
No result found
The secret of automatically starting services: How does the Windows system speed up startup?
In today's digital age, fast startup and efficient system operation are extremely important to users. The Windows system can start many services in a short period of time. Behind this is a system process called Service Control Manager (SCM). The operation of SCM is crucial to improving the system startup speed. Let's take a closer look at how this process works.
SCM is a special system process under the Windows NT series operating systems. It is responsible for starting, stopping and managing Windows service processes.
The executable file of SCM is located in %SystemRoot%\System32\services.exe, and its main task is to start all services that are configured to start automatically. When the system starts, the Wininit process will start the SCM early and begin a series of initialization tasks.
During the startup process, the SCM first reads information about the service from the registry. This involves two key registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder\List- Contains the names and startup order of the service groups.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services- the actual database of services and device drivers.
This information helps the SCM determine the startup order of each service and their interdependencies. The SCM also checks whether the device drivers that must be started during the boot process are successfully loaded, and stores the failed drivers in a list called ScFailedDrivers.
After all non-delayed auto-start services are processed, SCM will start loading delayed auto-start services, which is a new feature introduced since Windows Vista to speed up system startup. Typically, these delayed services are initialized about 120 seconds after system startup.When processing each automatically started service, SCM will also consider the dependencies of the load order to avoid the occurrence of circular dependencies.
Service verification and startup
For each service to be started, the SCM calls the ScStartService() function to verify that the account under which its process is running matches the account specified by the service. During this process, if the service is not running under the system account, the SCM will call the LSASS function LogonUserEx() to obtain the necessary user login information. This information is stored in the HKLM\SECURITY\Policy\Secrets\ registry key, and only services with full access can obtain these "secret" passwords.
The service process is placed in a suspended state when it is created, and its execution will not resume until the pipeline connection is established.
Once the service process is successfully started, the SCM will establish a communication channel with the service process by creating a named pipe. The service process joins this channel by calling the StartServiceCtrlDispatcher() function, and the SCM then sends a "start" command to the service.
Unique delayed auto-start service
The existence of delayed automatic startup service greatly improves the balance of system startup. Although these services are technically not much different from normal auto-start services, they are designed to be initialized at different stages of system startup to ensure smooth system operation.
Device driver startup process
The SCM also manages device drivers. The service types of these services are marked as SERVICE_KERNEL_DRIVER or SERVICE_FILE_SYSTEM_DRIVER in the registry. In these cases, the SCM calls the ScLoadDeviceDriver() function to load the corresponding driver into the system, which usually requires invoking the NtLoadDriver system call.
The SCM can also send messages to GUI applications such as Windows Explorer to notify them of changes to network drive letter connections.
In short, the Windows system's service control manager plays an indispensable role in the system startup process. It loads necessary services and device drivers in an efficient manner to maintain the rapid response and stable operation of the overall system. When we use these technologies, have we considered the operating principles and technical challenges behind them?
