Search notes:
wininit.exe
The »Windows Start-Up Application«
wininit.exe
is started by BOOTMGR .
Some tasks that
wininit.exe
performs include
Create event Global\FirstLogonCheck
(which is used by winlogon.exe
to determine which winlogon was first?)
Create a WinlogonLogoff
event
Create a periodic timer queue which allows the kernel debugger to break into any user-mode process (unless NoDebugThread
is set in HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
)
Assign value to the environment variable COMPUTERNAME
Update and configure TCP/IP information such as domain name and host name.
Assign values to environment variables USERPROFILE
(what value excactly), ALLUSERSPROFILE
, PUBLIC
and ProgramData
Create %SystemRoot%\Temp
If session 0 is an interactive session, Desktop Window Manager (DWM) and font loading is initiated(?)
The initial terminal is created. This terminal consists of a window station (named Winsta0 ) and two Desktops (Winlogon and Default) for processes that run in session 0.
The Local Security Authority (LSA) machine encryption key is initialized.
The Service Control Manager (services.exe
) is started.
The Local Security Authority Subsystem Service (lsass.exe
) is created.
If credential guard is enabled, the Isolated LSA Trustlet (lsaiso.exe
) is started.
If a setup is required or this is the first booting up , the setup program is launched.
It waits until either a shutdown is requested or one of the created processes crashes (unless DontWatchSysProcs
is set in the registry )