Windows XP Setup/Update is a kernel mode NT application

[Dz3n]

Sounds weird? Yes.


You all know this screen, it's Windows XP setup. At this step Windows XP kernel and drivers are already started and working. You may think; "but there is no text mode in NT system at all, it was removed during Windows 2000 development" and I will say: yes, you are right, but this text mode is directly used by USETUP and SETUPDD.SYS.

What is USETUP and session manager?
So, in Windows NT, kernel loads SMSS.EXE which is session manager, this program starts such programs as WINLOGON.EXE and switches to the graphics mode. We can't start SMSS because it's native application, which can be started only in it's environment or by kernel or drivers. Drivers are native applications too (correct me if it's wrong)

There are a lot of NT/Kernel applications inside of system32. Maybe you know something about this entry in registry

Code: Select all

HKLM\CurrentControlSet\Control\Session Manager\Boot Execute

This is the list of the kernel programs which will be executed before starting Session Manager (which will start user environment).


It's NativeShell. Native application for NT kernel.

It works on Windows 2000.
This program works even on Windows 10, and maybe will work on Windows Phone 8 (oh I need to try it).

Back to the topic.
Windows XP Update

So, here is video https://youtu.be/jqj621OCqcY?t=3005. Right in this moment (at 50:05) you can see upgrading process (Windows ME -> Windows XP). The screen resolution is 640x480x4 because it's Windows ME without video driver. After rebooting (50:41), you will see something. It's again Windows Setup window without mouse pointer. You can say: "well, it's normal windows update process". But it's not a Win32 application, it's Native Application again.



There are four factors that can prove me right!

1. at 50:40 you can see boot menu. There is entry called "Cancel Setup". I don't think that you can cancel setup if Windows can already start Win32 apps.
2. at 50:50 you can see how it draws everything. Usually it start desktop with blue background and mouse pointer at the center of the screen, but this time you see that these pictures were drawn immediately after clearing the boot screen. So, it's not even desktop, it's still boot screen.
3. why I should prove me right? You can try to start update and before running this step copy smss.exe and read details in properties. It's Windows Setup, not Session Manager.
4. (by maicolinux) Look at 52:07 in the video, you'll see how the screen changes instantly to the DOS-style setup because of an error.

So, what I tried to ask became a little bigger than I expected.
Is there was the same upgrade screen in Whistler? Could anyone check?

Additional Information


In this video you can see how it made in Windows 2000. It's still upgrade from Windows ME. So looks like it's just graphical cover for automated setup.


Upgrading ME to XP, but this video in better quality. You can see there is no "XP" text on logo.

[AlphaBeta]

Is there was the same upgrade screen in Whistler? Could anyone check?

Yes, the resources for that screen are there in USETUP since build 2257, though I am not sure whether they were actually used - sounds like a fun experiment to try out.
Here is how it looked like (this is the background extracted from usetup - there are more resources for the progress animation and a progress bar):


For the record, 2257 is the first leaked build to have the Millenium setup billboards combined with the Windows 2000 setup wizard.
The second stage looks like this:


By 2296 they made it look more consistent with the second stage setup, again extracted from usetup:


And by 2419 they added a similar screen that's displayed during a downgrade:


Of course, the fact that the first stage of setup is in fact a NT native application is old news. What's interesting is that they didn't choose this approach until early 1992 - NT builds from 1991 actually start the Win32 subsystem together with a GUI setup when booted from CD with an appropriate combination of hardware (otherwise you had to run a batch file from DOS to install):


When you remember that Windows NT 3.1 was also shipped on floppies, one realizes pretty quickly why they moved away from a single stage approach.

[3155ffGd]

Drivers are native applications too (correct me if it's wrong)

Drivers are drivers are drivers.

Device drivers run in ring 0 (kernel mode), while native applications run in ring 3 (user mode). Thus the only way for native applications to actually communicate with the Windows NT kernel is via NTDLL.DLL (hence why that is a vital component of any NT-based operating system).

I've been told that USETUP.EXE is only used in the upgrade scenario (because Windows NT can't run kernel-mode components under a different Windows). When installing clean, Windows NT makes use of a special device driver called SETUPDD.SYS that contains the entire Windows Setup. As such, you are technically running Windows NT in kernel mode.

[maicolinux]

There are three factors that can prove me right!

There are four factors.
Look at 52:07 in the video, you'll see how the screen changes instantly to the DOS-style setup because of an error.

[Dz3n]

Thank you for this information, it's really interesting

[_Ken_]

The SMSS in the I386 folder is the session manager used by Windows when setup is done & booted, there's also one in the I386/System32 folder used for text setup phase only..

USETUP.EXE in the I386 folder & SMSS.EXE in the I386/System32 folder are one & the same file, except in cases like Neptune, where for some reason a Windows 2000 variant was left in the I386/System32 folder, giving the Windows 2000 text in the initial setup phase, though the USETUP.EXE, in the I386 folder is genuine Neptune, used for upgrading Windows when already booted & on the desktop..
Placing the USETUP.EXE in the I386/System32 folder & renaming it to SMSS.EXE after deleting the Windows 2000 SMSS will give you the proper Neptune setup text when doing the initial setup phase..
Always wondered why Microsoft Devs did that.

Here's a regular beta & / or final i386/usetup.exe vs: i386/system32/smss.exe


I'm guessing it was an oversight of the Devs as the Initial phase of setup is already branded as Neptune Setup, in the SETUPLDR, then switches to the Windows 2000 text in the old smss.exe..

I've swapped the smss with the usetup in Neptune to get the Neptune messages / text all the way during the setup, it works without any errors at all..

[yourepicfailure]

https://www.betaarchive.com/forum/viewt ... 61&t=35667

Do note, the GUI usetup.exe routine is html based. Just wanted to tack on this bit of info.