eruffaldi/winboot.gv

## winboot.gv
digraph G
{
	node [shape=box];

	BIOS -> MBR -> bootmgr -> winload -> otherOSes;
	winload -> ntoskrnl;
	ntoskrnl [label="ntoskrnl.exe\nLoad Drivers\nLogs in ntbtlog.txt"];
	ntoskrnl -> idleprocess;
	idleprocess [label="IDLE process (0)"];
	ntoskrnl -> systemprocess;
	systemprocess [label="SYSTEM process (4)"];
	systemprocess [label="System Process\nUser is NT AUTHORITY\\SYSTEM"];
	systemprocess -> smss ;
	smss [label="SMSS\nNo Session\n%systemroot%\\System32\\smss.exe\nControl\\Session Manager"];
	smss -> systemsetup;
	systemsetup [label="<System Setup>e",shape=ellipse];
	systemsetup -> registry;
	systemsetup -> envvars;
	systemsetup -> paging;
	systemsetup -> knowndll;
	systemsetup -> dosdevices;
	systemsetup -> autoboots;
	smss -> smss0;

	autoboots [label="Autoboots\nREG @BootExecute"];
	dosdevices [label="Make DOS Devices\nREG DOS Devices"];
	envvars [label="Environment\nREG Environment"];
	knowndll [label="Load KnownDLLs\nREG KnownDLLs"];
	paging [label="Virtual Memory\nREG Memory Management"];

	#Each session has: win32k.sys, object namespace, per-session paged memory
	smss0 [label="SMSS\nSession 0"];
	smss0 -> wininit;
	smss0 -> csrss;
	smss0 -> smss0exit;
	smss -> smss1;
	smss1 [label="SMSS\nSession 1+"];
	smss1 -> csrss1;
	smss1 -> winlogon;
	smss1 -> smss1exit;
	smss0exit [label="<Exit>",shape=ellipse];
	smss1exit [label="<Exit>",shape=ellipse];
	csrss [label="CSRSS\nWin32 core, one per-session\nREG Session Manager\\SubSystems@Windows"];
	csrss -> win32ksys;
	csrss -> conhost;
	csrss1 [label="new CSRSS instance"];
	conhost [label="conhost.exe\nHosts Consoles"];
	win32ksys [label="win32k.sys\nREG Session Manager\\SubSystems@Kmode"];

	# Session 0
	wininit [label="wininit.exe"];
	wininit -> createtemp;
	wininit -> services;
	wininit -> lsass;
	services [label="services.exe\nUses HKLM\\SYSTEM\\CurrentControlSet\\Services"];
	services -> svchost;

	wininit -> lsm;
	createtemp [label="creates temp\n%windir%\\temp",shape=ellipse];
	# Session 1

	winlogon -> notifications [label="Service Notifications\nControl\\Winlogon\\Notifications"];
	loginuser [label="<loginuser>",shape="ellipse"];
	loginuser -> userinit [label="Winlogon@Userinit"];
	loginuser -> explorer [label="Winlogon@Shell"];

	winlogon [label="winlogon.exe"];
	winlogon -> logonui;
	winlogon -> loginuser;
	winlogon -> autologin;
	winlogon -> setupmode;
	autologin [label="Autologin Option\nREG SW WinLogon\n@AutoAdminLogon\n@DefaultUserName\n@DefaultPassword",shape=ellipse];
	setupmode [label="Autologin Option\nREG SW WinLogon\n@AutoAdminLogon\n@DefaultUserName\n@DefaultPassword",shape=ellipse];


}
	digraph G
	{
	node [shape=box];

	BIOS -> MBR -> bootmgr -> winload -> otherOSes;
	winload -> ntoskrnl;
	ntoskrnl [label="ntoskrnl.exe\nLoad Drivers\nLogs in ntbtlog.txt"];
	ntoskrnl -> idleprocess;
	idleprocess [label="IDLE process (0)"];
	ntoskrnl -> systemprocess;
	systemprocess [label="SYSTEM process (4)"];
	systemprocess [label="System Process\nUser is NT AUTHORITY\\SYSTEM"];
	systemprocess -> smss ;
	smss [label="SMSS\nNo Session\n%systemroot%\\System32\\smss.exe\nControl\\Session Manager"];
	smss -> systemsetup;
	systemsetup [label="<System Setup>e",shape=ellipse];
	systemsetup -> registry;
	systemsetup -> envvars;
	systemsetup -> paging;
	systemsetup -> knowndll;
	systemsetup -> dosdevices;
	systemsetup -> autoboots;
	smss -> smss0;

	autoboots [label="Autoboots\nREG @BootExecute"];
	dosdevices [label="Make DOS Devices\nREG DOS Devices"];
	envvars [label="Environment\nREG Environment"];
	knowndll [label="Load KnownDLLs\nREG KnownDLLs"];
	paging [label="Virtual Memory\nREG Memory Management"];

	#Each session has: win32k.sys, object namespace, per-session paged memory
	smss0 [label="SMSS\nSession 0"];
	smss0 -> wininit;
	smss0 -> csrss;
	smss0 -> smss0exit;
	smss -> smss1;
	smss1 [label="SMSS\nSession 1+"];
	smss1 -> csrss1;
	smss1 -> winlogon;
	smss1 -> smss1exit;
	smss0exit [label="<Exit>",shape=ellipse];
	smss1exit [label="<Exit>",shape=ellipse];
	csrss [label="CSRSS\nWin32 core, one per-session\nREG Session Manager\\SubSystems@Windows"];
	csrss -> win32ksys;
	csrss -> conhost;
	csrss1 [label="new CSRSS instance"];
	conhost [label="conhost.exe\nHosts Consoles"];
	win32ksys [label="win32k.sys\nREG Session Manager\\SubSystems@Kmode"];

	# Session 0
	wininit [label="wininit.exe"];
	wininit -> createtemp;
	wininit -> services;
	wininit -> lsass;
	services [label="services.exe\nUses HKLM\\SYSTEM\\CurrentControlSet\\Services"];
	services -> svchost;

	wininit -> lsm;
	createtemp [label="creates temp\n%windir%\\temp",shape=ellipse];
	# Session 1

	winlogon -> notifications [label="Service Notifications\nControl\\Winlogon\\Notifications"];
	loginuser [label="<loginuser>",shape="ellipse"];
	loginuser -> userinit [label="Winlogon@Userinit"];
	loginuser -> explorer [label="Winlogon@Shell"];

	winlogon [label="winlogon.exe"];
	winlogon -> logonui;
	winlogon -> loginuser;
	winlogon -> autologin;
	winlogon -> setupmode;
	autologin [label="Autologin Option\nREG SW WinLogon\n@AutoAdminLogon\n@DefaultUserName\n@DefaultPassword",shape=ellipse];
	setupmode [label="Autologin Option\nREG SW WinLogon\n@AutoAdminLogon\n@DefaultUserName\n@DefaultPassword",shape=ellipse];



	}