在Windows XP 登入後,我們會見到”正在載入您的個人設定...” 訊息,然後要等好一陣子才能夠進入Windows 桌面。

要等多久視乎這Windows 裝了什麼軟件。但問題是我們往往不知道在那段等候時間中,Windows 在幹什麼。

故此也無從判斷是什麼程序佔用了這段時間。

其實Windows 的 Registry 已備有設施讓我們作這樣的檢查。在Registry 有這樣的一個value:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
policies\system\verbosestatus

這個值的預設內容是0。如果將之改成1,那麼在登入和登出Windows XP 是就不會在畫面顯示”正在載入您的個人設定...” 訊息

而以更詳細的資訊取代。其中一項重要資訊就是執行已登記成為Winlogon Notification Package 的DLL。

要知道有什麼DLL 已經登記,可在registry 中查看

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

注意,Windows Vista/7 已取消支援Winlogon Notification Package

從Microsoft MSDN得知,有個Asynchronous 數值可以令Windows 以一個分開的Thread 去調用有關DLL

那麼*.dll 的工作就可以不佔用時間了。

 

如果是卡在 "正在啟動.."

那就是你service的Event Log服務可能設定停用,把它改成自動就好了

 

一個正常的 Notify 登錄檔如下


Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
"Asynchronous"=dword:00000001
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\
  00,69,00,6d,00,73,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,00,00,00
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"="TPSvc.dll"
"Logoff"="TSEventLogoff"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VMUpgradeAtShutdown]
"Asynchronous"=dword:00000000
"Dllname"=hex(2):56,00,4d,00,55,00,70,00,67,00,72,00,61,00,64,00,65,00,41,00,\
  74,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,57,00,58,00,50,00,2e,\
  00,64,00,6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"MaxWait"=dword:00001c20
"Shutdown"="OnShutDownNotification"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Event"=dword:00000000
"InstallEvent"="1.9.0040.0"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
@=""
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
  00,00,6a,03,d7,35,75,7b,49,4e,ab,28,76,cd,e9,7c,b0,5a,04,00,00,00,04,00,00,\
  00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,cb,5b,73,cc,d1,10,f3,0c,\
  b1,8d,16,09,61,bd,70,e1,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,7a,\
  04,df,81,dc,d3,e9,8a,f9,a0,f7,d1,56,d2,a2,5b,b0,01,00,00,d2,0b,2a,fa,f4,e4,\
  30,8b,eb,64,44,4d,a0,3f,01,b9,77,4b,59,1e,09,cb,11,8d,e8,55,86,4a,1b,e2,02,\
  d3,4a,11,cd,6e,eb,2e,96,1b,a9,94,5e,b7,92,d3,d5,92,72,50,6c,e7,c4,80,11,01,\
  49,6c,43,e4,3a,a4,cd,9c,4e,f0,56,4a,e7,b2,8d,da,f8,b9,08,92,ad,c7,9e,27,d5,\
  93,52,ad,6d,66,da,51,e0,4d,16,54,1c,03,c9,f2,ab,1d,c6,b5,42,ef,cb,7c,79,bc,\
  04,ac,db,c0,86,55,0f,68,0d,a0,1f,ce,1f,1e,66,33,5e,b7,4a,7d,3a,fb,ce,f5,5e,\
  14,44,97,fe,9e,b5,b3,6f,6c,10,ab,17,a3,51,18,53,1f,11,fe,a2,71,a1,21,17,b4,\
  d6,6d,5d,35,2c,15,a0,72,84,47,85,90,1b,49,a5,61,4c,29,e4,1a,12,75,47,e8,04,\
  fe,8e,ff,4c,e2,05,d4,6b,db,6d,32,68,9b,10,77,27,a6,49,f6,5d,6f,d0,5b,4a,09,\
  42,fe,01,96,11,10,dc,08,1b,88,b8,67,c3,00,65,1e,4a,aa,a5,03,56,af,cb,57,5f,\
  0f,f3,37,30,25,1b,39,9c,a6,15,3c,a1,37,77,52,02,8a,63,64,86,28,3a,9f,8e,0b,\
  ff,b8,cb,bc,31,fd,50,9b,21,62,b3,21,84,c0,9f,9c,29,b1,67,4c,49,8b,30,0c,d9,\
  fe,b7,c0,d1,d8,90,1d,ef,7b,d6,79,42,a5,75,50,62,20,17,b8,b4,70,a7,0b,76,8d,\
  3d,d6,e7,b2,cf,0e,92,f9,92,bc,52,da,8d,62,c1,7e,8a,bd,06,5f,be,e0,44,91,c7,\
  3f,9b,4a,e0,f1,fe,8c,9d,f8,be,d0,b3,8a,f6,e5,17,4b,31,a1,94,35,e4,36,c9,fd,\
  6f,50,2c,cb,3f,b3,a0,08,d2,d6,b4,14,df,8a,44,0d,83,12,15,55,1d,02,57,54,05,\
  18,c7,21,f2,4f,d0,9c,64,bd,64,7f,15,a2,dc,75,66,b4,7d,98,c0,f4,9d,99,3b,d3,\
  50,a8,71,7e,0d,3d,7c,df,4f,56,5c,0b,a4,ca,6f,04,ea,60,61,8b,a1,32,2f,e6,72,\
  0a,14,00,00,00,7a,a8,73,ae,9a,30,d8,3c,c6,90,73,4f,55,55,6b,b3,20,0e,f5,75


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

AwEi 發表在 痞客邦 PIXNET 留言(0) 人氣()