Setup.log vs. ntoskrnl.exe properties

NTDEV
1

I am in the process of reading the excellent book “Windows Internals” Fourth Edition, by Mark Rossinovich.

In that book on page 46 there is an experiment that is supposed to illustrate which version of the ntoskrnl you are actually running on your system. The experiment walks you through looking at the properties of the ntoskrnl.exe file in the \Windows\System32 folder.

At the end of the experiment, the book also refers to looking in the \Windows\repair\setup.log file for the same information.

Well, on my system a very puzzling thing happens when I investifgate these two sources of information. The properties dialog for the ntoskrnl.exe file tells me that the original file name for ntoskrnl.exe is ntoskrnlmp.exe, which is what I would expect, since my system is a dual processor system. But, when I look in my setup.log file I see the following line;

\WINDOWS\system32\ntoskrnl.exe = “ntoskrnl.exe”,“1ec8bb”

implying that the original file loaded from the installation CD was the uniprocessor version. Can anyone explain this discrepancy to me?

2

Which version of Windows are you running?

-p

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of sid.schipper@ga.com
Sent: Thursday, March 06, 2008 3:16 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Setup.log vs. ntoskrnl.exe properties

I am in the process of reading the excellent book “Windows Internals” Fourth Edition, by Mark Rossinovich.

In that book on page 46 there is an experiment that is supposed to illustrate which version of the ntoskrnl you are actually running on your system. The experiment walks you through looking at the properties of the ntoskrnl.exe file in the \Windows\System32 folder.

At the end of the experiment, the book also refers to looking in the \Windows\repair\setup.log file for the same information.

Well, on my system a very puzzling thing happens when I investifgate these two sources of information. The properties dialog for the ntoskrnl.exe file tells me that the original file name for ntoskrnl.exe is ntoskrnlmp.exe, which is what I would expect, since my system is a dual processor system. But, when I look in my setup.log file I see the following line;

\WINDOWS\system32\ntoskrnl.exe = “ntoskrnl.exe”,“1ec8bb”

implying that the original file loaded from the installation CD was the uniprocessor version. Can anyone explain this discrepancy to me?

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

3

Windows XP Professional