- Turn on your computer;
- The Computer initiates a POST (Power On Self Test) for devices that have a BIOS (Basic Input/Output System);
- Test the memory & various Subsystems
- Examples: AGP and Network cards
- Test the memory & various Subsystems
- BIOS then attempts to find the MBR (Master Boot Record)
- A 512-byte sector (LBA 0 or HD0)
- If successful, the Windows OS takes Control, and looks for NTLDR(Boot Loader for Windows NT based OSes)
- In Vista and Server 2008, this has been replaced with:
- NTLDRallows:
- Memory Addressing
- Initiates the File System
- Reads boot.ini
- Additional NT Kernel switches (General)
- Available Switches for XP and 2003
- ARC Path Naming Conventions
- NTLDRhas to be at the ROOT of an active partition to detect:
- NTDETECT.COM
- BOOT.INI
- BOOTSECT.DOS (needed for multi-OS installs)
- NTBOOTDD.SYS(need for SCSI adapters)
- Only used if:
- Boot Drive is SCSI;
- Not using real-mode INT 0x13;
- Then a copy of the SCSI miniport driver is loaded for Windows to run
- Only used if:
- Troubleshooting:
- If XP is selected in the Boot Menu, NTLDRruns:
- NTDETECT.COM
- Gathers basic information from hardware BIOs
- BOOT.INI
- BOOTSECT.DOS
- The systems starts in 16-bit real mode, and then moves into 32-bit protected mode
- It is possible to select F8 for Additional Boot Modes (Safe Mode, Last Known Good Configuration, etc.)
- NTDETECT.COM
- NTLDR then loads NTOSKRNL.EXE and HAL.DLL
- Located at: %SystemRoot%System32
- Additional files/locations loaded:
- kdcom.dll (Kernel Debugger HW)
- bootvid.dll (Windows Logo & Side-Scrolling bar)
- NTLDRreads the Registry for the following information:
- Hardware Profile
- Authorized Device Drivers
- And needs to be in the Exact Order
- “Session Manager” is then started
- Smss.exe starts Autochk
- Mounts all drives
- Checks drives for a Clean shutdown state
- Starts win32k.sys for the Graphical User Interface (GUI) interface
- Starts csrss.exe (Client/Server Runtime Subsystem)
- User-Mode Applications
- Creates Virtual Memory/Paging file
- HKLMSYSTEMCurrentControlSetControlSession ManagerMemory Management
- Smss.exe starts Autochk
- NTOSKRNL.EXE takes control and starts WINLOGON.EXE which in turn starts LSASS.EXE
- LSASS.EXE (Local Security Authority Subsystem Service) provides the Logon screen
– Andrew
§ § § § §
[adrotate banner=”1″]