Windows XP Boot Process 70-270: MCSE Guide to Microsoft Windows XP Professional.

Windows XP Boot Process

70-270: MCSE Guide to Microsoft Windows XP Professional

Booting Windows XP (Page 1)

Boot process phases: Boot phase begins when computer is first

powered on Or begins when Restart is chosen from

"Shut Down Windows" dialog box Windows XP load phases

Begins when boot phase is completed Configuration is selected

Booting Windows XP (Page 2)

Boot Phase Steps Power-on self test

(POST) Initial startup Boot loader Select operating

system Detect hardware Select configuration

Windows XP Load Phase Load the kernel Initialize the kernel Services load Windows XP system

startup Log on

Power-on Self Test (Page 1)

First step in boot sequence (the POST) for any computer with an operating system

Determines: Amount of real memory that exists Whether or not all necessary hardware

components are present and functioning The specific tests vary depending on how

the BIOS (Basic Input/Output System) is configured


If POST is successful, computer boots itself If the tests are unsuccessful, the computer

reports error by: Emitting a series of beeps (number of beeps

identifies the error—differs from one BIOS to another)

Also possibly might display error message and a code on the screen


Software that performs POST resides in called the CMOS (complementary metal oxide semiconductor) Battery-powered chip that also can hold basic

configuration information so POST can check installed RAM, number and type of hard drives, type of keyboard and mouse, the boot sequence (Which drive first?), etc.

In Windows XP, BIOS no longer stores information about devices and drivers connected to system (replaced by the HAL)

Power-on Self Test

The following screen shows results of sample successful POST completion

Power-on Self Test


After POST completes, each adapter with a BIOS performs its own self-test (POST), i.e. Video card SCSI (small computer system interface)

cards which are interfaces that provide much faster data transmission rates than standard parallel and serial ports; used for printers, scanners, etc.

Adapters issue their own reports on monitor


At this point there still is no operating system in RAM … POST application in the BIOS is in control Output on screen is in basic, text-only form

Initial Startup (Page 1)

The BIOS finds the first sector of the first hard drive which contains the Master Boot Record (MBR) and transfers control to it: It is the job of MBR ultimately to load the

Ntldr program (the boot loader program) and pass control of the boot process on to it (either directly or indirectly)


The Master Boot Record (con.): In FAT partitions, because the boot sector is

only one sector in size, MBR points to another location on disk which then points to the boot loader

In NTFS partitions, boot sectors may be up to 16 sectors in size so it is large enough to store the code to find the boot loader

If booting from a floppy, the first sector contains the partition boot sector


BIOS stores information as to the order in which drives are checked to see which is the startup drive (as stored in CMOS) If floppy drive is in the sequence, partition boot

sector is loaded and runs the MBR from the floppy

If the floppy does not have a partition boot sector, the message "Non-system disk or disk error …" appears

Remove disk, and turn machine off an then on—do not reboot to avoid viruses


Ntldr is stored on the system partition This is the partition where the MBR expects to

find the system Ultimately its job is to boot the Windows XP

operating system which is stored on the boot partition The system itself actually can be stored on

any partition The system and boot partitions may or may

not be the same

Boot Loader (Page 1)

Collection of files on system partition used to initiate loading of operating system

Required files to boot Windows XP are Ntldr, Ntdetect.com and Boot.ini Other optional boot loader programs are

Bootsect.dos and Ntbootdd.sys

Windows XP Startup Files


The boot loader first switches processor into 32-bit mode Previously it had been running in real mode

as if it were an 8088 or 8086 machine Next it starts the appropriate file system,

FAT, FAT32 or NTFS The ability to access any of the file systems

is programmed into Ntldr


Primary functions of the boot loader are to:1. Select the operating system to load if there

is more than one from which to choose

2. Detect hardware

3. Select a configuration Ntldr stays in control throughout boot

loader process until it loads and passes control to Windows XP kernel (Ntoskrnl.ext)

Selecting the Operating System

Ntldr reads Boot.ini and displays the Boot selection menu (if necessary) Contains operating system choices, if more

that one, from which the user may choose It also is possible from this screen to press

<F8> to reach the "Troubleshooting and Advanced Startup" screen (more later)

Will auto select first option after a specified number of seconds

Change default O/S or time in Boot.ini

Boot Selection Menu

Detecting Hardware

If the user selects Windows XP (or if it is the only O/S present), Ntldr executes Ntdetect.com Used to collect a list of hardware currently

installed in computer From hardware list, creates system profile

Later will be compared to Windows XP Registry entries for discrepancies that could lead to problems

Selecting a Configuration

Next boot loader selects a configuration Known as the hardware profile

If there is one hardware profile, it is selected If there is more than one, system tries to

select one that matches detected hardware If system cannot make automatic selection,

user is prompted for manual selection

Troubleshooting and Advanced Startup Options (Page 1)

Windows XP combines the boot and recovery options of Windows NT and Windows 95/98

Provides several options to restore a malfunctioning system to functional state

Before timer expires, or Windows XP kernel starts to load, press <F8> to access Windows Advanced Options Menu

Troubleshooting and Advanced Startup Options


Contents of menu may include: Safe Mode—boots Windows XP with only

minimum system files and drivers May be able to boot into a functioning system

when some drivers are corrupted Might allow replacing or removing the

problem driver before rebooting Safe Mode with Networking—same as

above but with networking components If network drivers are not the problem


Contents of menu may include (con.): Safe Mode with Command Prompt—same

as above but not to the GUI environment Enable Boot Logging—enables or disables

boot process, and writes details to log file Ntbtlog.txt in %systemroot% folder

Records process of steps between boot menu and logon prompt which could provide clues to which driver, system or procedure is causing the problem


Contents of menu may include (con.): Enable VGA Mode—normal boot but with

only basic VGA video driver (in case there is a bad video driver)

Last Known Good Configuration—state of Registry during last successful user logon

Could be useful if a new driver or software recently has been installed, or the Registry was recently modified


Contents of menu may include (con.): Directory Services Restore Mode—only on

Windows XP domain controllers, restores Active Directory


Contents of menu may include (con.): Debugging Mode—normal boot but sends

debugging information to another system over a serial cable

If no other option helps in restoring system, may help determine where in boot process the problem occurs

Complex information usually used by high-end programmers—consult Microsoft Windows XP Professional Resource Kit

*** Activity ***

Try one or more of following boot options (press <F8> function key during boot): Safe Mode Safe Mode with Command Prompt Enable VGA Mode Last Known Good Configuration

Reboot normally when done

Boot Configuration and Selecting an Operating System (Page 1)

Controlled through configuration of the Boot.ini file … Located in the root directory of the system

partition (usually drive C:\) To view the file, uncheck "Hide Protected

operating system files" in Folder Options Updated from the "System and Recovery"

dialog window on the Advanced tab of Control Panel's System applet

To Sample"Boot.ini"

Boot Configuration and Selecting an Operating System (Page 2)

Used by boot loader to display the list of available operating systems

Consists of two sections: [boot loader] and [operating systems]

To Sample"Boot.ini"

Sample "Boot.ini"

Return

Settings: Timeout—number of seconds system waits

for user to select an operating system … If set to zero (0), the default operating

system is loaded automatically If set to (-1), waits indefinitely (this value

only can be set in text editor—an invalid value in System applet in "Control Panel"

Default—shows path to default O/S

[boot loader]

To Sample"Boot.ini"

[operating systems] (Page 1)

Lists available operating systems as follows: Path to boot partition for operating system Text displayed in boot loader screen Optional parameters (switches) provide

options many of which are equivalent to <F8> "Windows Advanced Options Menus"

As well as a few other options

To Sample"Boot.ini"


Switches: /BASEVIDEO—same as Enable VGA Mode /BAUDRATE=n—baud rate for Debugging

Mode /BOOTLOG—same as Enable Boot Logging /CRASHDEBUG—starts Debugging Mode but

remains inactive until STOP error occurs


Switches (con.): /DEBUG—starts Debugging Mode and allows

access by the remote computer /DEBUGPORT={com1|com2|1394}—sets port

for Debugging Mode /FASTDETECT={com1|com2|…}—specifies

serial ports to skip during hardware scan All if no port specified Included in every entry by default when the

operating system is installed


Switches (con.): /MAXMEM=n—sets maximum RAM O/S

can use /NOGUIBOOT—boots without showing

splash screen /NODEBUG—disables Debugging Mode /NUMPROC=n—sets maximum number of

processors on multiprocessor machine that O/S may use


Switches (con.): /SAFEBOOT:MINIMAL—boots to Safe Mode /SAFEBOOT:NETWORK—boots to Safe

Mode with Networking /SAFEBOOT:MINIMAL(ALTERNATESHELL)

—boots to Safe Mode with Command Prompt

/SOS—displays device driver names when they are loaded

Advanced RISC Computing Pathnames (Page 1)

Advanced RISC Computing pathname is a path naming convention that is used in the "Boot.ini" file

Defines the hard disk, partition and folder where Windows XP Professional and any other operating systems reside

Created automatically when an operating system is installed into a partition

To Sample"Boot.ini"

Advanced RISC Computing Pathnames (Page 2)

The parts of the path are: scsi(n) or multi(n)—whether the drive type

is SCSI or other (multi) and the adapter number

disk(n)—the SCSI bus number rdisk(n)—which disk contains the O/S partition(n)—selects partition with the O/S \path—select path with the O/S

To Sample"Boot.ini"

Editing Boot.ini

Options for editing (see next slides): Use Control Panel to edit indirectly Use text editor (i.e. Notepad) to change

the Boot.ini file directly

Using Control Panel

Safest way to proceed Select System applet in "Control Panel", then

select Advanced tab, and the Startup and Recovery <Settings> button

Options to modify: Choose "Default operating system" (the default

boot selection) Select "Time to display list of operating

systems" (delay interval before boot selection starts automatically)

Startup and Recover Dialog

Using a Text Editor

Use Notepad or any other text editor The <Edit> button in the "Startup and

Recovery" window launches Notepad and opens the Boot.ini file

Be careful when editing file Windows XP might not boot if there is an

incorrect configuration Create backup copy of the file before

making changes

*** Activity ***

Before starting this activity, you should backup boot.ini

Modify "timeout" value using Notepad Set the "timeout" value back to its original

value (30) using Startup and Recovery dialog in System applet in "Control Panel"

Return to Notepad and open boot.ini to confirm the change

*** Activity ***

Before starting this activity, you should backup boot.ini

In Notepad, create one or more additional operating system entries, i.e. An additional Windows XP Professional

entry but booting in VGA Mode A fictional entry for Windows 2000 on an

alternate partition

See next slideSee next slide

Sample "Boot.ini"

[boot loader]

timeout=30

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Pro VGA Mode" /fastdetect /basevideo

multi(0)disk(0)rdisk(3)partition(2)\WINNT="Microsoft Windows 2000" /fastdetect

To Sample"Boot.ini"

Windows XP Load Phase

Stages: Loading the kernel Initializing the kernel Services load Windows XP system startup Logging on

Loading the Kernel (Page 1)

Once Windows XP is selected as O/S to boot, a "Starting Windows…" text message and the XP splash screen are displayed

During this time the boot loader loads the kernel into memory (consists of): Windows XP kernel (Ntoskrnl.exe) Hardware abstraction layer (HAL), the file

that is named Hal.dll


The kernel is the central module of an operating system: Loads first and remains in

main memory at all times Essential that it is as small as

possible while still providing services required by the O/S and applications


The kernel (con.) Communicates between processes and

the hardware Responsible for memory management,

process and task management, and disk management


The Hardware Abstraction Layer (HAL) is an O/S programming component Functions as an interface between the

system’s hardware and software Applications do not access hardware

directly but access the abstract layer provided by the HAL


Hardware Abstraction Layer (con.): Like APIs, allows applications to be device-

independent They abstract information from systems

such as caches, I/O buses and interrupts Use this data to give the software a way to

interact with the specific requirements of the hardware on which it is running


Before kernel and HAL begin to execute, the boot loader loads the Registry key HKLM\SYSTEM … Retrieves configuration based upon Registry

subkey HKLM\SYSTEM\Select data value CurrentControlSet is created (not written to

Registry yet) from one of the following: ControlSet00x, a per either the Select or

LastKnownGoodRecovery (if “Last Known Good Configuration” was selected) data value, Default, etc.

See next slide (HKLM\SYSTEM\Select)

Loading the Kernel

Return


Loads drivers listed in Registry subkey: HKLM\SYSTEM\CurrentControlSet\Services These drivers are loaded and/or initialized

according to their Registry settings

See next slide (HKLM\SYSTEM\CurrentControlSet\Services

Loading the Kernel

Return

Initializing the Kernel (Page 1)

Registry key HKLM\HARDWARE created by kernel using information it received from boot loader program Ntdetect.com

Creates CloneControlSet by making a copy of CurrentControlSet Never modified—intended as a backup

Initializes drivers that were loaded by the boot loader


If the driver experiences an error while loading, a message with the error level reported is reported to the kernel: Ignore—error is ignored and no message is

displayed to user Normal—boot process continues with

message displayed to user


Driver error levels (con.): Severe—displays message; if Last Known

Good Configuration is not in use, restarts using LKGC; if LKGC is in use, boot process continues after message

Critical—displays message; if Last Known Good Configuration is not in use, restarts using LKGC; if LKGC is in use, boot process fails after message

All events saved to the System log

Services Load (Page 1)

Kernel starts Session Manager Starts programs that correspond to key

entries under Registry key: HKLM\SYSTEM\CurrentControlSet\

Control\Session Manager\BootExecute A REG_MULTI_SZ data type, i.e. an array

The default entry Autocheck makes sure these files are consistent, and tries to repair them if they are not

See next slide (HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute

Services Load

Return


Paging files are set up as per: HKLM\SYSTEM\CurrentControlSet\

Control\Session Manager\Memory Management

See next slide (HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

Services Load

Return


Session Manager writes to Registry: CurrentControlSet CloneControlSet

Windows (Win32) subsystem loaded as per Registry entry: HKLM\SYSTEM\CurrentControlSet\Control\

Session Manager\Subsystems Default subsystem, and also the subsystem

in which the user shell always executes

See next slide (HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Subsystems

Services Load

Return

Windows XP System Startup

At this point, Windows is considered fully started which is signaled by appearance of a Windows XP logon screen

Win32 subsystem starts winlogon.exe which launches Local Security Authority (Lsass.exe) process

Logging On

The user logs on successfully with logon name, as well as a password if required

Clone control set is copied to the Last Known Good control set completing the boot process

Multiple-boot Systems (Page 1)

Windows XP operating system can coexist peacefully with other operating systems

Operating system uses one or more file systems to organize the data within volumes, i.e. FAT or NTFS


Not all file systems and operating systems are compatible: MS-DOS, Windows 95/98, Windows NT,

Windows 2000, Windows Server 2003 and Windows XP can share files through FAT volumes

Windows NT, Windows 2000, Windows Server 2003 and Windows XP can share files through NTFS volumes


File system and operating system compatibility (con.): Windows and UNIX do not have a common file

system, but Linux can access FAT volumes Only Windows 2000, Windows Server 2003 and

Windows XP support dynamic disks When selecting file systems for partitions in a

multiple-boot system, keep these factors in mind if you wish to share files between the partitions

Multiple Windows Operating Systems (Page 1)

Different versions of Windows can be installed on the same system, i.e. Windows 3.1, Windows 3.11, Windows

95/98, Windows NT, Windows 2000, Windows Server 2003, even Linux/Unix

Even the same version of Windows XP can be installed on separate partitions

Multiple Windows Operating Systems (Page 2)

Why? User needs to run software versions that require an older O/S

Just remember to specify different partitions for each installation

To run an application under two O/S’s, run the setup program twice, once while booted to each operating system

Multiple Installation Order

Order in which you install operating systems is important

Install older operating systems first, i.e. MS-DOS, Windows 95/98, Windows

2000/2003, etc. This really is a warning, not necessarily an

absolute requirement When installing Windows XP, it recognizes the

previously installed older O/S and leaves it alone

Windows XP Boot Process 70-270: MCSE Guide to Microsoft Windows XP Professional.

Documents

self test slide

boot sectors

boot sequence

windows xp boot process

self test page

partition boot sector

screen slide

boot loader program