1. The average person who uses a computer on a regular basis doesn't think about
how computers work once the power is turned on. As long Microsoft Windows
pops up within a few seconds, most people are quite content to move onto the task
at hand without knowing anymore.
But once you learn about how computers work, you'll see that these machines are
really engineering marvels. The boot process alone is amazing.
From the moment the power is turned on, a computer goes through a multitude of
processes before its operating system (i.e., Windows XP) is fully loaded and takes
over.
Here's a curious fact about how computers work:
Most computer systems can only run programs which are found in memory (ROM
or RAM). But current operating systems like Windows XP are too big to reside just
in memory, so they are stored on the hard disk of the computer, or occasionally on
USB flash drives, or other non-volatile storage devices.
This means that when a computer is first powered on, it does not have an operating
system in memory. Plus, by itself, the computer's hardware can’t perform complex
actions like loading the operating system from the disk. So, an apparent roadblock
exists. If Windows isn't stored in memory, and the hardware can't load it from disk,
how does it start when you turn on your computer?
The answer is in a small program called a bootstrap loader. The bootstrap loader’s
only job is to load other software, usually in a sort of sequential chain up to the
point when the operating system can get loaded into memory and start. The name
2. "bootstrap loader" comes from the idea that the computer is pulling itself up by its
"bootstraps".
This sequential bootstrap loading process is what happens when you press the
power button on a Windows XP computer, and it is an essential part of how
computers work.
Important: For troubleshooting purposes, pay particular attention to the areas
below that start with "Note:"
How Computers Work When Booting Up
You press the computer power button. This begins a lightening quick (hopefully)
but complex process. Here's how computers work during the boot phase:
Electricity flows and first thing, the computer's power supply performs a self test.
If all is well, it sends a "Power Good" signal to the "brain" or CPU (Central
Processing Unit) of the computer. This takes about ½ second.
Once it gets the thumbs up from the power supply, the CPU begins operations, and
executes the instructions found in a chip called the ROM BIOS (Read Only
Memory, Basic Input/Output System). The ROM BIOS chip has information
permanently burned into it, so the information stays even when the power is off.
This ROM BIOS (or just BIOS) chip is designed to begin giving commands as
soon as it receives power. It contains information which includes an entire set of
instructions to manage the computer's boot-up process.
3. The BIOS chip is a critical player in how computers work. Without it, the
computer wouldn't know what to do next in the bootstrap process.
The BIOS chip's first task is to start a basic check of the computer’s central
hardware (disk drives, keyboard, the mouse, printer, scanners, etc.) to verify that
all are working properly. This is called a power-on self-test (POST).
The BIOS also looks for and activates other ROM BIOS chips on different cards
installed in the computer (i.e., sound and video graphics cards) and provides a set
of low-level routines that the operating system uses to interface with all the
different hardware devices such as the keyboard, mouse, printer, etc. (A "routine"
is a simple set of instructions for carrying out a specific but limited task. It's used
frequently in explanations of how computers work).
At about the same time, the BIOS checks to see if the computer is performing a
cold boot or a warm boot (reboot). If the computer is simply rebooting, the BIOS
skips the rest of POST, and goes directly to loading the operating system.
If the BIOS finds the computer is starting from a powered off state, it then
completes a full POST, which means it verifies RAM (Random Access Memory),
checks the PS/2 ports or USB ports for a keyboard and a mouse, and finishes
verifying that all peripheral hardware is working.
The BIOS then looks for a peripheral component interconnect (PCI) bus and, if it
finds one, it checks all the PCI cards. (A bus is a collection of wires through which
data is transmitted from one part of a computer to another).
4. NOTE: If the BIOS finds any errors during the POST, it will notify you by a series
of beeps or a text message displayed on the screen. An error at this point is almost
always a hardware problem.
(If you know how computers work, these mysterious sounds start to make sense)!
The BIOS then checks the CMOS for a list of disks identified as boot devices. The
CMOS is another internal computer chip which holds the boot disk list information
(and other information including the date and time). It has a tiny battery that
supplies just enough electricity to do the job.
The BIOS tries to initiate the boot sequence from the first device listed in the
CMOS list of boot devices. (This list might read like this: 1 - floppy drive; 2 - CD-
ROM; 3 - hard drive).
If the BIOS does not find the first device, (i.e. no floppy disk is available) it will
then try the next device in the boot list.
NOTE: Here's a fact about how computers work that you may have experienced; if
the BIOS does find a boot device but does NOT find a proper Master Boot Record
(MBR)on the device, the startup process will come to grinding halt.
If you have ever left a floppy disk in the drive when you restarted your computer,
you’ve witnessed this. You get a message saying “Non system disk or disk error.
Replace and strike any key when ready”.
This is because the CMOS showed the floppy disk as the first "boot" disk and tried
to use it to boot the computer. Floppies don't usually have MBRs on them, hence
the error.
5. (This message will make your heart stop for a moment, until you figure out it just
means you need to take the floppy out of the drive and restart).
(Interesting that knowing how computers work is good for your health! :)
Once the BIOS finds a suitable boot device with a valid Master Boot Record, it
transfers responsibility for the rest of the boot process to that device. (Normally,
the valid boot device would be the hard drive of your computer).
The Master Boot Record on the hard disk has two parts: the first part describes
how the hard disk is structured or partitioned, and the second part contains the
partition loader code, which includes instructions for continuing the boot process.
The partition loader code is what takes over the boot process from the BIOS.
Once this MBR is verified, the boot instructions located in the MBR are executed
as a program.
A hidden file called NTLDR switches the CPU to a protected operating mode
which places the processor in 32-bit memory mode and turns memory paging on.
This basically means it puts the CPU in a mode from which it can load and run the
32-bit Windows operating system.
NTLDR then looks for a file called Boot.ini. If the boot.ini file exists, it will be
loaded it into memory and any custom settings displayed.
6. This might include a choice of two different operating systems; for example, some
people like to have two different versions of Windows, or Windows and Linux
available to them upon booting up.
For our purposes here, we’ll stick to just plain old Windows XP Service Pack 2.
If no boot.ini file exists, NTLDR then tries to launch Windows XP from the 1st
partition of the first hard disk, namely C: drive.
NTLDR looks for a file called NTDETECT.COM which is a file that detects and
collects a list of the currently installed hardware components.
This list gets loaded into the Windows registry under the
HKEY_LOCAL_MACHINE hardware key. (If the computer has more than one
hardware profile, it will stop at this point and display a Hardware
Profiles/Configuration Recovery menu). Most computers have only one hardware
profile.
After selecting a hardware configuration, NTLDR begins to load the Windows XP
kernel file, called NTOSKRNL.EXE. The kernel is the central component of most
computer operating systems. Its responsibilities include managing the system's
resources and the communication between hardware and software components.
At the same time, NTLDR also loads the Hardware Abstraction Layer
(HAL.DLL). This file protects the kernel file from hardware requests during the
first phase of its initial start up. Finally NTLDR loads the device drivers for the
boot devices.
7. At this point, the kernel takes over the booting process. It begins its second startup
phase and with the help of the HAL, it begins accepting interrupts and loading the
various Windows management modules. (Interrupts are basically "calls" or
requests to the kernel to perform a task).
The Object Manager, Memory Manager, Security Reference Manager, and the
Process Manager are initialized. In addition, during this second kernel phase, the
I/O Manager is initialized and this begins the process of loading all the systems
driver files.
NOTE:If any of these driver files fails to load, it may prompt the computer to
reboot and try to start the system from the Last Known Good Configuration.
The last task for the kernel is to launch the Session Manager Subsystem (SMSS).
The SMSS is responsible for creating the user-mode environment that provides the
graphical user interface (GUI) to Windows XP.
SMSS loads a file called win32k.sys which in turn starts the Win32 graphics
subsystem. Shortly after win32k.sys starts, it switches the screen into graphics
mode.
The Services Subsystem now starts all the software which has been marked to
Auto Start. This would include your anti-virus programs, anti-spyware programs,
and the like that run in the background, protecting your computer.
Once all devices and services are started, Windows assumes the boot is successful,
and it writes the current configuration to the Last Known Good Configuration file.
Now the Windows Login process starts. The kernel loads a file called
WINLOGON.EXE which is taken over by a process called the Local Security
Authority (LSASS.EXE).
8. A Windows logon dialog box is displayed, which appears at approximately the
same time that the Services Subsystem starts the network service.
(On most home machines with one user profile, you won’t see the login box. It will
just boot directly into Windows at this point, but it's logging you in automatically).
Whew, that’s a lot of stuff happening in the 60-90 seconds it takes for your
computer to boot up to Windows, huh?