Windows booting


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Windows booting

  1. 1. The average person who uses a computer on a regular basis doesnt think abouthow computers work once the power is turned on. As long Microsoft Windowspops up within a few seconds, most people are quite content to move onto the taskat hand without knowing anymore.But once you learn about how computers work, youll see that these machines arereally engineering marvels. The boot process alone is amazing.From the moment the power is turned on, a computer goes through a multitude ofprocesses before its operating system (i.e., Windows XP) is fully loaded and takesover.Heres a curious fact about how computers work:Most computer systems can only run programs which are found in memory (ROMor RAM). But current operating systems like Windows XP are too big to reside justin memory, so they are stored on the hard disk of the computer, or occasionally onUSB flash drives, or other non-volatile storage devices.This means that when a computer is first powered on, it does not have an operatingsystem in memory. Plus, by itself, the computers hardware can’t perform complexactions like loading the operating system from the disk. So, an apparent roadblockexists. If Windows isnt stored in memory, and the hardware cant load it from disk,how does it start when you turn on your computer?The answer is in a small program called a bootstrap loader. The bootstrap loader’sonly job is to load other software, usually in a sort of sequential chain up to thepoint when the operating system can get loaded into memory and start. The name
  2. 2. "bootstrap loader" comes from the idea that the computer is pulling itself up by its"bootstraps".This sequential bootstrap loading process is what happens when you press thepower button on a Windows XP computer, and it is an essential part of howcomputers work.Important: For troubleshooting purposes, pay particular attention to the areasbelow that start with "Note:"How Computers Work When Booting UpYou press the computer power button. This begins a lightening quick (hopefully)but complex process. Heres how computers work during the boot phase:Electricity flows and first thing, the computers power supply performs a self test.If all is well, it sends a "Power Good" signal to the "brain" or CPU (CentralProcessing Unit) of the computer. This takes about ½ second.Once it gets the thumbs up from the power supply, the CPU begins operations, andexecutes the instructions found in a chip called the ROM BIOS (Read OnlyMemory, Basic Input/Output System). The ROM BIOS chip has informationpermanently burned into it, so the information stays even when the power is off.This ROM BIOS (or just BIOS) chip is designed to begin giving commands assoon as it receives power. It contains information which includes an entire set ofinstructions to manage the computers boot-up process.
  3. 3. The BIOS chip is a critical player in how computers work. Without it, thecomputer wouldnt know what to do next in the bootstrap process.The BIOS chips first task is to start a basic check of the computer’s centralhardware (disk drives, keyboard, the mouse, printer, scanners, etc.) to verify thatall are working properly. This is called a power-on self-test (POST).The BIOS also looks for and activates other ROM BIOS chips on different cardsinstalled in the computer (i.e., sound and video graphics cards) and provides a setof low-level routines that the operating system uses to interface with all thedifferent hardware devices such as the keyboard, mouse, printer, etc. (A "routine"is a simple set of instructions for carrying out a specific but limited task. Its usedfrequently in explanations of how computers work).At about the same time, the BIOS checks to see if the computer is performing acold boot or a warm boot (reboot). If the computer is simply rebooting, the BIOSskips the rest of POST, and goes directly to loading the operating system.If the BIOS finds the computer is starting from a powered off state, it thencompletes a full POST, which means it verifies RAM (Random Access Memory),checks the PS/2 ports or USB ports for a keyboard and a mouse, and finishesverifying that all peripheral hardware is working.The BIOS then looks for a peripheral component interconnect (PCI) bus and, if itfinds one, it checks all the PCI cards. (A bus is a collection of wires through whichdata is transmitted from one part of a computer to another).
  4. 4. NOTE: If the BIOS finds any errors during the POST, it will notify you by a seriesof beeps or a text message displayed on the screen. An error at this point is almostalways a hardware problem.(If you know how computers work, these mysterious sounds start to make sense)!The BIOS then checks the CMOS for a list of disks identified as boot devices. TheCMOS is another internal computer chip which holds the boot disk list information(and other information including the date and time). It has a tiny battery thatsupplies just enough electricity to do the job.The BIOS tries to initiate the boot sequence from the first device listed in theCMOS list of boot devices. (This list might read like this: 1 - floppy drive; 2 - CD-ROM; 3 - hard drive).If the BIOS does not find the first device, (i.e. no floppy disk is available) it willthen try the next device in the boot list.NOTE: Heres a fact about how computers work that you may have experienced; ifthe BIOS does find a boot device but does NOT find a proper Master Boot Record(MBR)on the device, the startup process will come to grinding halt.If you have ever left a floppy disk in the drive when you restarted your computer,you’ve witnessed this. You get a message saying “Non system disk or disk error.Replace and strike any key when ready”.This is because the CMOS showed the floppy disk as the first "boot" disk and triedto use it to boot the computer. Floppies dont usually have MBRs on them, hencethe error.
  5. 5. (This message will make your heart stop for a moment, until you figure out it justmeans you need to take the floppy out of the drive and restart).(Interesting that knowing how computers work is good for your health! :)Once the BIOS finds a suitable boot device with a valid Master Boot Record, ittransfers responsibility for the rest of the boot process to that device. (Normally,the valid boot device would be the hard drive of your computer).The Master Boot Record on the hard disk has two parts: the first part describeshow the hard disk is structured or partitioned, and the second part contains thepartition loader code, which includes instructions for continuing the boot process.The partition loader code is what takes over the boot process from the BIOS.Once this MBR is verified, the boot instructions located in the MBR are executedas a program.A hidden file called NTLDR switches the CPU to a protected operating modewhich places the processor in 32-bit memory mode and turns memory paging on.This basically means it puts the CPU in a mode from which it can load and run the32-bit Windows operating system.NTLDR then looks for a file called Boot.ini. If the boot.ini file exists, it will beloaded it into memory and any custom settings displayed.
  6. 6. This might include a choice of two different operating systems; for example, somepeople like to have two different versions of Windows, or Windows and Linuxavailable to them upon booting up.For our purposes here, we’ll stick to just plain old Windows XP Service Pack 2.If no boot.ini file exists, NTLDR then tries to launch Windows XP from the 1stpartition of the first hard disk, namely C: drive.NTLDR looks for a file called NTDETECT.COM which is a file that detects andcollects a list of the currently installed hardware components.This list gets loaded into the Windows registry under theHKEY_LOCAL_MACHINE hardware key. (If the computer has more than onehardware profile, it will stop at this point and display a HardwareProfiles/Configuration Recovery menu). Most computers have only one hardwareprofile.After selecting a hardware configuration, NTLDR begins to load the Windows XPkernel file, called NTOSKRNL.EXE. The kernel is the central component of mostcomputer operating systems. Its responsibilities include managing the systemsresources and the communication between hardware and software components.At the same time, NTLDR also loads the Hardware Abstraction Layer(HAL.DLL). This file protects the kernel file from hardware requests during thefirst phase of its initial start up. Finally NTLDR loads the device drivers for theboot devices.
  7. 7. At this point, the kernel takes over the booting process. It begins its second startupphase and with the help of the HAL, it begins accepting interrupts and loading thevarious Windows management modules. (Interrupts are basically "calls" orrequests to the kernel to perform a task).The Object Manager, Memory Manager, Security Reference Manager, and theProcess Manager are initialized. In addition, during this second kernel phase, theI/O Manager is initialized and this begins the process of loading all the systemsdriver files.NOTE:If any of these driver files fails to load, it may prompt the computer toreboot and try to start the system from the Last Known Good Configuration.The last task for the kernel is to launch the Session Manager Subsystem (SMSS).The SMSS is responsible for creating the user-mode environment that provides thegraphical user interface (GUI) to Windows XP.SMSS loads a file called win32k.sys which in turn starts the Win32 graphicssubsystem. Shortly after win32k.sys starts, it switches the screen into graphicsmode.The Services Subsystem now starts all the software which has been marked toAuto Start. This would include your anti-virus programs, anti-spyware programs,and the like that run in the background, protecting your computer.Once all devices and services are started, Windows assumes the boot is successful,and it writes the current configuration to the Last Known Good Configuration file.Now the Windows Login process starts. The kernel loads a file calledWINLOGON.EXE which is taken over by a process called the Local SecurityAuthority (LSASS.EXE).
  8. 8. A Windows logon dialog box is displayed, which appears at approximately thesame time that the Services Subsystem starts the network service.(On most home machines with one user profile, you won’t see the login box. It willjust boot directly into Windows at this point, but its logging you in automatically).Whew, that’s a lot of stuff happening in the 60-90 seconds it takes for yourcomputer to boot up to Windows, huh?