The next step after having chosen Windows XP from the boot.ini menu is to have ntdetect.com run. ntdetect.com's only job is to find out what hardware is present on the system. This detection process is similar to what happens during the POST process at the hardware level. ntdetect.com checks for the following components:
- Bus/adapter type
- Communication ports
- Computer ID
- Floating-point coprocessor
- Floppy disks
- Mouse/pointing device
- Parallel ports
- SCSI adapters
- Video adapters
This information creates a hardware tree that is passed back to ntldr and eventually given to ntoskrnl.exe, which places it in the Registry.
The main goal of the boot process is to get the operating system kernel loaded and functioning. The computer has already given you a choice of OSes, inventoried the hardware, and is now ready to actually start loading the OS into memory. ntoskrnl.exe represents the first and most important step in this process. The OS kernel for Windows XP is responsible for all thread level scheduling on the system. It plays a major control role, managing all of the other components on the system. Without it, there would be anarchy in the OS.
ntldr proceeds to the path that is specified in boot.ini to locate ntoskrnl. exe in the system32 folder. If ntldr locates the kernel, it proceeds to execute it. ntldr will generate a missing kernel error message if it fails to locate the kernel. Once the kernel is running, ntldr passes control of the system over to it. There are several steps to the kernel load, starting with loading devices, and then moving on to loading any system services. Once the services are running, it loads the default shell application and user profile.
The default user profile is used to run the user logon process. At this point, the logon screen will tell you to "Press Ctrl+Alt+Delete to begin." After providing logon credentials, that user session is discarded, and a new one is started up for the new user.
In this tutorial:
- System Files and the Boot Process
- Power-On Self-Test (POST) Process
- Standard Boot Process for Windows XP
- ARC pathnames
- The device load process
- Loading the shell
- Understanding the Boot Process for MS-DOS and Windows 9x
- win.com and vmm32
- Managing Memory
- Expanded memory
- Upper memory
- Examining Other Boot Process Files