Standard Boot Process for Windows XP
Windows XP-based OSes have their roots in IBM's OS/2. It is partly due to this history that their boot process is very different from Windows 9x. Unlike Windows 9x, there is no real-mode boot component to the OS; Windows XP is a pure 32-bit OS. So the boot processes are similar, only until the boot loader is located at the end of the POST process.
The boot sector is created when the disk is formatted, and it contains a small program that has a mini file-system driver to read FAT, FAT32, and NTFS partitions. This program then looks for the real boot loader, which is ntldr.
Due to ARC naming conventions, Microsoft refers to the drive that has the boot sector on it as the System Partition, and to the partition that has the windows directory on it as the Boot Partition. To help keep these terms straight, remember that the OS does not really "boot" until ntoskrnl.exe is launched from the windows directory. The windows directory for a Windows 2000 computer is winnt.
Windows 2000 and Windows XP use many of the same files as MS-DOS and Windows 9x. However, many files are specific to Windows 2000 and Windows XP. The following sections provide an overview of Windows 2000- and Windows XP-specific files.
ntldr
ntldr is the boot loader for Windows XP. Its job is to coordinate the loading of the rest of the OS. ntldr is located on the root of your system partition, and if it is corrupted, it can easily be replaced from any other working copy of Windows XP. ntldr switches the memory model that is used on the system to a flat memory model, treating all memory on the system as one contiguous block. If your computer requires the ntbootdd.sys file, which is a SCSI controller driver, then it is loaded by ntldr so the rest of the boot process can access the boot drive. ntldr then reads the boot.ini file, if it exists, and displays the list of possible OSes that can be booted. If you want know what happens when the boot.ini file is missing.
After choosing any version of a Windows XP-based OS, ntdetect.com is called. ntdetect.com performs a hardware detection, scanning all hardware ports, processor make, model, and description, and the amount of RAM on the system. Once this information has been collected, it is returned to ntldr and will eventually make up the HKEY_LOCAL_MACHINE\HARDWARE key of the Registry.
The last step that is performed by ntldr is to launch ntoskrnl.exe. To launch ntoskrnl.exe, ntldr goes to the system32 subdirectory of the directory that is listed in the boot.ini file.
When formatting a floppy disk using Windows XP, the boot sector is set to look for ntldr. If you leave a disk in your computer when it is being rebooted, you will see this message:
NTLDR is Missing Press any key to restart.
For disks formatted with Windows 9x, this message will appear:
Invalid system disk Replace the disk, and then press any key
In this tutorial:
- System Files and the Boot Process
- Power-On Self-Test (POST) Process
- Standard Boot Process for Windows XP
- ntbootdd.sys
- ARC pathnames
- ntdetect.com
- The device load process
- Loading the shell
- Understanding the Boot Process for MS-DOS and Windows 9x
- msdos.sys
- config.sys
- command.com
- autoexec.bat
- win.com and vmm32
- Managing Memory
- Expanded memory
- Upper memory
- himem.sys
- Examining Other Boot Process Files
- system.ini
- win.ini