Windows Boot Concepts & its sequence - LetsDiskuss
LetsDiskuss Logo
Create Blog

Windows Boot Concepts & its sequence

liaitamil maran

@ liaitamil-maran=6145 | | others

Windows server/machine boots which involves multiple steps and multiple files. Lists are just an attempt to put all the pieces together.

Power on the machine

POST (Power On Self Test)

POST verifies if the volume and current levels are correct.

If everything is cleared and good, then power good signal is sent to the Processor.

The microprocessor then executes BIOS.

BIOS (Basic Input Output Systems)

It is a hardcoded code or firmware with a set of instruction.

It resides on ROM, which is present on the motherboard.

It then accesses the information stored in CMOS, DIP switch, Jumper and assigns the necessary system resources.

Now it determines the sequence of devices to load based on the settings stored on BIOS to start the OS.

It will start by reading from the first bootable device, that can be a hard drive, cd anything.

If it does not find the specified device, the boot process will fail with an error.

MBR – Master Boot Record

This is the first 512 bytes of a block on disk sector which contains 64 bytes of the partition table and some inbuilt program which has the below function

Finds Active Drive

Bootable partition

Reads Boot Sector ( It is the first sector on the Active disk partition)

Note: MBR and Boot Sector gets created during OS installation.

Note: Why only 4 primary partition types are allowed for MBR partition type.

MBR contains 64 bytes of partition table info for 4 partitions with 16 bytes each.

The Boot Sector loads “bootmgr” → This is called boot loader

The boot loader ( bootmgr ) looks for the active partition on the drive.

It then loads the Boot Configuration Database (bcd).

It uses the information stored in the BCD to finish finding and loading the selected Operating System.

Windows Boot Loader loads the OS Kernel but does not initialize it, the OS components are stored on RAM then.

The boot loader loads HAL.dll file. This provides an interface between the OS and a particular set of hardware.

The kernel initializes and takes over from the boot loader.

The Registry with HKEY_LOCAL_ MACHINE\HARDWARE key, and

HKEY_LOCAL_MACHINE\SYSTEM\SELECT subkey (called the “Clone Control Set”) and loads the remainder of the device drivers.

Control sets are areas of the registry that contain the low-level configuration for the system, such as the list of device drivers and services to start.

Finally, the session manager is started, which executes any boot-time command files.

Which creates a paging file for the Virtual Memory Manager

Creates links to the file system that can be used by DOS commands, and finally starts the I/O subsystem to handle all I/O.

Files Access during a boot process.

To see the system and windows files during boot. You need to unhide the files.

A sequence of files during the boot process.

C:\ bootmgr


C:\Windows\Systems32\winload.exe → This loads ntoskernal

C:\Windows\system32\ntoskrnl.exe → Operating system kernel

C:\window\system32\hal.dll → Manages low-level hardware.

C:\windows\systems32\smss.exe → Session manager file.

C:\windows\system32\csrss.exe → Wind32 Subsystems

C:\windows\systems32\winlogon.exe → Provides the logon screen


C:\windows\system32\lsass.exe → Authenticate users

C:\windows\systems32\config → Registry hive

C:\windows\systems32\drives → loads all system hardware drivers

About Us

We are specialized in accelerated, automated, agentless cloud migrations at scale. We can support your entire Cloud Migration process from start to finish.