Windows Boot Concepts & its sequence
Windows server/machine boots which involves multiple steps and multiple files. Lists are just an attempt to put all the pieces together.
Power on the machine
POST (Power On Self Test)
POST verifies if the volume and current levels are correct.
If everything is cleared and good, then power good signal is sent to the Processor.
The microprocessor then executes BIOS.
BIOS (Basic Input Output Systems)
It is a hardcoded code or firmware with a set of instruction.
It resides on ROM, which is present on the motherboard.
It then accesses the information stored in CMOS, DIP switch, Jumper and assigns the necessary system resources.
Now it determines the sequence of devices to load based on the settings stored on BIOS to start the OS.
It will start by reading from the first bootable device, that can be a hard drive, cd anything.
If it does not find the specified device, the boot process will fail with an error.
MBR – Master Boot Record
This is the first 512 bytes of a block on disk sector which contains 64 bytes of the partition table and some inbuilt program which has the below function
Finds Active Drive
Reads Boot Sector ( It is the first sector on the Active disk partition)
Note: MBR and Boot Sector gets created during OS installation.
Note: Why only 4 primary partition types are allowed for MBR partition type.
MBR contains 64 bytes of partition table info for 4 partitions with 16 bytes each.
The Boot Sector loads “bootmgr” → This is called boot loader
The boot loader ( bootmgr ) looks for the active partition on the drive.
It then loads the Boot Configuration Database (bcd).
It uses the information stored in the BCD to finish finding and loading the selected Operating System.
Windows Boot Loader loads the OS Kernel but does not initialize it, the OS components are stored on RAM then.
The boot loader loads HAL.dll file. This provides an interface between the OS and a particular set of hardware.
The kernel initializes and takes over from the boot loader.
The Registry with HKEY_LOCAL_ MACHINE\HARDWARE key, and
HKEY_LOCAL_MACHINE\SYSTEM\SELECT subkey (called the “Clone Control Set”) and loads the remainder of the device drivers.
Control sets are areas of the registry that contain the low-level configuration for the system, such as the list of device drivers and services to start.
Finally, the session manager is started, which executes any boot-time command files.
Which creates a paging file for the Virtual Memory Manager
Creates links to the file system that can be used by DOS commands, and finally starts the I/O subsystem to handle all I/O.
Files Access during a boot process.
To see the system and windows files during boot. You need to unhide the files.
A sequence of files during the boot process.
C:\ BOOT \ BCD
C:\Windows\Systems32\winload.exe → This loads ntoskernal
C:\Windows\system32\ntoskrnl.exe → Operating system kernel
C:\window\system32\hal.dll → Manages low-level hardware.
C:\windows\systems32\smss.exe → Session manager file.
C:\windows\system32\csrss.exe → Wind32 Subsystems
C:\windows\systems32\winlogon.exe → Provides the logon screen
C:\windows\system32\lsass.exe → Authenticate users
C:\windows\systems32\config → Registry hive
C:\windows\systems32\drives → loads all system hardware drivers