Files Used in the Startup Process
Windows 10 requires certain files during Startup. Tthe appropriate location of each file, and the phases of the startup process associated with each flle,
Files Used in the Windows 10 Startup Process
NTLDR ,BOOTJNI, BOOTSECT.DOS, NTDETECT. COM ,NTBOOTDDSYS, NTOSKRNLEXE,HALDLL SYSTEM, DeVice drivers (.sys)
What Happens During the Preboot Sequence
During startup, a computer running Windows10 initializes and then
locates the boot portion of the hard disk.
The following four steps occur during the preboot sequence:
1. The computer runs power-on self test (POST) routines to determine the amount of physical memory, whether the hardware components are present, and so on. If the computer has 2 Plug and Play-compatible basic input/output system (BIOS), enumeration and configuration of hardware devices occurs at this stage.
2. The computer BIOS locates the boot device, and then loads and runs the Master Boot Record (MBR).
3. The MBR scans the partition table to locate the active partition, loads the boot sector on the active partition into memory, and then executes it.
4. The computer loads and initializes the NTLDR file, which is the operating system loader.
Windows Setup modifies the boot sector during installation so that NTLDR loads during system startup.
There are a number of problems that can occur during the preboot sequence, including the following:
Improper hardware configuration or malfunctioning hardware If the BIOS cannot detect a hard drive during its POST routine, startup fails early during the preboot sequence and usually presents a message stating that a hard drive cannot be located.
Corrupt MBR If your MBR becomes corrupt (a fairly common action taken by Viruses), you can generally repair it by using the Recovery Console. Antivirus software can prevent and often repair a corrupt MBR.
USB disk inserted If you see an error message stating that themis a non system disk or a disk error, or stating that no operating systm could he found, ‘ common reason is that a universal serial bus (058) flash memory disk is inserted in the drive during startup. On most computers, BIOS is configured by default to try starting using the available USB drive before u attempts to start by using the hard drive.
After the computer loads NTLDR into memory, the boot sequence gathers information about hardware and drivers in preparation for the Windows 10 load phases. The boot sequence uses the following files: NTLDR, BOOTJNI, BOOT“ SECTDOS (optional), NTDETECTCOM, and NTOSKRNLEXE.
The boot sequence has four phases: initial boot loader phase, operating system selection, hardware detection, and configuration selection (described in the following sections).
Initial Boot Loader Phase
During the initial boot loader phase, NTLDR switches the microprocessor from real mode to 32-bit flat memory mode, which NTLDR requires to carry out any additional functions. Next, NTLDR starts the appropriate minifile system drivers. The minifile system drivers are built into NTLDR so that NTLDR can find and load Windows from partitions formatted with file allocation table (FAT), FAT32, or NT file system (NTFS).
Operating System Selection
During the boot sequence, NTLDR reads the BOOT.INI file. If more than one operating system selection is available in the BOOT.INI file, 3 Please Select The Operating System To Start screen appears, listing the operating systems specified in the BOOTJNI file. If you do not select an entry before the timer reaches zero, NTLDR loads the operating system specified by the default parameter in the BOOT.INI file. Windows 10 Setup sets the default parameter to the most recent Windows 10 installation. If there is only one entry in the BOOT.INI file, the Please Select The Operating System To Start screen does not appear, and the default Operating system is automatically loaded.
If the BOOTJNI file is not present, NTLDR attempts to load Windows 10from the first partition of the first disk-typically C:.
The following four steps occur during the preboot sequence:
1. The computer runs power-on self test (POST) routines to determine the amount of physical memory, whether the hardware components are present, and so on. If the computer has 2 Plug and Play-compatible basic input/output system (BIOS), enumeration and configuration of hardware devices occurs at this stage.
2. The computer BIOS locates the boot device, and then loads and runs the Master Boot Record (MBR).
3. The MBR scans the partition table to locate the active partition, loads the boot sector on the active partition into memory, and then executes it.
4. The computer loads and initializes the NTLDR file, which is the operating system loader.
Windows Setup modifies the boot sector during installation so that NTLDR loads during system startup.
There are a number of problems that can occur during the preboot sequence, including the following:
Improper hardware configuration or malfunctioning hardware If the BIOS cannot detect a hard drive during its POST routine, startup fails early during the preboot sequence and usually presents a message stating that a hard drive cannot be located.
Corrupt MBR If your MBR becomes corrupt (a fairly common action taken by Viruses), you can generally repair it by using the Recovery Console. Antivirus software can prevent and often repair a corrupt MBR.
USB disk inserted If you see an error message stating that themis a non system disk or a disk error, or stating that no operating systm could he found, ‘ common reason is that a universal serial bus (058) flash memory disk is inserted in the drive during startup. On most computers, BIOS is configured by default to try starting using the available USB drive before u attempts to start by using the hard drive.
What Happens During the Boot Sequence
After the computer loads NTLDR into memory, the boot sequence gathers information about hardware and drivers in preparation for the Windows 10 load phases. The boot sequence uses the following files: NTLDR, BOOTJNI, BOOT“ SECTDOS (optional), NTDETECTCOM, and NTOSKRNLEXE.
The boot sequence has four phases: initial boot loader phase, operating system selection, hardware detection, and configuration selection (described in the following sections).
Initial Boot Loader Phase
During the initial boot loader phase, NTLDR switches the microprocessor from real mode to 32-bit flat memory mode, which NTLDR requires to carry out any additional functions. Next, NTLDR starts the appropriate minifile system drivers. The minifile system drivers are built into NTLDR so that NTLDR can find and load Windows from partitions formatted with file allocation table (FAT), FAT32, or NT file system (NTFS).
Operating System Selection
During the boot sequence, NTLDR reads the BOOT.INI file. If more than one operating system selection is available in the BOOT.INI file, 3 Please Select The Operating System To Start screen appears, listing the operating systems specified in the BOOTJNI file. If you do not select an entry before the timer reaches zero, NTLDR loads the operating system specified by the default parameter in the BOOT.INI file. Windows 10 Setup sets the default parameter to the most recent Windows 10 installation. If there is only one entry in the BOOT.INI file, the Please Select The Operating System To Start screen does not appear, and the default Operating system is automatically loaded.
If the BOOTJNI file is not present, NTLDR attempts to load Windows 10from the first partition of the first disk-typically C:.
Hardware Detection
NTDETECTCOM and NTOSKRNLEXE perform hardware detection. NTDETEC’I‘.COM executes after you select Windows 10 on the Please Select The Operating System To Start screen (or after the timer times out).
If you select an operating system other than Windows 10 NTLDR loads and executes BOOTSEC‘LDOS. which is a copy of the boot sector that was on the system partition at the time Windows 10 was installed. Passing exe cution to BOOTSECT. DOS starts the boot process for the selected operating system.
NTDETECT.COM collects a list of currently installed hardware components and returns this list to NTLDR for later inclusion in the Registry under the HKEY_LOCAL_MACHINEHARDWARE key.
NTDETECT.COM detects the following components:
Bus/adapter type Communication ports Floating-point coprocessor Floppy disks
Keyboard
Mouse/pointing device Parallel ports
SCSI adapters
Video adapters
Configuration Selection
After NTLDR starts loading Windows 10 and collects hardware information, the operating system loader presents you with the Hardware Profile/Configuration Recovery menu, which contains a list of the hardware profiles that are set up on the computer. The first hardware profile is highlighted. You can press the DOWN arrow key to select another profile. You also can press L to invoke the Last Known Good configuration.
If there is only a single hardware profile, NTLDR does not display the Hardware Profile/Configuration Recovery menu and loads Windows using the default hardware profile configuration.
Troubleshooting the Boot Sequence
There are a number of problems that can occur during the boot sequence, including the following:
Missing or corrupt boot Files If the NTLDR, BOOTJNI, BOOTSECTDOS. N'TDETECT.COM. or NTOSKRNLEXE files become corrupt or are missing, you see an em: message indicating the situation, and Windows startup fails. You should use the Recovery Console torestore the Files.
Improperly configured BOO’I‘JNI An improperly configured BOOTJNI file generally results from an error while manually editing the file or from a change to disk configuration. It is also possible for the BOOTJNI file to become corrupt or missing. In this case, you should use the Recovery Console to restore the files.
Improperly configured hardware NTDETECT.COM can fail during its detection of hardware if a hardware device is incorrectly configured. a bad driver is installed. or the device is malfunctioning. If Startup fails during hardware detection, you should begin troubleshooting hardware by removing unnecessary devices from the computer and adding them back one at a time until you discover the source of the problem. You an also try the Last Known Good configuration if you suspect that a new configuration or driver is at fault.
What Is the BOOTJNI File?
When you install Windows 10 on a computer, Windows Setup saves the BOOTJNI file in the active partition. NTLDR uses information in the BOOTJNI file to display the boot loader screen, from which you select the operating system to start.
The BOOTJN] file includes two sections, [boot loaded and [operating systems]. which contain information that NTLDR uses to create the Boot Loader Operating System Selection menu.
The (operating systems] section of a BOOTJNI File that is created during a default installation of Windows 10 contains a single entry for Windows10 system.
ARC Paths
During installation, Windows 10generates the BOOT.INI File, which contains Advanced RISC Computing (ARC) paths pointing to the computer’s boot partition. (RISC stands for Reduced Instruction Set Computing, a microprocessor design that uses a small set of simple instructions for fast execution.) The following is an example of an ARC path:
During installation, Windows 10generates the BOOT.INI File, which contains Advanced RISC Computing (ARC) paths pointing to the computer’s boot partition. (RISC stands for Reduced Instruction Set Computing, a microprocessor design that uses a small set of simple instructions for fast execution.) The following is an example of an ARC path:
mu1t1(0)d1‘sk(0)rdisk(1)partition(2)
In both multi and scsi conventions, multi, scsi, disk, and rdisk numbers are assigned starting with 0. Partition numbers start with 1. All primary partitions are assigned num~ bets first, followed by logical volumes in extended partitions.
In both multi and scsi conventions, multi, scsi, disk, and rdisk numbers are assigned starting with 0. Partition numbers start with 1. All primary partitions are assigned num~ bets first, followed by logical volumes in extended partitions.
BOO'IIINI Switches
You can add. a variety of switches to the entries in the [operating systems] section of m QTJNI file to prov1de additional functionality. Table 4-3 describes some of m e optional sw1tches that you can use for entries in the BOOT.INI file.
Modifications to BOOUNI
You can modify the timeout and default parameter values in the BOOTJNI file using me Startup And Recovery dialog box (which you can open from the Advanced tab of me System Properties dialog box). In addition, you can manually edit these and other parameter values in the BOOTJNI File. For example, you might modify the BOOTJNI file to add more descriptive entries for the Boot Loader Operating System Selection menu or to include various switches to aid in troubleshooting the boot process.
During Windows 10 installation, Windows Setup sets the read-only and system attributes for the BOOTJNI file. Before editing the BOOTJNI file with a text editor, you must make the file visible and turn off the read-oniy attribute. You can change file attributes using My Computer, Windows Explorer, or the command prompt.
To change file attributes by using My Computer or Windows Explorer, complete the following steps:
1. From the Start menu, click My Computer.
2. In the My Computer window, double-click the icon for the drive containing the BOOT.INI file.
3. On the Tools menu, click Folder Options.
4. In the Folder Options dialog box, on the View tab, click Show Hidden Files And
Folders. Clear the Hide Protected Operating System Files check box and click Yes when prompted. Click OK.
5. Click Show The Contents Of This Drive. In the window showing the contents of the drive, right-click the file named BOOT, and then click Properties.
6. On the General tab, under Attributes, clear the Read-Only check box, and then click OK.
To change file attributes using the command prompt, switch to the directory containing the BOOT.INI file if necessary, and then type
attrib -s -r boot.1n1
After you have changed the attributes of the BOOT.INI file, you can open and modify the file using a text editor.
What Happens During the Kernel Load Phase
After configuration selection, the Windows 10 kernel (NTOSKRNLEXE) loads and initializes. NTOSKRNLEXE also loads and initializes device drivers and loads services. If you press ENTER when the Hardware Profiie/Configuration Recovery menu appears, or if NTLDR makes the selection automatically, the computer enters the kernel load phase. The screen clears, and a series of white rectangles appears across the botom of the screen, indicating startup progress. During the kernel load phase, NTLDR does the following:
Loads NTOSKRNLJEXE, but does not initialize it. I Loads the hardware abstraction layer file (HALDLL).
Loads the HKEY_LOCAL_MACHINESYSTEM Registry key.
Selects the control set it will use to initialize the computer. A control set contains configuration data used to control the system, such as a list of the device drivers and services to load and start.
Loads device drivers with a value of 0x0 for the Start entry. These typically are Iow-level hardware device drivers, such as those for a hard disk. The value for the List entry, which is specified in the HKEY_LOCAL_MACHINESYSTEMCurremtControlSetControlServiceGroupOrder subkey of the Registry, defines the order in which NTLDR loads these device drivers.
Problems during the kernel load phase of startup often occur because of corrupted system files or because of a hardware malfunction. In the case of corrupted system files, you can try to replace those files using the Recovery Console, In the case of a hardware problem, you will likely need to troubleshoot by removing or replacing hardware components until you identify the problem. You may be able to isolate the hardware device causing the problem by enabling boot logging
What Happens During the Kernel Initialization Phase
When the kernel load phase is complete, the kernel initializes, and then NTLDR passes control to the kernel. At this point, the system displays a graphical screen with a status bar that indicates load status. Four tasks are accomplished during the kernel initialization stage:The Hardware key is created. On successful initialization, the kernel uses the data collected during hardware detection to create the Registry key HKEY_LOCAL_MACHINEHARDWARE. This key contains information about hardware components on the system board and the interrupts used by specific hardware devices.
The Clone control set is created. The kernel creates the Clone control set by copying the control set referenced by the value of the Current entry in the HKEY_LOCAL_MACHINESYSTEMSeIect subkey of the Registry. The Clone control set is never modified because it is intended to be an identical copy of the data used to configure the computer and should not reflect changes made during the startup process.
Device drivers are loaded and initialized. After creating the Clone control set. the kernel initializes the low-level device drivers that were loaded during the kernel load phase. The kernel then scans the HKEY_LOCAL_MACHINE SYSTEMCurrentControISetServices subkey of the Registry for device drivers with a value of 0x1 for the Stan entry. As in the kernel load phase, a device driver's value for the Group entry specifies the order in which it loads. Device drivers initialize as soon as they load. If an error occurs while loading and initializing a device driver, the boot process proceeds based on the value specified in the ErronControI entry for the driver.
ErrorControl values appear in the Reystry under the subkey HKEY_LOCAL.MACHINE SYSTEMCurrentControl$et$ervioes ame_of_service.or_ddver£norControl.
Services are started. After the kernel loads and initializes device drivers. Session Manager (SMSSJEXE) starts the higher-order subsystems and services for windows . Session Manager executes the instructions in the Bootlixecutc data item, and in the Memory Management. DOS Devices. and SubSiystcms keys.
What Happens During the Logan Phase
The logon phase begins at the conclusion of the kernel initialization phase. The Win32 subsyStem automatically starts WINLOGONJEXE, which in turn starts the Local Security Authority (LSASS.EXE) and displays the Logon dialog box. You can log on at this time, even though Windows 10 might still be initializing network device drivers.
Next, the Service Control Manager executes and makes a final scan of the HKEY~ LOCAL_MACHINESYSTEMCurrentControlSetServices subkey, looking for services with a value of 0x2 for the Start entry. These services, including the Workstation service and the Server service, are marked to load automatically.
The services that load during this phase do so based on their values for the DependOnGroup or DependOnService entries in the HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServices Registry subkey.
A Windows 10 startup is not considered good until a user successfully logs on to the system. After a successful logon, the system copies the Clone control set to the Last Known Good control set.
No comments:
Post a Comment