What is booting?
Before checking the booting procedures we should know the meaning of booting. Booting is just the process of starting or resetting the computer. There are two types of booting: cold booting and warm booting. Cold booting is the booting process happening when we first turn on computer and warm booting is the processes happening when we reset the computer. During the booting process the computer loads the operating system to its memory and prepares it for use.
The first process starting when you turn on your computer is BIOS i.e, Basic Input Output System. BIOS has two functions, to conduct POST and read MBR.
a) POST – POST stands for Power On Self Test. POST checks all the hardware devices connected to a computer like RAM, hard disk etc and make sure that the system can run smoothly with those hardware devices. If the POST is a failure the system halts with a beep sound.
b) Now BIOS checks the boot priority. We can set the boot priority as CD drive, hard disk or floppy drive.
c) MBR – The next duty of BIOS is to read the MBR. MBR stands for Master Boot Record and its the first sector on a hard disk. MBR contains the partition table and boot loader.
Now BIOS has passed the control to boot loader and boot loader is a small program which loads kernel to computers memory. Actually there are two stages of boot loaders, stage 1 boot loader and stage 2 boot loader. MBR contains the stage 1 boot loader and stage 1 boot loader is a link to the stage 2 boot loader. The stage 2 boot loader resides in the boot partition and it loads the kernel to memory.
There are three boot files in a Windows operating system and they are NTLDR, NTDETECT.COM and Boot.ini. The boot files are found in the active partition of hard disk and its normally C drive in a Windows machine.
NTLDR – NTLDR stands for NT Loader and its the second stage bootloader. The path of NTLDR is C:\Windows\i386\NTLDR.
Boot.ini – Boot.ini contains the configuration files of NTLDR. When the operating system is loaded we cannot pass any arguments to kernal, so those arguments are passed through boot.ini. You can edit boot.ini by opening through notepad. The path of Boot.ini is C:\boot.ini.
NTDETECT.COM – This file detect hardware’s and passes information to NTLDR. Using the collected information the NTLDR creates a hardware key and this key is used to detect hardware’s. A new hardware key is generated after each reboot of the operating system and that’s why system asks to reboot after installation of a new hardware. The hardware keys created by NTLDR can be found in Windows registry at HKEY_LOCAL_MACHINE -> HARDWARES.
After executing the functions of boot files the control is passed to Kernel. ntoskrnal.exe is the kernel file in a Windows machine and its path is C:\Windows\system 32\ntoskrnal.exe. Kernel acts as a layer between software and hardware. The library file hal.dll (C;\Windows\system32\hal.dll) helps Kernel to interact with hardware’s. HAL stands for Hardware Abstraction Layer and this hal.dll file is machine specific. Now the drivers for hardware’s are loaded from the file C:\Windows\system32\config\system and the Kernel is loaded to primary memory.
When kernel is loaded in the primary memory services for each process is started and the registry entry for those services can be found at HKEY_LOCAL_MACHINE – System – Current control set – Services. Winlogon.exe (C:\Windows\system32\winlogon.exe) is the last service started during this process. Winlogon.exe starts the log in procedures of windows machine. It first calls the library file msgina.dll (C:\Windows\system32\msgina.dll). MSGINA stands for Microsoft Graphics Identification and Authentication and it provides the log in window. Now msginal.dll passes the control to LSA (Local Security Authority), it verifies the username and password from the SAM file. SAM (Security Accounts Manager) contains the information about all users created in a Windows operating system.
Now the booting procedure is over and we have reached the desktop of Windows operating system.
IO.SYS – A binary file that provides basic input/output interface between the ROM BIOS and the Hardware
MSDOS.SYS – A binary file considered to be the core of the DOS operating system
CONFIG.SYS – A text file used to load drivers and memory managers and also use to configure the system to the user’s needs
COMMAND.COM – DOS user interface loads the command prompt which interprets DOS commands
AUTOEXEC.BAT – A text file that contains setting up display settings, environment variables and routines
Win 9X Boot up Sequence
IO.SYS – I/O files use to communicate with the BIOS
MSDOS.SYS – Loads OS into memory (Also use to configure boot files in windows 9x)
SYSTEM.DAT and USER.DAT – system and user settings (REGEDIT)
CONFIG.SYS – loads device drivers for backwards compatibility
AUTOEXEC.BAT – sets system environment use for backwards compatibility
WIN.COM – Initiates the Windows 9x protected load phase
SYSTEM.INI – use to configure 16-bit windows drivers and critical files
WIN.INI- sets 16-bit windows environment
VxD – loads windows virtual device drivers
Windows 2000/XP Key Boot Files
NTLDR – Found in the MBR this file boots up the Windows 2K/XP operating system
BOOT.INI – is text file that lists the available OS found and tells the NTLDR where to find boot partition
BOOTSECT.DOS – Locates the IO.SYS file so you can start another OS in a dual boot environment
NTDETECT.COM – Loads into protected mode and detects the installed hardware on your system
NTBOOTDD.SYS – On a system with a SCSI boot device, this file is used to recognize and load the SCSI boot partition.
NTOSKRNL.EXE- Windows 2000 Core Files
WIN.COM – Windows 2K/XP command file
HAL.DLL – Hardware Abstraction layer of Windows 2K/XP
Windows Vista/7 Key Boot Files
BOOTMGR– Found in the MBR this file boots up the Windows operating system
BCD (Boot Configuration Data) – is text file that lists the available OS found and tells the BOOTMGR where to find boot partition
WINLOAD.EXE- Loads the Windows Interface
NTOSKRNL.EXE- Windows Vista/7 Core Files
WIN.COM – Windows Vista/7 command file
HAL.DLL – Hardware Abstraction layer of Windows Vista/7
|Press Any key now|
|Xp Setup Menu|
|Recovery Console Xp|
|Enter 1 then Enter Password|
Command is like type those both command into it.
|Commads for Fixing NTLDR|
To Checks Its Copied or Not, Now Type
Now Done you will see that both files is now copied
Done Its Fixed