Understanding Windows Boot-up Process
Windows Bootup Process Multiple Boot Encrypting File System
NTFS vs FAT File System        

Windows Boot-up Process


Booting Up

It is useful to understand what happens behind the scenes when you switch on your computer from a cold idle machine to an operable and functional system. There are essentially two forms of booting - the soft boot and the hard boot.

The cold boot or hard boot involves powering the computer up from an initial zero power supply.

A warm boot on the other hand takes place when a software application or operating system triggers the computer to perform a reboot.

A successful boot is dependent on 3 conditions - the hardware, BIOS and operating system files to function without errors. When an error occurs, you will be notified by error messages, beeping sounds or in the worst scenario, a blank screen.

 Back to Top

Bootup Process

The bootup process is a list of detailed procedures that the system undergoes to perform all system checks and load all necessary files to bring the computer to an operable state.

The Windows XP bootup process comprises of the following procedures:

A.The Power-On Self Test Phase

As soon as you power up your computer, a self-test is performed by the power supply to ensure that the volume and current levels are correct before the Power Good signal is sent to the processor. When this first stage is cleared, the microprocessor will then trigger the BIOS to perform a series of operations.



The BIOS, also known as the Basic Input Output System is a firmware or set of instructions that resides on a ROM chip as contained in the motherboard.

It first carries out the P.O.S.T that performs and verifies all initial hardware checks, such as checking if the system is initialized by a warm or cold start, detecting the presence of peripheral devices and the amount of memory present.

It then accesses the information stored in the CMOS chip, DIP switches, jumpers and assigns the necessary system resources. After this, the hardware' firmware will individually carry out its own diagnostic test such as S.M.A.R.T.

The system will now attempt to determine the sequence of devices to load based on the settings stored in the BIOS to start the operating system. It will start by reading from the first bootup device. If it points to the floppy drive, it then searches for a floppy disk. If it does not detect a bootable diskette in the floppy drive, the system displays an error message.

If the floppy drive does not contain a diskette, it bypasses the first bootup device and detects the second device, which is usually the hard disk. It'll then start by reading the boot code instructions located in the master boot record and copies all execution into the memory when the instructions are validated and no errors are found.

 Back to Top

C. Boot Loader Phase

Control is then passed on to the partition loader code which accesses the partition table to identify the primary partition, extended partitions and active partition which is needed to determine the file system and locate the operating system loader file - NTLDR. NTLDR will then switch the processor from real-mode to 32 bit protected mode which memory paging is enabled.

NTLDR will call upon the boot.ini file which is located at the root directory to determine the location and entries of the operating system boot partition. At this point in time, the bootup menu is displayed on the screen to allow you to select an operating system to start from if you have more than 2 operating systems installed in your computer.

NTLDR will pass all information from the Windows registry and Boot.ini file into Ntoskrnl.exe.


D. Operating System Configuration Phase

Ntoskrnl will begin to load the XP kernel, hardware abstraction layer and registry information.

After this is completed, the control is passed over to the DOS based Ntdetect.com program which collects and configures all installed hardware devices such as the video adapters and communication ports.

Ntdetect.com then searches for hardware profiles information and load the essential software drivers to control the hardware devices.


E. Security & Logon Phase

Lastly, Ntoskrnl.exe will start up Winlogon.exe which triggers the Lsass.exe or Local Security Administration which is the logon dialog interface that prompts you to select your user profile and verifies your necessary credentials before you are transferred to the Windows desktop.


 Back to Top