Windows Guide

Guide to Boot Sequence

Every time you switch on your computer, your PC goes through a boot sequence, this sequence of events is needed to load your Operating System into memory and have all you devices working by the time the desktop appears. This sequence may differ slightly from system to system and the version of the OS, but this is how it occurs in general:

1. Power Up.
2. Executes the Boot program at FFFF0h, at the end of system memory.
3. The BIOS or UEFI performs a hardware check (the Power-On Self Test).
4. BIOS/UEFI looks for the Video Card and looks for card's built in BIOS, usually at C000h, and you may see some info about the card before you see anything about the system itself in some cases.
5. BIOS/UEFI checks for other BIOS' such as IDE/ATA hard disks at C800h and run.
6. BIOS/UEFI then does some more tests and run the memory count test.
7. BIOS/UEFI searches for more hardware such as ports and other features such as LPT, COM, USB, Firewire, Ethernet and Sound and also look for Plug n Play devices as well.
8. BIOS/UEFI displays a summary screen of the system
9. BIOS/UEFI then searches the devices listed in its Boot device sequence. Usually a) Floppy Drive (or Removable disk) b) Hard Disk c) CDROM d) Network e) SCSI This sequence is dependant on the user's BIOS setup and the capabilites of the motherboard and the sequence could be in any order.
10. If a bootable device is found then read the MBR (Master Boot Record) from that disk. If a bootable partition is found then that is loaded. For GTP (GUID Partition Tables), the MBR is read from LBA (Logical block address) 0 and header information from LBA 1 and partition table from LBA 2.
11. For Windows 8 or later, the Boot Configuration Data (BCD) store is read from C:\Boot. and then runs the system file Winload.exe program.
12. At this point, the system can check for special keys which the user can press such as F5 or F8 for selection menu for things like Safe Mode, Boot Logging, VGA Mode, Last Known Good Configuration, Directory Services Restore Mode, Debugging Mode, Start Windows Normally and Reboot etc.
13. Then ntoskrnl.exe and hal.dll programs are run from the C:\Windows\System32 folder
14. If there is a problem with a disk, then AUTOCHK is loaded and the file system is checked for errors.
15. The system will then read the Registry, select a Hardware profile, the control set and load Drivers and Services and any startup programs.
16. If the computer is a member of a domain, then computer group policy and preference settings are applied.
17. The Winlogon.exe process is started which in turn starts the lsass.exe (NetLogon) process and displays the Welcome or logon screen.
18. A login box is displayed and the user has to enter a Username or Password (unless auto logon has been enabled), the user is checked against either the local SAM (Security Account Manager) or a Domain such as Active Directory.
19. Explorer is then loaded, the desktop is displayed and icons are displayed.
20. Programs are then run from User's Registry (NTUSER.DAT) and from the Startup group from Start menu.
21. If the user is a domain account, then user group policies and preference settings are applied.
21. Windows is now loaded.

This is a simplified boot process and a lot more processing occurs in the background as well as the loading of other system files, DLLs and drivers during this sequence. Safe Mode itself would miss out steps 8,10, 11 and 12 to stop certain drivers from loading in case of an error or fault in the system.

Contents of the Windows folder