Hope this post finds you in good health and spirit. Recently, I got opportunity to do few OS troubleshooting trainings and realized that some of the participant were not well aware of windows booting process which indeed helps a lot in different troubleshooting especially startup ones. So, I thought to compile these steps ( with focus on Windows 10 booting process) for better understanding. To understand the process, firstly we need to know the files which are part of process. I will define these files here under:
- Windows Boot Manager (BOOTMGR) – BOOTMGR is a bootloader used by Microsoft Windows, and it was first introduced Windows Vista and is being used in all new OS( Windows 7, Windows 8, Windows 8.1, and Windows 10, Windows Server 2008 and Windows Server 2012). NTLDR was used as bootloader in older OS. BOOTMGR is read-only and hidden file and is located in the root directory of the partition labeled as System Reserved.
- Boot Configuration Data (BCD) – BCD is a database of startup configuration information that the hard disk stores in a format similar to the registry. Windows Vista and later Windows versions use the BCD to load the operating system or to run boot applications, such as memory diagnostics. Previous operating system like XP were using BOOT.INI file. Boot Configuration Data are stored in a data file that has the same format as the Windows Registry hives and is eventually mounted at registry key (HKEY_LOCAL_MACHINE\BCD00000). For UEFI boot, the file is located at
\EFI\Microsoft\Boot\BCDon the EFI System Partition. For traditional BIOS boot, the file is at
\boot\BCDon the active partition.
BCD configuration may be altered using a bcdedit.exe, command-line tool , using regedit.exe (not recommended, using Windows Management Instrumentation, or with third-party tools such as EasyBCD, BOOTICE, or Visual BCD Editor.
- Winload.exe – Winload.exe is the operating system boot loader that BOOTMGR invokes. The job of winload.exe is to load essential device drivers (BOOT_START), as well as operating system kernel (ntoskrnl.exe). Winload.exe combined with BOOTMGR, makes it functionally equivalent to NTLDR.
- Winresume.exe – If the BCD contains information about a current hibernation image, BOOTMGR passes that information to Winresume.exe. Winresume.exe reads the hibernation image file, and uses it to return the operating system to its pre-hibernation running state so it is used if operating system is hibernated.
Now we are done with core files needed for Windows 10 booting so lets go through the steps:
- The UEFI or BIOS performs a power-on self-test (POST). During POST, quick tests are conducted and errors caused by incompatible hardware, disconnected devices, or failing components are displayed with error messages such as “keyboard error or no keyboard present” or warnings. BIOS enables the computer to access peripherals such as hard disks, keyboards, and the computer display, prior to loading the operating system.
- The computer uses information in the UEFI or BIOS to locate an installed hard disk, which contains Master Boot Record (MBR) file on the first sector (512 bytes) of hard disk. MBR has information about the active partition on Hard Disk and from there computer calls and loads BOOTMGR.
- BOOTMGR reads the BCD file from the active partition, gathers information about the machine’s installed operating systems, and then displays a boot menu, if your machine is in dual boot or so.
- BOOTMGR either transfers control to winload.exe or calls winresume.exe if machine was hibernated. If winload.exe selects an earlier operating system, such as Windows XP, then BOOTMGR transfers control to NTLDR.
- Otherwise, winload.exe initializes memory and loads drivers that are set to begin at startup. These drivers are called BOOT_START drivers and are for fundamental hardware components such as disk controllers and peripheral bus drivers. Winload.exe then transfers control to the operating system kernel, ntoskrnl.exe.
- The kernel initializes, and then higher-level drivers load (except BOOT_START and services). During this phase, you will see the screen switch to graphical mode as the session manager (Smss.exe) initializes the Windows subsystem.
- The Windows operating system loads the Winlogon service, which displays the sign-in screen. Once the user signs in to the computer, Windows Explorer loads.
Done. Ok, so isn’t it was too much of writing, oops reading for you. 🙂 I have used few documents from Microsoft for completing this post so thanks for it MS.
I am writing this post just before Diwali to “Happy Diwali” to all of you. Hope this festival brings prosperity and happiness in your life. On this note here I close this post. See you soon with some other technical stuff. Till then “Happy Reading”.