The Windows 2000 Boot Process

These files must be present and not corrupted on the computer, and in the folder
indicated:
NTLDR Root of the active partition
Boot.ini Root of the active partition
Bootsect.dos (only if dual booting) Root of the active partition
Ntdetect.com Root of the active partition
Ntbootdd.sys (only if booting from a
SCSI partition, and SCSI BIOS is not
present on the controller)
Root of the active partition
Ntoskrnl.exe %SystemRoot%\System32
Hal.dll %SystemRoot%\System32
SYSTEM key (part of the Registry) %SystemRoot%\System32\Config
Device drivers (varies according to
devices present) %SystemRoot%\System32\Drivers
By default, the "Root of the active partition" means C:\, and "%SystemRoot%"
means c:\winnt.
On non-Intel (RISC) based systems, NTLDR is not needed. Instead the
computer's firmware performs those functions, and is controlled by
OSLOADER.EXE. A successful boot process on an Intel-based computer
running Win2K takes the following six steps to complete:
Step 1 - POST - Power On Self Test. This is something that all computers will
perform, regardless of the Operating System that is installed on it. This step is
only mentioned because a working hardware platform is necessary for a
successful boot. During the POST, a computer will typically test its memory,
verify that it has all necessary hardware, such as a keyboard. After checking
itself, the computer will allow adapter cards (such as SCSI cards) to run their own
POSTs. After the POST, the computer will locate a boot device, and load the
MBR (Master Boot Record) into memory, which in turn locates the active partition
and loads the boot sector into memory. Up to this point, the computer's
hardware has played the active role. Without properly functioning hardware, the
operating system doesn't matter much. At this point it is good to know that
About.com also has the best site on the Internet for PC Support, complete with a
great newsletter, an interactive forum , and a chat room. Even if your computer is
booting and running fi ne right now, this site is a great resource for tips and
information your computer.
Step 2 - Choose the OS. NTLDR is the key component of this step. It will use
the files Ntdetect.com, boot.ini, and bootsect.dos (for dual-boot machines). At
the beginning of this step, the screen will display the "OS Loader V5.0" message
on the screen. When NTLDR runs, it switches the processor into 32-bit flat
memory mode (until this point the computer was running in real mode (just like
your old 8086 or 8088 CPU). It then starts the appropriate mini-file system
(e.g.:FAT, NTFS), so that it can read the files from the disk. It will then read the
Boot.ini file, and display the boot menu on the screen. If an OS other than
Windows 2000 is selected, NTLDR then loads the bootsect.dos file and passes
control to it, which then boots the other OS. If a Windows 2000 OS is selected,
then NTLDR runs Ntdetect.com to gather information about the computer's
hardware. It is also in this step when you can choose to press F8 for
troubleshooting and advanced startup options. Ntdetect detects the following
hardware components:
? Computer ID
? Bus/adapter type
? SCSI adapters
? video adapters
? keyboard
? Com ports
? Parallel ports
? Floppy disks
? Mouse/pointing devices
? Floating-point coprocessor
Once Ntdetect.com has collected the hardware information, NTLDR will load
Ntoskrnl and pass that information to it.
Step 3 - Kernel Load. This phase begins with the loading of ntoskrnlexe, along
with the file hall.dll. NTLDR will also read the SYSTEM registry key into memory,
and select the hardware configuration and control set (from the Registry) that will
be used for this boot. If you have more than one hardware profile created, you
could select it at this point in the boot sequence. NTLDR will a lso load any
device drivers that have a start value (again from the Registry) of 0x0. If you add
the switch /SOS in the boot.ini, you will be able to see the drivers listed on the
screen as they are loaded. At this point all of these files have been loaded into
memory.
Step 4 - Kernel Initialization. Once Ntoskrnl.exe is initialized, it creates the
Clone control set by copying the current control set. It will also create the
HARDWARE key in the Registry using the information gathered by earlier by
ntdetect.com. Ntoskrnl.exe will then initialize the drivers loaded earlier, and will
then scan the Registry for device drivers that have a start value of 0x1.
Step 5 - Services Load. This step begins with the starting of the Session
Manager (Smss.exe). It will run the programs listed in its BootExecute Registry
entry, as well as starting the required subsystems. The Win32 subsystem will
then start Winlogon.exe, which starts the Local Security Administration
(Lsass.exe), and the Ctrl+Alt+Delete window appears. The Service Controller
(Screg.exe) will check the Registry for services with a start value of 0x2, and will
load them. Services can be loaded simultaneously, but dependent on their
dependencies. Services with start values of 0x3 are started manually, and
services with start values of 0x4 are disabled.
Step 6 - Logon. The logon prompt will appear during the previous step, but it
begins the final step in the boot-up process. A boot is not considered successful
or completed until a user logs in. After a successful logon, the Clone control set
from Step 4 is copied to the LastKnownGood control set. This makes it available
as an advanced boot option in the later half of Step 2 for the next boot. What this
means is that if you install a bad device driver that renders your computer
unbootable, you can press F8 during Step 2, and choose to use the
LastKnownGood control set. Since this control set was created before you
installed the bad driver, your system will load without trying to start the driver,
allowing you to boot successfully.