_________ SWAT MAGAZINE ISSUE TWENTY: AUGUST 1999 __________ / \___________________________________________/ \ / The Microsoft Windows NT boot process \ / By Netw0rk Bug bug@netw0rk.freeserve.co.uk \ ---------------------------------------------------------------------- I bet your asking yourself just what the hell is the NT Boot Process? Well its basically whats required for NT to boot up and the processes involved to successfully boot up Windows NT. So why am I writing this article? well, its always good to know how things work and if you understand what is written here then you may be able to think of ways in which you can use it to your advantage. But I am not going to talk abou those, you can figure them out for yourselves. So lets get started, when NT is about to load up there are certain files which are required, these are Ntldr - hidden, read-only system file that loads the operating system Boot.ini - read-only system file, used to build the Boot Loader Operating System Selection menu on Intel x86-based computers Bootsect.dos - hidden file loaded by Ntldr if another operating system is selected Ntdetect.com - hidden, read-only system file used to examine the hardware available and to build a hardware list. Ntbootdd.sys - This file is only used by systems that boot from a SCSI disk. So those were the files which are initially required for NT to boot up, there are then the common boot sequence files which are the following Ntoskrnl.exe - The Windows NT kernel System - This file is a collection of system configuration settings Device drivers - These are files that support various device drivers Hal.dll - Hardware Abstraction Layer software The boot sequence is as follows Power on self test (POST) routines are run Master Boot Record is loaded into memory, and the program is run The Boot Sector from Active Partition is Loaded into Memory Ntldr is loaded and initialized from the boot sector Change the processor from real mode to 32-bit flat memory mode Ntldr starts the appropriate minifile system drivers. Minifile system drivers are built into Ntldr and can read FAT or NTFS Ntldr reads the Boot.ini file Ntldr loads the operating system selected, on of two things happen * If Windows NT is selected, Ntldr runs Ntdetect.com * For other operating system, Ntldr loads and runs Bootsect.dos and passes control to it. The Windows NT process ends here Ntdetect.com scans the computer hardware and sends the list to Ntldr for inclusion in HKEY_LOCAL_MACHINE\HARDWARE Ntldr then loads Ntoskrnl.exe, Hal.dll and the system hive Ntldr scans the System hive and loads the device drivers configured to start at boot time Ntldr passes control to Ntoskrnl.exe, at which point the boot process ends and the load phases begin ---------------------------------------------------------------------- Written By Netw0rk Bug for SWATEAM www.swateam.org JULY'99 If you have any questions or comments then don't hesitate to mail me at " bug@netw0rk.freeserve.co.uk " I would like to hear from anyone, no matter what they have to say. ----------------------------------------------------------------------