The
booting
In computing, booting is the process of starting a computer as initiated via hardware such as a button or by a software command. After it is switched on, a computer's central processing unit (CPU) has no software in its main memory, so som ...
process of
Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
and later versions differ from the startup process part of
previous versions of Windows.
In this article, unless otherwise specified, what is said about Windows Vista also applies to all later
NT operating systems. For Windows Vista, the
boot sector or
UEFI
UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of f ...
loads the Windows Boot Manager (a file named BOOTMGR on
either the system or the boot partition), accesses the Boot Configuration Data store and uses the information to load the
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
. Then, the BCD invokes the boot loader and in turn proceeds to initiate the
Windows kernel. Initialization at this point proceeds similarly to
previous Windows NT versions.
History
Windows Vista introduces a complete overhaul of the Windows operating system loader architecture.
The earliest known reference to this revised architecture is included within
PowerPoint
Microsoft PowerPoint is a presentation program, created by Robert Gaskins and Dennis Austin at a software company named Forethought, Inc. It was released on April 20, 1987, initially for Macintosh computers only. Microsoft acquired PowerPoi ...
slides distributed by
Microsoft
Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
during the
Windows Hardware Engineering Conference
The Windows Hardware Engineering Community (WinHEC) is a series of technical conferences and workshops, where Microsoft elaborates on its hardware plans for Windows devices.
The WinHEC from 1992 to 2008, which stood for Windows Hardware Engineerin ...
of 2004 when the operating system was codenamed "Longhorn."
This documentation mentions that the Windows operating system loader would be undergoing a significant restructuring in order to support
EFI and to "do some major overhaul of legacy code."
The new boot architecture completely replaces the
NTLDR
NTLDR (abbreviation of ''NT loader'') is the boot loader for all releases of Windows NT operating system from 1993 with the release of Windows NT 3.1 up until Windows XP and Windows Server 2003. From Windows Vista onwards it was replaced by the BOO ...
architecture used in previous versions of
Windows NT
Windows NT is a proprietary graphical operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems sc ...
.
Most of the steps that follows the
NT kernel being loaded, including kernel initialization and user-space initialization, is kept the same as in earlier NT systems.
[ Refactoring in ]Winlogon
In computing, Winlogon (Windows Logon) is the component of Microsoft Windows operating systems that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screens ...
resulted in GINA being completely replaced by Credential Providers and graphical components in Windows Vista and later.
Boot Configuration Data
Boot Configuration Data (BCD) is a firmware
In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide h ...
-independent database
In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases sp ...
for boot-time configuration data. It is used by Microsoft's new Windows Boot Manager and replaces the boot.ini
NTLDR (abbreviation of ''NT loader'') is the boot loader for all releases of Windows NT operating system from 1993 with the release of Windows NT 3.1 up until Windows XP and Windows Server 2003. From Windows Vista onwards it was replaced by the ...
that was used by NTLDR
NTLDR (abbreviation of ''NT loader'') is the boot loader for all releases of Windows NT operating system from 1993 with the release of Windows NT 3.1 up until Windows XP and Windows Server 2003. From Windows Vista onwards it was replaced by the BOO ...
.
Boot Configuration Data is stored in a data file that has the same format as Windows Registry
The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and use ...
hives and is eventually mounted at registry key (with restricted permissions). For UEFI boot, the file is located at /EFI/Microsoft/Boot/BCD
on the EFI System Partition. For traditional BIOS boot, the file is at /boot/BCD
on the active partition.
Boot Configuration Data may be altered using a command-line tool (bcdedit.exe), using the Registry Editor
The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and use ...
(regedit.exe), using Windows Management Instrumentation
Windows Management Instrumentation (WMI) consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. WMI is Microsoft's impl ...
, or with third-party tools such as EasyBCD
EasyBCD is a program developed by NeoSmart Technologies to configure and tweak the Boot Configuration Data (BCD), a boot database first introduced in Windows Vista and used in all subsequent Windows releases. EasyBCD can be used to set up multi-b ...
, BOOTICE, or Visual BCD Editor.
Boot Configuration Data contain the menu entries that are presented by the Windows Boot Manager, just as contained the menu entries that were presented by NTLDR. These menu entries can include:
* Options to boot Windows Vista and later by invoking winload.exe.
* Options to resume Windows Vista and later from hibernation by invoking winresume.exe.
* Options to boot a prior version of the Windows NT family by invoking its NTLDR.
* Options to load and to execute a volume boot record.
Boot Configuration Data allows for third-party integration, so anyone can implement tools like diagnostics or recovery options.
Boot loaders
bootmgr
The BIOS
In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
invokes MBR boot code from a hard disk drive
A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating platters coated with magnet ...
at startup. The MBR boot code and the VBR boot code are OS-specific. In Microsoft Windows, the MBR boot code tries to find an active partition A boot flag is a 1-byte value in a non-extended partition record, within a master boot record. It appears at the beginning of a partition record, as the value 0x80. A value of 0x00 indicates the partition does not have the boot flag set. Any other ...
(the MBR is only 512 bytes), then executes the VBR boot code of an active partition. The VBR boot code tries to find and execute the bootmgr
file from an active partition.
The UEFI
UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of f ...
invokes bootmgfw.efi
from an EFI system partition at startup.
winload.exe
The Windows Boot Manager invokes winload.exe
—the operating system boot loader
A bootloader, also spelled as boot loader or called boot manager and bootstrap loader, is a computer program that is responsible for booting a computer.
When a computer is turned off, its softwareincluding operating systems, application code, a ...
—to load the operating system kernel executive (ntoskrnl.exe
ntoskrnl.exe (short for Windows NT operating system kernel executable), also known as the kernel image, contains the kernel and executive layers of the Microsoft Windows NT kernel, and is responsible for hardware abstraction, process handling, an ...
) and core device driver
In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and ot ...
s. In that respect, winload.exe is functionally equivalent to the operating system loader function of NTLDR
NTLDR (abbreviation of ''NT loader'') is the boot loader for all releases of Windows NT operating system from 1993 with the release of Windows NT 3.1 up until Windows XP and Windows Server 2003. From Windows Vista onwards it was replaced by the BOO ...
in prior versions of Windows NT. In UEFI
UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of f ...
systems, the file is called winload.efi
and the file is always located at \windows\system32
or \windows\system32\boot
.
winresume.exe
If the computer has recently hibernated
Hibernation is a state of minimal activity and Metabolism, metabolic depression undergone by some animal species. Hibernation is a seasonal heterothermy characterized by low body-temperature, slow breathing and heart-rate, and low metabolic ra ...
, then bootmgr
will instead invoke winresume.exe
. In UEFI systems, the file is called winresume.efi
and is always located at \windows\system32
or \windows\system32\boot
.
Advanced Boot Options
With the advent of the new boot manager in Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
, many components have been changed; one is the Advanced Boot Options menu that provides options for advanced boot modes (e.g., Safe Mode). Due to the implementation of fast startup in Windows 8
Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012; it was subsequently made available for downl ...
and up, access to the Advanced Boot Options menu has been disabled by default. However, access is still possible with a BCD modification. These are the possible boot modes:
* Repair Your Computer - Boots Windows Recovery Environment
Windows Preinstallation Environment (also known as Windows PE and WinPE) is a lightweight version of Windows used for the deployment of PCs, workstations, and servers, or troubleshooting an operating system while it is offline. It is intended t ...
(WinRE or Windows RE)
* Safe Mode - Loads Safe Mode, a boot mode with minimal drivers and resources intended for malware removal or replacing faulty drivers.
* Safe Mode with Networking - Loads Safe Mode along with the network drivers.
* Safe Mode with Command Prompt - Loads Safe Mode with the Command Prompt
Command Prompt, also known as cmd.exe or cmd, is the default command-line interpreter for the OS/2, eComStation, ArcaOS, Microsoft Windows (Windows NT family and Windows CE family), and ReactOS operating systems. On Windows CE .NET 4.2, Wind ...
as the shell instead of Windows Explorer
File Explorer, previously known as Windows Explorer, is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file ...
. Windows Explorer can still be loaded by typing explorer
at the command prompt.
* Enable Boot Logging - Enables writing of ntbtlog.txt
, a file that will log the boot process; listing drivers that loaded and drivers that did not.
* Enable low resolution video - Disables the default graphics driver and uses the standard VGA
Video Graphics Array (VGA) is a video display controller and accompanying de facto graphics standard, first introduced with the IBM PS/2 line of computers in 1987, which became ubiquitous in the PC industry within three years. The term can no ...
driver. Intended in case the user changed the resolution to an unusable level (i.e. 320×200 at low refresh rates <24 Hz, 60 Hz>)
* Last Known Good Configuration - Loads configuration based on the last successful boot process. Intended for Registry Registry may refer to:
Computing
* Container registry, an operating-system-level virtualization registry
* Domain name registry, a database of top-level internet domain names
* Local Internet registry
* Metadata registry, information system for re ...
corruptions. This mode is removed in Windows 8 and later versions of Windows.
* Directory Services Restore Mode - Boot mode used to reboot the Domain Controller A domain controller (DC) is a server computer that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, store ...
in case it is not working as intended.
* Debugging Mode - Boots while loading the kernel debugger.
* Disable automatic restart on system failure - Disables the auto-reboot function after a Blue Screen of Death is experienced.
* Disable early launch anti-malware driver - ELAM prechecks boot required drivers for signatures and tampering. Disabling ELAM is intended to allows booting on false positive driver checks but could also allow a tampered driver to load.
* Disable Driver Signature Enforcement - Disables the kernel setting that prohibits unsigned drivers from loading.
* Start Windows Normally
The ABO menu is accessible by rapidly pressing or holding the F8
key before Windows boots. Starting from Windows 8 on UEFI, it can only be accessed by clicking Restart while holding the Shift
key.
See also
*Windows startup process
The booting process of Microsoft Windows varies between different releases.
DOS-based Windows Windows 1.x/2.x
In Windows versions 1.01 to Windows 2.11, the system was loaded when WIN.COM was executed. It then loaded WIN100.BIN or WIN200.BIN and ...
*Windows Vista I/O technologies
Windows Vista introduced a number of new I/O functions to the Microsoft Windows line of operating systems. They are intended to shorten the time taken to boot the system, improve the responsiveness of the system, and improve the reliability of da ...
References
Further reading
*
{{DEFAULTSORT:Windows Vista Startup Process
Booting
Boot loaders
Windows NT architecture
Windows Vista