HOME

TheInfoList



OR:

The
booting In computing, booting is the process of starting a computer as initiated via hardware such as a button or by a software command. After it is switched on, a computer's central processing unit (CPU) has no software in its main memory, so som ...
process of
Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
and later versions differ from the startup process part of previous versions of Windows. In this article, unless otherwise specified, what is said about Windows Vista also applies to all later NT operating systems. For Windows Vista, the boot sector or
UEFI UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of f ...
loads the Windows Boot Manager (a file named BOOTMGR on either the system or the boot partition), accesses the Boot Configuration Data store and uses the information to load the
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
. Then, the BCD invokes the boot loader and in turn proceeds to initiate the Windows kernel. Initialization at this point proceeds similarly to previous Windows NT versions.


History

Windows Vista introduces a complete overhaul of the Windows operating system loader architecture. The earliest known reference to this revised architecture is included within
PowerPoint Microsoft PowerPoint is a presentation program, created by Robert Gaskins and Dennis Austin at a software company named Forethought, Inc. It was released on April 20, 1987, initially for Macintosh computers only. Microsoft acquired PowerPoi ...
slides distributed by
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
during the
Windows Hardware Engineering Conference The Windows Hardware Engineering Community (WinHEC) is a series of technical conferences and workshops, where Microsoft elaborates on its hardware plans for Windows devices. The WinHEC from 1992 to 2008, which stood for Windows Hardware Engineerin ...
of 2004 when the operating system was codenamed "Longhorn." This documentation mentions that the Windows operating system loader would be undergoing a significant restructuring in order to support EFI and to "do some major overhaul of legacy code." The new boot architecture completely replaces the
NTLDR NTLDR (abbreviation of ''NT loader'') is the boot loader for all releases of Windows NT operating system from 1993 with the release of Windows NT 3.1 up until Windows XP and Windows Server 2003. From Windows Vista onwards it was replaced by the BOO ...
architecture used in previous versions of
Windows NT Windows NT is a proprietary graphical operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems sc ...
. Most of the steps that follows the NT kernel being loaded, including kernel initialization and user-space initialization, is kept the same as in earlier NT systems. Refactoring in
Winlogon In computing, Winlogon (Windows Logon) is the component of Microsoft Windows operating systems that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screens ...
resulted in GINA being completely replaced by Credential Providers and graphical components in Windows Vista and later.


Boot Configuration Data

Boot Configuration Data (BCD) is a
firmware In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide h ...
-independent
database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases sp ...
for boot-time configuration data. It is used by Microsoft's new Windows Boot Manager and replaces the
boot.ini NTLDR (abbreviation of ''NT loader'') is the boot loader for all releases of Windows NT operating system from 1993 with the release of Windows NT 3.1 up until Windows XP and Windows Server 2003. From Windows Vista onwards it was replaced by the ...
that was used by
NTLDR NTLDR (abbreviation of ''NT loader'') is the boot loader for all releases of Windows NT operating system from 1993 with the release of Windows NT 3.1 up until Windows XP and Windows Server 2003. From Windows Vista onwards it was replaced by the BOO ...
. Boot Configuration Data is stored in a data file that has the same format as
Windows Registry The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and use ...
hives and is eventually mounted at registry key (with restricted permissions). For UEFI boot, the file is located at /EFI/Microsoft/Boot/BCD on the EFI System Partition. For traditional BIOS boot, the file is at /boot/BCD on the active partition. Boot Configuration Data may be altered using a command-line tool (bcdedit.exe), using the
Registry Editor The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and use ...
(regedit.exe), using
Windows Management Instrumentation Windows Management Instrumentation (WMI) consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. WMI is Microsoft's impl ...
, or with third-party tools such as
EasyBCD EasyBCD is a program developed by NeoSmart Technologies to configure and tweak the Boot Configuration Data (BCD), a boot database first introduced in Windows Vista and used in all subsequent Windows releases. EasyBCD can be used to set up multi-b ...
, BOOTICE, or Visual BCD Editor. Boot Configuration Data contain the menu entries that are presented by the Windows Boot Manager, just as contained the menu entries that were presented by NTLDR. These menu entries can include: * Options to boot Windows Vista and later by invoking winload.exe. * Options to resume Windows Vista and later from hibernation by invoking winresume.exe. * Options to boot a prior version of the Windows NT family by invoking its NTLDR. * Options to load and to execute a volume boot record. Boot Configuration Data allows for third-party integration, so anyone can implement tools like diagnostics or recovery options.


Boot loaders


bootmgr

The
BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
invokes MBR boot code from a
hard disk drive A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating platters coated with magnet ...
at startup. The MBR boot code and the VBR boot code are OS-specific. In Microsoft Windows, the MBR boot code tries to find an
active partition A boot flag is a 1-byte value in a non-extended partition record, within a master boot record. It appears at the beginning of a partition record, as the value 0x80. A value of 0x00 indicates the partition does not have the boot flag set. Any other ...
(the MBR is only 512 bytes), then executes the VBR boot code of an active partition. The VBR boot code tries to find and execute the bootmgr file from an active partition. The
UEFI UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of f ...
invokes bootmgfw.efi from an EFI system partition at startup.


winload.exe

The Windows Boot Manager invokes winload.exe—the operating system
boot loader A bootloader, also spelled as boot loader or called boot manager and bootstrap loader, is a computer program that is responsible for booting a computer. When a computer is turned off, its softwareincluding operating systems, application code, a ...
—to load the operating system kernel executive (
ntoskrnl.exe ntoskrnl.exe (short for Windows NT operating system kernel executable), also known as the kernel image, contains the kernel and executive layers of the Microsoft Windows NT kernel, and is responsible for hardware abstraction, process handling, an ...
) and core
device driver In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and ot ...
s. In that respect, winload.exe is functionally equivalent to the operating system loader function of
NTLDR NTLDR (abbreviation of ''NT loader'') is the boot loader for all releases of Windows NT operating system from 1993 with the release of Windows NT 3.1 up until Windows XP and Windows Server 2003. From Windows Vista onwards it was replaced by the BOO ...
in prior versions of Windows NT. In
UEFI UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of f ...
systems, the file is called winload.efi and the file is always located at \windows\system32 or \windows\system32\boot.


winresume.exe

If the computer has recently
hibernated Hibernation is a state of minimal activity and Metabolism, metabolic depression undergone by some animal species. Hibernation is a seasonal heterothermy characterized by low body-temperature, slow breathing and heart-rate, and low metabolic ra ...
, then bootmgr will instead invoke winresume.exe. In UEFI systems, the file is called winresume.efi and is always located at \windows\system32 or \windows\system32\boot.


Advanced Boot Options

With the advent of the new boot manager in
Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
, many components have been changed; one is the Advanced Boot Options menu that provides options for advanced boot modes (e.g., Safe Mode). Due to the implementation of fast startup in
Windows 8 Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012; it was subsequently made available for downl ...
and up, access to the Advanced Boot Options menu has been disabled by default. However, access is still possible with a BCD modification. These are the possible boot modes: * Repair Your Computer - Boots
Windows Recovery Environment Windows Preinstallation Environment (also known as Windows PE and WinPE) is a lightweight version of Windows used for the deployment of PCs, workstations, and servers, or troubleshooting an operating system while it is offline. It is intended t ...
(WinRE or Windows RE) * Safe Mode - Loads Safe Mode, a boot mode with minimal drivers and resources intended for malware removal or replacing faulty drivers. * Safe Mode with Networking - Loads Safe Mode along with the network drivers. * Safe Mode with Command Prompt - Loads Safe Mode with the
Command Prompt Command Prompt, also known as cmd.exe or cmd, is the default command-line interpreter for the OS/2, eComStation, ArcaOS, Microsoft Windows (Windows NT family and Windows CE family), and ReactOS operating systems. On Windows CE .NET 4.2, Wind ...
as the shell instead of
Windows Explorer File Explorer, previously known as Windows Explorer, is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file ...
. Windows Explorer can still be loaded by typing explorer at the command prompt. * Enable Boot Logging - Enables writing of ntbtlog.txt, a file that will log the boot process; listing drivers that loaded and drivers that did not. * Enable low resolution video - Disables the default graphics driver and uses the standard
VGA Video Graphics Array (VGA) is a video display controller and accompanying de facto graphics standard, first introduced with the IBM PS/2 line of computers in 1987, which became ubiquitous in the PC industry within three years. The term can no ...
driver. Intended in case the user changed the resolution to an unusable level (i.e. 320×200 at low refresh rates <24 Hz, 60 Hz>) * Last Known Good Configuration - Loads configuration based on the last successful boot process. Intended for
Registry Registry may refer to: Computing * Container registry, an operating-system-level virtualization registry * Domain name registry, a database of top-level internet domain names * Local Internet registry * Metadata registry, information system for re ...
corruptions. This mode is removed in Windows 8 and later versions of Windows. * Directory Services Restore Mode - Boot mode used to reboot the
Domain Controller A domain controller (DC) is a server computer that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, store ...
in case it is not working as intended. * Debugging Mode - Boots while loading the kernel debugger. * Disable automatic restart on system failure - Disables the auto-reboot function after a Blue Screen of Death is experienced. * Disable early launch anti-malware driver - ELAM prechecks boot required drivers for signatures and tampering. Disabling ELAM is intended to allows booting on false positive driver checks but could also allow a tampered driver to load. * Disable Driver Signature Enforcement - Disables the kernel setting that prohibits unsigned drivers from loading. * Start Windows Normally The ABO menu is accessible by rapidly pressing or holding the F8 key before Windows boots. Starting from Windows 8 on UEFI, it can only be accessed by clicking Restart while holding the Shift key.


See also

*
Windows startup process The booting process of Microsoft Windows varies between different releases. DOS-based Windows Windows 1.x/2.x In Windows versions 1.01 to Windows 2.11, the system was loaded when WIN.COM was executed. It then loaded WIN100.BIN or WIN200.BIN and ...
*
Windows Vista I/O technologies Windows Vista introduced a number of new I/O functions to the Microsoft Windows line of operating systems. They are intended to shorten the time taken to boot the system, improve the responsiveness of the system, and improve the reliability of da ...


References


Further reading

* {{DEFAULTSORT:Windows Vista Startup Process Booting Boot loaders Windows NT architecture Windows Vista