1. Booting Up
It is useful to understand what happens behind the scenes when you switch
on your computer from a cold idle machine to an operable and functional
system. There are essentially two forms of booting - the soft boot and the
The warm boot or hard boot involves powering the computer up from an
initial zero power supply.
A cold boot on the other hand takes place when a software application or
operating system triggers the computer to perform a reboot.
A successful boot is dependent on 3 conditions - the hardware, BIOS and
operating system files to function without errors. When an error occurs, you
will be notified by error messages, beeping sounds or in the worst scenario, a
The bootup process is a list of detailed procedures that the system undergoes
to perform all system checks and load all necessary files to bring the
computer to an operable state.
The Windows XP bootup process comprises of the following procedures:
The Power-On Self Test Phase
As soon as you power up your computer, a self-test is performed by the power
supply to ensure that the volume and current levels are correct before the
Power Good signal is sent to the processor. When this first stage is
cleared, the microprocessor will then trigger the BIOS to perform a series
b. BIOS ROM Phase
The BIOS, also known as the Basic Input Output System is a firmware or
set of instructions that resides on a ROM chip as contained in the
It first carries out the P.O.S.T that performs and verifies all initial
hardware checks, such as checking if the system is initialized by a warm or
cold start, detecting the presence of peripheral devices and the amount of
It then accesses the information stored in the CMOS chip, DIP switches,
jumpers and assigns the necessary system resources. After this, the
hardware' firmware will individually carry out its own diagnostic test such
The system will now attempt to determine the sequence of devices to load
based on the settings stored in the BIOS to start the operating system. It
will start by reading from the first bootup device. If it points to the
floppy drive, it then searches for a floppy disk. If it does not detect a
bootable diskette in the floppy drive, the system displays an error message.
If the floppy drive does not contain a diskette, it bypasses the first
bootup device and detects the second device, which is usually the hard disk.
It'll then start by reading the boot code instructions located in the master
boot record and copies all execution into the memory when the instructions
are validated and no errors are found.
c. Boot Loader Phase
Control is then passed on to the partition loader code which accesses the
partition table to identify the primary partition, extended partitions and
active partition which is needed to determine the file system and locate the
operating system loader file - NTLDR. NTLDR will then switch the processor
from real-mode to 32 bit protected mode which memory paging is enabled.
NTLDR will call upon the boot.ini file which is located at the root
directory to determine the location and entries of the operating system boot
partition. At this point in time, the bootup menu is displayed on the screen
to allow you to select an operating system to start from if you have more
than 2 operating systems installed in your computer.
NTLDR will pass all information from the Windows registry and Boot.ini
file into Ntoskrnl.exe.
d. Operating System Configuration Phase
Ntoskrnl will begin to load the XP kernel, hardware abstraction layer and
After this is completed, the control is passed over to the DOS based
Ntdetect.com program which collects and configures all installed hardware
devices such as the video adapters and communication ports.
Ntdetect.com then searches for hardware profiles information and load the
essential software drivers to control the hardware devices.
e. Security & Logon Phase
Lastly, Ntoskrnl.exe will start up Winlogon.exe which triggers the
Lsass.exe or Local Security Administration which is the logon dialog
interface that prompts you to select your user profile and verifies your
necessary credentials before you are transferred to the Windows desktop.
For more information on Data Recovery Services, please visit our homepage
of Adroit Data Recovery Centre Pte Ltd at