========================================================================= W I N D O W S X P ========================================================================= This is the typical boot process done on a Windows XP machine, this will tell you what the computer does from the time the computer is powered up to the time windows is in its GUI. [1] The powersupply is switched on, which a self-test starts, when it decides all voltages are acceptable it sends a signal to the processor. [2] The timer chip stops sending reset signals to the processor to allow the CPU to start operations. [3] The CPU will start reading the ROM BIOS Code [4] ROM BIOS Code ensures that hardware has basic functionality [5] The BIOS now searches for adapters that may have their own ROM BIOS routines. [6] ROM BIOS checks for a warm or cold start. [7] ROM BIOS executes a full Power On Self Test, Video Test, Memory Test, if it is a warm boot the RAM check is skipped. [8] BIOS locates and reads the config. from the CMOS [9] If the first bootable disk is a hard drive, the BIOS looks for the very first sector of the drive for the MBR. [10] When the valid MBR is loaded into memory the BIOS transfers control of the boot process to the partition loader code that takes up most of the MBR. [11] The partition loader examines the partition table for partitions marked as active, then it searches for the first sector of that partition for a Boot Record. [12] The active partition's boot record is checked for a valid signature and if found correct is launched as a program. [13] XP now takes over, NTDLR switches the processing from real-mode to protected mode which places the processor in 32-bit memory mode and turns the memory paging on. [14] Boot.ini is then located and is read, if more than one entry in boot.ini is found then it will list a choice of operating systems to boot from, otherwise it takes the only option. [15] Pressing F8 at this stage gives options for Safe Mode, Last Known Good Config, Boot Normal, Debug Mode, etc. [16] If the selected operating system is XP, NTDLR will locate NTDETECT.COM and will perform hardware detection. [17] If the computer has more than one hardware profile, it will prompt user with a list to choose from. [18] After the hardware profile is selected, XP begins loading the kernel NTOSKRNL.EXE [19] NTDLR now loads device drivers that are marked as boot devices, with the loading of these drivers NTDLR releases control of the system. [20] now NTOSKRNL goes through phase 0 and initializes minimal requirements for system start. [21] Phase 1 begins when the HAL is called to prepare the system to accept more interrupts from devices. If more than one processor is present the additional processors are initialized at this point. [22] the initialization of I/O Manager begins the process of loading all the system driver files. [23] The last of phase 1 is to load Sesssion Manager Subsystem, SMSS is responsible for creating the user-mode environment that provides the interface for NT. [24] SMSS loads win32k.sys, which is the driver that load the GUI. [25] XP boot process is not complete until a user has successfully logged onto the system. The process is begun by the winlogon.exe which is loaded as a service by the kernel and continued by the Local Security Authority LSASS.EXE which displays the logon dialog box.