Understand NT's initialization sequence
The boot process is the first of three major phases Windows NT goes through during one cycle of normal operation. The other phases are normal operation and shutdown. Although this column and other articles in Windows NT Magazine have extensively covered the details of NT's policies and mechanisms during normal operation, the boot process is not usually covered in depth (for a selection of these articles, see "Related Articles in Windows NT Magazine"). Even Microsoft's literature on the boot process, including Microsoft Windows NT Server 4.0 Resource Kit and Microsoft Windows NT Device Driver Kit, glosses over the details and presents a somewhat inaccurate picture of the steps NT goes through during a boot.
This month, I will begin a detailed tour through the NT boot process. I'll start at the point at which you install NT and proceed through the way NTLDR and NTDETECT execute. Device drivers are a crucial part of the boot process, so I'll present the way they control where in the boot they load and initialize. Next time, I'll describe how the Executive subsystems initialize, and then I'll show you how the Kernel launches the user-mode portion of NT by starting the Session Manager process, the Win32 subsystem, and the logon process. Along the way, I'll highlight the points at which various text appears on the screen to help you correlate the internal process with what you see when you watch NT boot.
Preboot
The NT boot process doesn't begin when you power on your computer or press the reset key. It begins when you install NT on your computer. At some point during the execution of NT's Setup program, NT prepares the system's primary hard disk with code that takes part in the boot process. Before I discuss what this code does, let me explain how and where NT places it on a disk. Since the early days of DOS, a standard has existed on x86 systems for the way physical hard disks are divided into logical disks. Microsoft operating systems (OSs) split hard disks into discrete areas known as partitions and use file systems (e.g., FAT, NTFS) to format each partition to be a logical drive. A hard disk can contain up to four primary partitions. Because this apportioning scheme would otherwise limit a disk to four logical drives, a special partition type, called an extended partition, further allocates up to four additional partitions within the primary partitions. Extended partitions can include extended partitions, which can contain extended partitions, and so on, making the number of drives an OS can place on a disk effectively infinite. Figure 1, page 60, gives an example of a hard disk layout.
Physical disks are addressed in units known as sectors. A hard-disk sector on an IBM-compatible PC is 512 bytes (sectors can be 1024 bytes on Alpha systems). Utilities that prepare hard disks for the definition of logical drives, including the DOS FDISK utility or the NT Setup program, write a sector of data called a Master Boot Record (MBR) to the first sector on a hard disk. The MBR includes a fixed amount of space that contains executable instructions and a table with four entries that define the locations of the primary partitions on the disk. When IBM-compatible computers boot, the first code they execute is called the BIOS, which is encoded into the computers' ROM. The BIOS reads the MBR off the first sector of a hard disk into memory and transfers control to the code in the MBR.
The MBRs that Microsoft partitioning tools write go through a similar process. First, an MBR's code scans through the primary partition table and locates the first partition with a flag that signals the partition is bootable. When the MBR finds at least one such flag, it reads the first sector from the flagged partition into memory and transfers control to code within the partition. The first sector of such a defined partition is called a boot sector.
OSs generally write boot sectors to disks without a user's involvement. For example, when NT Setup writes the MBR to a hard disk, it also writes a boot record to the first bootable partition of the disk. If you're familiar with the DOS SYS command, you've probably used it to manually write DOS boot sectors to disks. NT Setup checks to see whether the boot sector it will overwrite with an NT boot sector is a valid DOS boot sector. If the boot sector is a valid DOS boot sector, NT Setup copies the boot sector's contents to a file named bootsect.dos in the root directory of the partition. I'll discuss the role bootsect.dos plays in dual-boot environments shortly.
Before writing a partition's boot sector, NT Setup ensures that the partition is formatted with a file system that NT supports, such as FAT and NTFS (NT 5.0 will also support FAT32). NT Setup formats the boot partition--and any other partition with a file system type you specify. If partitions are already formatted, you can instruct Setup to leave them alone. After Setup formats the boot partition, setup copies the files NT uses to the logical drive, including two files that are part of the boot sequence, NTLDR and ntdetect.com.
Another of Setup's roles is to create a boot menu file, boot.ini, in the root directory of the boot partition. This file contains options for starting the version of NT that Setup installs and any preexisting NT installations. If bootsect.dos contains a valid DOS boot sector, one of the entries boot.ini creates is to boot into DOS. Listing 1 shows an example boot.ini file from a dual-boot computer on which DOS is installed before NT.