Each of the sections below describes a portion of the startup process for Windows 7. These change from Computer-driven processes (early startup), to Windows controlled steps (Windows Startup), and per-user actions to ensure you have the Windows settings you have selected for yourself (User Logon).
Windows Vista Note: The steps below also apply to Windows Vista.
This portion of startup is controlled by the hardware, BIOS (basic input/output system) and storage controller on the computer.
When you turn on your computer, the BIOS loads, and starts this chain of events:
- The BIOS finds your boot device (usually a hard drive), based on BIOS settings for your PC.
- The start of the boot drive is read, so that the boot files can be found. These are on the active partition. A partition is a section of your hard drive where files can be saved. Each partition typically gets a separate drive letter, starting with C. Examples: C:, D:, E:, etc.
- Once the active partition is found, the BIOS reads the boot loader – the first operating system file to be used. This is the file that starts the rest of Windows.
Note: When you change the BIOS settings on your PC, these changes are saved on the CMOS chip. Settings stored this way include the order of boot devices, memory configuration, and internal device state – whether your sound card is enabled or not, for example. As a result, you may hear the terms BIOS and CMOS used interchangeably.
After the hardware has initialized the boot loader, Windows is now responsible for the remainder of startup.
What is Boot Loader and BCD
On Windows 7 computers, this boot loaded is the file “bootmgr”. This file is responsible for initializing the Boot Configuration Data (BCD) store, which contains the entries displayed on the boot menu. This BCD store is located in the Boot folder on the active partition (In windows XP Boot.ini).
The Boot Configuration Database (BCD), which is also referred to as the BCD store, contains boot configuration parameters and controls how the operating system is started in Windows Vista. These parameters were previously stored in the Boot.ini file at the root of the active partition for BIOS-based PCs or in the nonvolatile RAM (NVRAM) for Enhanced Firmware Interface (EFI) based PCs.
The BCD is a database used by Bootmgr. It contains the functions of boot.ini and is located in the boot folder on the active partition.
The BCDEDIT.exe command line tool is provided to manage the entries in the BCD store, and is located in the WindowsSystem32 directory of the Windows Vista partition.
The default boot folder contents are as follows:
Directory of C:Boot
08/10/2006 02:56 PM <DIR> .
08/10/2006 02:56 PM <DIR> ..
08/10/2006 02:50 PM 36,864 BCD
08/10/2006 02:50 PM 262,144 BCD.LOG
08/10/2006 06:51 PM 29,696 BCD.LOG1
08/10/2006 08:22 AM <DIR> en-US
08/10/2006 11:22 PM 219,648 fixfat.exe
08/10/2006 11:22 PM 231,936 fixntfs.exe
08/10/2006 08:22 AM <DIR> Fonts
08/10/2006 11:37 PM 381,512 memtest.exe
When you select a Windows 7 entry from the boot menu (or the default entry is selected automatically), bootmgr uses information in the BCD to find the Windows loader – “winload.exe”. This is the file that performs the next steps of the startup. Once this file is found, in the WindowsSystem32 directory, winload.exe performs the next step.
This is when you will see the “Starting Windows” message on-screen.
In Windows XP the Windows loader functionality is included in ntldr.
Kernel and the System Registry Hive
The core of the Windows 7 OS is implemented in ntoskrnl.exe. This is the file that implements the basic operating system functions, such as working with the CPU, running programs, input/output (I/O), and security.
When ntoskrnl.exe is started by winload, it, in turn initializes all of the many constituent elements needed to run Windows. This work is guided, in part, by the system registry, which is a part of the overall Windows registry database. This hive (part) of the registry is stored as the file WindowsSystem32ConfigSystem. You can see this in the Registry Editor as HKEY_LOCAL_MACHINESystem.
This registry hive contains the configurable startup parameters for the core of the OS, as well as the startup configuration for system software, such as drivers and services.
Much of the core operating system functionality is implemented as drivers. These are .SYS files, which perform specific functions, or interact with specific device types. There are drivers installed to support each type of hardware on the computer, such as disk controllers, network adapters, mice, etc.
Services are programs that run on the computer independent of a logged-on user. This type of program typically performs background activities. If configured to start automatically they are started even if no user logs on.
Software Registry Hive
The software registry hive contains configuration information for installed applications, as well as for many elements of Windows. You can see this in the Registry Editor as HKEY_LOCAL_MACHINESoftware.
Winlogon and the Logon Screen
Winlogon is the process responsible for displaying the logon interface. Winlogon is also the component responsible for handling the Ctrl+Alt+Del sequence, called the Secure Attention Sequence (SAS), used when you need to change your password, or log on to a PC in a workplace.