Quick Overview: Booting Process of Windows
Booting is the process of starting a computer system. Also if you restart a computer system, you initiate a booting process. Both processes of starting or restarting Windows are called booting. On booting, the operating system resides in hard disk loading on the working memory i.e. RAM. Booting is the critical process of any OS. This blog provides a brief overview of the booting process of Windows-based systems.
Types of Booting
(1) Hard Boot or Cold Boot
Hard Boot simply means starting a computer system from the switch-off state. Generally, you start a day in your office by switching on the computer system and clicking on the power button. That is called a hard boot or cold boot.
(2) Soft Boot or Warm Boot
Soft Boot simply means re-starting a computer system from the already switch-on state. If you are working on the computer system, sometimes you restart your computer because of updates or any other reason. That restart came under the soft boot or warm boot.
Windows System Files
Windows OS needs so many files to run properly. Some are very critical as if those files are missing, Windows does not boot up. While some are not very essential, as it does not affect the operating system's running.
Generally, attackers try to corrupt system files to compromise the computer system. Hence, it is very critical to prevent OS to compromise with malicious software. Below is the list of files that are required while running OS.
| File Names | Description |
| Win32k.sys | System file that is used for handling Windows applications |
| Ntdll.dll | Part of the advanced API services library |
| Hal.dll | Hardware Abstraction Layer Dynamic-link Library |
| Ntkrnlpa.exe | New Technology Kernel Process Allocator |
| Ntoskrnl.exe | for memory management and hardware abstraction |
| User32.dll | Help in manipulating the user interface |
| Advapi32.dll | Part of advanced API services library |
| Kernel32.dll | Part of the advanced API services library |
| Gdi32.dll | help in operating Windows programs |
Windows Boot Process
Windows 8 and above operating system uses the BIOS-MBR method or UEFI-GPT method. Please remember that the UEFI-GPT method is the newer method and the selection of the method depends on the choice of the user. BIOS-MBR method is also used by old Windows operating systems such as Windows XP, Vista, and Windows 7.
BIOS-MBR
- The first step is to load the BIOS by hitting the power button. BIOS will check prerequisites such as whether the hardware is connected, and in a running state.
- MBR starts.
- The Volume Boot Sector (VBS) takes care of the operating system.
- NT Boot Sector starts.
- BOOTMGR.EXE starts. It checks Boot Configuration Data (BCD) and WINRESUME.EXE
- WINLOAD.EXE starts loading the operating system kernel.
- NTOSKRNL.EXE initiates to check HAL.DLL.
- Phase 0 starts with NTOSKRNL.EXE.
- Phase 1 starts with NTOSKRNL.EXE.
- SMSS.EXE starts.
- WINLOGON.EXE
- LSASS.EXE
To check which boot method is used by your desktop, follow the below navigation
- Open "Computer Management" with Administrator privilege
- Click on Disk Management
- Right-click on Disk 0 and select properties
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
