NTLDR (abbreviation of NT loader) is the boot loader for all releases of Microsoft's Windows NT operating system up to and including Windows XP and Windows Server 2003. NTLDR is typically run from the primary hard disk drive, but it can also run from portable storage devices such as a CD-ROM, USB flash drive, or floppy disk. NTLDR can also load a non NT-based operating system given the appropriate boot sector in a file.
NTLDR requires, at the minimum, the following two files to be on the system volume:
The Volume Boot Record written to disk by the Windows NT format command for Windows platforms using NTLDR attempts to load and to run the NTLDR program.
For NT-based OSs, the location of the operating system is written as an Advanced RISC Computing (ARC) path.
boot.ini is protected from user configuration by having the following file attributes: system, hidden, read-only. To manually edit it, one would first have to remove these attributes. A more secure fashion to edit the file is to use the bootcfg command from a console. bootcfg will also relock the file (setting the file back to system, hidden, and read-only). Additionally, the file can be edited within Windows using a text editor if the folder view option "Show hidden files and folders" is selected, the folder view option "Hide protected operating system files" is unchecked, and the "Read-only" option is unchecked under file properties.
bootsect.dos is the boot sector loaded by NTLDR to load DOS, or if there is no file specified when loading a non NT-based OS.
NTLDR requires, at the minimum, the following two files to be on the system volume:
- NTLDR, which contains the main boot loader itself
- boot.ini, which contains configuration options for a boot menu
The Volume Boot Record written to disk by the Windows NT format command for Windows platforms using NTLDR attempts to load and to run the NTLDR program.
Startup process
For more details on this topic, see Windows NT startup process.
When a PC is powered on its BIOS follows the configured boot order to find a bootable device. This can be a harddisk, floppy, CD/DVD, network connection, USB-device, etc. depending on the BIOS. In the case of a floppy the BIOS interprets its boot sector (first sector) as code, for NTLDR this could be a NTLDR boot sector looking for the ntldr file on the floppy. For a harddisk the code in the Master Boot Record (first sector) determines the active partition. The code in the boot sector of the active partition could then be again a NTLDR boot sector looking for ntldr in the root directory of this active partition. In a more convoluted scenario the active partition can contain a Vista boot sector for the newer Vista boot manager with an {ntldr} entry pointing to another partition with a NTLDR boot sector.[2]
When booting, the loader portion of NTLDR does the following in order:
- Accesses the file system on the boot drive (either FAT or New Technology File System, NTFS).
- If Windows was put in the hibernation state, the contents of hiberfil.sys are loaded into memory and the system resumes where it left off.
- Otherwise, reads boot.ini and prompts the user with the boot menu accordingly.
- If a non NT-based OS is selected, NTLDR loads the associated file listed in boot.ini (bootsect.dos if no file is specified or if the user is booting into a DOS based OS) and gives it control.
- If an NT-based OS is selected, NTLDR runs ntdetect.com, which gathers information about the computer's hardware. (If ntdetect.com hangs during hardware detection, there is a debug version called ntdetect.chk that can be found on Microsoft support.[3])
- Starts Ntoskrnl.exe, passing to it the information returned by ntdetect.com.[4]
boot.ini
NTLDR allows the user to choose which operating system to boot from at the menu. For NT and NT-based operating systems, it also allows the user to pass preconfigured options to the kernel. The menu options are stored in boot.ini, which itself is located in the root of the same disk as NTLDR. Though NTLDR can boot DOS and non-NT versions of Windows, boot.ini cannot configure their boot options.For NT-based OSs, the location of the operating system is written as an Advanced RISC Computing (ARC) path.
boot.ini is protected from user configuration by having the following file attributes: system, hidden, read-only. To manually edit it, one would first have to remove these attributes. A more secure fashion to edit the file is to use the bootcfg command from a console. bootcfg will also relock the file (setting the file back to system, hidden, and read-only). Additionally, the file can be edited within Windows using a text editor if the folder view option "Show hidden files and folders" is selected, the folder view option "Hide protected operating system files" is unchecked, and the "Read-only" option is unchecked under file properties.
bootsect.dos is the boot sector loaded by NTLDR to load DOS, or if there is no file specified when loading a non NT-based OS.
Example
An example of a boot.ini file:[boot loader]timeout=30default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
No comments:
Post a Comment