Download (direct link):
A normal boot
To understand abnormal psychology, you first must understand normal psychology. In this sense, (and perhaps this sense only!) dealing with Windows is similar to dealing with humans.
Typical sequence of events
Here's what happens (or should happen) when you turn on your Windows XP Professional PC, in more detail than you ever wanted to know:
1. The Power-On Self Test (POST) runs, under control of BIOS.
2. The Plug and Play BIOS performs enumeration of (that's a fancy way of saying 'finds') system board hardware devices.
3. The BIOS finds and runs the Master Boot Record (MBR) program.
4. The MBR finds the boot sector on the active partition and loads the superhidden file NTLDR on the root directory. (Superhidden just means that NTLDR has both of the file attributes System and Hidden.)
5. NTLDR throws the CPU into 32-bit mode and loads FAT and NTFS file drivers. (Without these, it couldn't go any further.)
6. NTLDR reads BOOT.INI, also in the root directory, to see whether any other operating systems live on the machine. If so, NTLDR asks the user to pick one, please. If you pick an older operating system, NTLDR then runs BOOTSECT.DOS, which contains the boot sector from the system before Windows XP was installed onto it. For example, BOOTSECT.DOS might start Windows 98. Note that BOOT.INI also contains details on where the operating system(s) reside (typically C:\WINDOWS for Windows XP).
7. If you choose Windows XP in Step 6, or if that's the only operating system on the PC, then the next program to take the baton is NTDETECT.COM. This program, as its name suggests, performs a good deal of hardware detection (but not for network cards).
8. NTLDR steps back in and presents you with a list of hardware profiles, along with an option to use the Last Known Good Configuration, assuming you've defined more than one hardware profile. If not, you'd have to tap F8 at boot time to see this menu.
9. The kernel load phase is next, displaying the 'Starting Windows' text message and progress bar at the bottom of the screen. NTOSKRNL.EXE loads, the Hardware Abstraction Layer (HAL) loads, the control set (essentially a Registry-based list of device drivers, services, and settings) loads, and low-level device drivers load.
10. Kernel initialization follows, displaying the graphical boot progress screen. NTOSKRNL.EXE takes over from NTLDR here, building the HKLM\HARDWARE Registry key, initializing the low-level device drivers, loading more device drivers, and starting services via the Session Manager (SMSS.EXE).
11. The logon dialog box shows up (it's associated with WINLOGON.EXE and LSASS.EXE) and a last set of high-level services starts (such as the Workstation service).
12. Post-logon, Windows creates a new version of the Last Known Good control set based on the current control set.
After putting this list together, I admit feeling a little bit sheepish complaining about how long my system takes to boot.
ARC path nomenclature
In Windows XP, ARC (Advanced RISC Computing) paths in BOOT.INI help NTLDR figure out where the heck the operating system is. Now, I admit I don't like ARC nomenclature. It's obscure and inconsistent and the chances are good that you'll never need it. However, Microsoft loves to put it on the exam, so here are a couple of examples, with explanations following:
* In the first of the preceding examples, multi(0) refers to the first disk controller, which can be an IDE type or a SCSI type with SCSI BIOS enabled; disk(0) doesn't mean anything, but the number must be zero if the path uses the 'multi' designation instead of 'scsi'; rdisk(0) means the first disk on the controller; and partition(3) means the third partition, where the numbering starts with the primary partition and continues with logical drives defined on an extended partition (if present).
* In the second example, scsi(0) refers to the first SCSI disk controller whose BIOS is disabled; disk(0) refers to the SCSI ID of the disk drive; rdisk(0) doesn't mean anything; and partition(1) refers to the first partition. Because most SCSI controllers work best with their own BIOS enabled - for example, the BIOS must generally be enabled to boot from a disk on that controller - the SCSI nomenclature has become rather rare. Learn it anyway.
Warning In ARC nomenclature, controllers and disks start counting at zero, but partitions start counting at one. I told you I hate this stuff.
If you want to modify BOOT.INI, use the handy new BOOTCFG.EXE command-line tool provided by Microsoft (type BOOTCFG /? for a list of qualifiers). If you insist on opening the file in Notepad, though, you must first make it viewable (use the Folder Options control panel to see hidden files and folders) and then turn off the read-only attribute (use the file's property sheet). In real life, you rarely need to modify this file directly; for example, you can change the operating system menu selection delay (the 'timeout=xx' line) via the System control panel.