The Boot Sector and NTLDR
Setup must know the partition format before it writes a boot sector, because the contents of the boot sector depend on the format. For example, if the boot partition is a FAT partition, NT writes code to the boot sector that understands the FAT file system. But if the partition is in NTFS format, NT writes NTFS-capable code. The role of the boot-sector code is to give NT information about the structure and format of a logical drive, and to read in the NTLDR file from the root directory of the logical drive. Thus, the boot-sector code contains just enough read-only file system code to accomplish this task. After the boot sector code loads NTLDR into memory, it transfers control to NTLDR's entry point. If the boot sector code can't find NTLDR in the boot partition's root directory, the boot sector code prints the error message BOOT: Couldn't find NTLDR if the boot file system is FAT, or A kernel file is missing from the disk if the file system is NTFS.
NTLDR begins its existence while a system is executing in an x86-operating mode called Real-Mode. In Real-Mode, no virtual to physical translation of memory addresses occurs, which means that programs that use the addresses interpret them as physical addresses, and only the first 640KB of the computer's physical memory is accessible. Simple DOS programs execute in a Real-Mode environment. However, the first action NTLDR takes is to switch the system to Protected-Mode. Still no virtual-to-physical translation occurs at this point in the boot process, but a full 32 bits of memory becomes accessible. After it is in Protected-Mode, NTLDR can access all of physical memory. After creating enough page tables to make memory below 1MB accessible with paging turned on, NTLDR enables paging. Protected-Mode with paging enabled is the mode in which NT executes in normal operation. (For information about paging and page tables, see "Inside Memory Management, Part 1," August 1998.)
After NTLDR enables paging, NTLDR is fully operational. It next reads the boot.ini file from the root directory using built-in file-system code. Like the boot sector's code, NTLDR contains read-only NTFS and FAT code; unlike the boot sector's code, NTLDR's file-
system code can read subdirectories. NTLDR clears the screen and presents the user with the boot selection menu. If the user doesn't select an entry within the timeout period the boot.ini file specifies, NTLDR chooses a default selection. A boot.ini line directs NTLDR to the partition on which the NT system directory (<winnt>) of the selected installation resides. This partition might be the same as the boot partition, or it might be another primary partition.
If the boot.ini line refers to a DOS installation (i.e., by referring to C:\ as the system partition), NTLDR reads the contents of the bootsect.dos file into memory and executes a warm reboot. This action causes the code to execute after the computer reinitializes as if the MBR had read the code from disk. Code in bootsect.dos continues a DOS-specific boot, such as one into Windows 98 or Win95 on a computer on which these OSs are installed with NT.
A line in boot.ini can include option arguments that NTLDR and other components involved in the boot process interpret. Table 1, page 62, shows a complete list of these options and their effects. If the /MAXMEM= argument is present in the boot selection a system's user chooses, NTLDR discards the amount of memory specified in the internal tables it uses to keep track of physical memory allocations. Options such as /MAXMEM= are useful for device-driver developers who want to stress their drivers under various operating conditions.
NTLDR next loads and executes the ntdetect.com program, which prints a message to the screen such as NTDETECT V4.0 Checking Hardware. Ntdetect.com is a standard DOS-style program that uses a system's BIOS to query the computer for basic device and configuration information. This information includes the time and date information stored in the system's CMOS (nonvolatile memory); the types of buses (e.g., ISA, PCI, EISA, Micro Channel Architecture--MCA) on the system and identifiers for devices attached to the buses; the number, size, and type of disk drives on the system; the types of mouse input devices connected to the system; and the number and type of parallel ports configured on the system. This information is gathered into internal data structures that will become the HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION Registry key later in the boot.
NTLDR clears the screen and prints its version information: OSLOADER V4.0. The first two files that NTLDR loads make up NT's core: ntoskrnl.exe and hal.dll. Both files are located in the <winnt>\system32 directory. Ntoskrnl.exe contains the Kernel and Executive subsystems (e.g., Memory Manager, Cache Manager, Object Manager), and hal.dll contains code that interfaces NT to the computer hardware. Hardware abstraction layers (HALs) can provide interfaces to proprietary hardware, so Microsoft makes it possible for OEMs to supply custom HAL files. If NTLDR fails to load either of these files, it prints the message Windows NT could not start because the following file was missing or corrupt, followed by the name of the file.
Register
