NTLDR

NTLDR (abbreviation of NT Loader) is the boot loader for all releases of Microsoft's Windows NT operating system up to and including Windows XP and Windows Server 2003. NTLDR is typically run from the primary hard disk drive, but it can also run from portable storage devices such as a CD-ROM, USB flash drive, or floppy disk. NTLDR can also load a non NT-based operating system given the appropriate boot sector in a file.

NTLDR requires, at the minimum, the following two files to be on the system volume:

* NTLDR, which contains the main boot loader itself
* boot.ini, which contains configuration options for a boot menu.

To load an NT-based OS, ntdetect.com must also be present. (Strictly speaking, only NTLDR is actually required. If boot.ini is missing, NTLDR will default to C:\Windows on the first partition of the first hard drive. Many desktops in the home are in this configuration and a missing boot.ini file will simply generate an error stating it is missing, then boot into Windows successfully.)

The Volume Boot Record written to disk by the Windows NT format command attempts to load and to run the NTLDR program.

In Windows Vista and Windows Server 2008, NTLDR was replaced; the boot loader functionality is instead provided by two new components: winload.exe and the Windows Boot Manager.

Startup process

When booting, the loader proper portion of NTLDR does the following in order:

1. Accesses the file system on the boot drive (either FAT or NT File System NTFS).
2. If hiberfil.sys is found, and it finds a hibernation image, its contents are loaded into memory and the system resumes where it left off.
3. Otherwise, reads boot.ini and prompts the user with the boot menu accordingly.
4. If a non NT-based OS is selected, then NTLDR loads the associated file listed in boot.ini (bootsect.dos if no file is specified or if the user is booting into a DOS based OS) and gives it control.
5. If an NT-based OS is selected, then NTLDR runs ntdetect.com, which gathers information about the computer's hardware. (If ntdetect hangs during hardware detection there is a debug version called ntdetect.chk which can be found on Microsoft support.[1])
6. Starts Ntoskrnl.exe, passing to it the information returned by ntdetect.com. [2]

boot.ini

NTLDR allows the user to choose which operating system to boot from at the menu; for NT and NT-based operating systems, it also allows the user to pass preconfigured options to the kernel. The menu options are stored in boot.ini, which itself is located in the root of the same disk as NTLDR.

For NT-based OSs, the location of the operating system is written as an Advanced RISC Computing (ARC) path.

boot.ini is protected from user configuration by having the following file attributes: system, hidden, read-only. To make it editable, you must first unlock it with the following command under a console attrib -s -h -r boot.ini. A more secure fashion to edit the file is to use the bootcfg command from a console. bootcfg will also relock the file (setting the file back to system, hidden and read-only). Additionally, the file can be edited within Windows using a text editor if the folder view option "Show hidden files and folders" is selected and the folder view option "Hide protected operating system files" is unchecked and the "Read-only" option is unchecked under file properties.

bootsect.dos is the boot sector loaded by NTLDR to load DOS. If there is no file specified, NTLDR loads bootsect.dos

Example

An example of a boot.ini file:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

If the boot loader timeout option in boot.ini is set to 0, the NTLDR boot menu does not appear. Extreme caution should be taken when modifying the boot loader, as erroneous information can result in an OS that fails to boot.

NT Kernel switches

* /3gb — Allocate 3 GB of virtual address space to programs and 1 GB to the kernel; used for some programs that require more than the standard 2gb allocation for user programs.
* /basevideo — The computer starts up using the standard VGA video driver.
* /baudrate=nnn — Sets the baud rate of the debug port that is used for kernel debugging.
* /bootlog — Write a log file when Windows boots.
* /burnmemory — Amount of memory Windows is not allowed to use.
* /channel — Use with /debug and /debugport to have kernel debugging messages sent over an IEEE 1394 (FireWire) port
* /crashdebug — Causes the kernel debugger to load, but remain inactive until a crash is detected.
* /debug — Causes the kernel debugger to load and activate.
* /debugport=comx —
* /fastdetect — Turn off serial mouse detection.
* /HAL=filename — Define Hardware Abstraction Layer to use.
* /kernel=filename — Use an alternate kernel on boot.
* /maxmem=nn — Set the highest memory address Windows can use (use of /burnmemory recommended instead, for stability and precision reasons).
* /minint — Boot windows in WinPE mode (XP and later, can be used to boot windows from CD, see [3])
* /nodebug — Turn off debugging; can cause Stop Error if a program uses debugging.
* /noexecute=off/optin/optout/on — (DEP). Default with PAE is optin under Windows XP post-SP1.
* /noguiboot — Don't use the bitmap progress bar when starting up. This also disables the text output used by CHKDSK and various partitioning tools, so you should use this switch with extreme caution. Those programs will actually run correctly; the only exception is when they need some text input to continue.
* /nopae — Do Not Support Physical Address Extension.
* /noserialmice:comx — Turn off serial mouse detection on the specified ports.
* /numproc=CPUs — Set number of processors Windows is allowed to use; useful if some processors are failing or defective.
* /onecpu — Equivalent to using /numproc=1; only lets Windows use one CPU.
* /pae — Support Physical Address Extension.
* /pcilock — Let the BIOS assign device addresses instead of Windows.
* /redirect — Turn on Emergency Management Services on certain versions of Windows.
* /safeboot — Enter Safe mode.
o /safeboot:dsrepair — Starts a domain controller in Directory Services Restore Mode.
o /safeboot:minimal — Enter safe mode with minimal device drivers
o /safeboot:minimal(alternateshell) — and an alternate shell
o /safeboot:network — with network support
* /usepmtimer — compatibility switch for energy saving processors so that they can run in full speed (always on)
* /userva — Specify additional memory rules in combination with /3gb switch.
* /sos — Display driver names while loading.
* /w95 — Loads C:\BOOTSECT.W40 as a bootsector.
* /w95dos — Loads C:\BOOTSECT.DOS as a bootsector.
* /year — Tells Windows to ignore the system clock and use the year you specify. For example, /year=2001 was used when Y2K testing.


This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.