The windows booting process too has many similarities with those explained in the post about the Linux booting process, this is because booting is a process that primarily initiates a connection between the hardware and the Operating System. The booting up process can again be divided into whether the sytem is a BIOS (Basic Input/Output System)-based system or whether the system is a EFI (Extensible Firmware Interface) based one. Let’s first look at a BIOS based system since the difference is minimal, between a BIOS based system and a EFI based one.
The booting up process always begins with the execution of the firmware, which in this case would be the BIOS. The BIOS code searches for all available boot devices and if only one is found loads the device’s Master Boot Record (MBR) into memory. The MBR is 512 bytes in size and is located in the first sector of a device or partition. The BIOS then passes control to the MBR code. The boot code looks around, using a partition table, till it finds a boot-able partition, called the system partition. The MBR boot code then reads the first sector of the system partition and then passes control to the boot sector code, which loads the Bootmgr file from the system volume’s root directory, after which the Bootmgr takes control. The Bootmgr operates in real mode, which basically means whats on disk is in memory, there is no virtual address translation that takes place. But to access the full range of addresses, the processor is put in protected mode. For Windows to run as usual, paging must be enabled, so that is done by the bootmgr too.
Once the bootmgr enables the protected mode and enables paging, it then loads the Boot Configuration Data (BCD) located in the boot folder in the root directory of the system volume. The BCD contains configuration details on how the OS is to be started, beginnning with Windows Vista. Once the BCD is loaded, it directs the bootmgr to where Windows is located. This is known as the Boot partition or the boot volume. From here the bootmgr loads the Winload.exe, which is the Windows bootloader. If the computer is being awakened from the hibernate state, the bootmgr invokes winresume.exe instead of winload.exe. The system partition contains the hardware related files that tell a computer where to look at to start Windows. A boot partition is the partition that contains the Windows files which are located in the Windows file folder. Now that the OS loader as control, it gathers hardware descriptors and the files needed to initialize the kernel (Ntoskrnl.exe). Winload.exe then reads the SYSTEM registry hive which contains the boot device driveers that must be loaded to run the kernel.Once the device drivers have been identified and loaded, winload.exe prepares the CPU registers and then calls KiSystemStartup , the main function of the Windows kernel (Ntoskrnl.exe).
Once of the differences is that the EFI does not depend on the MBR boot code, it has it’s own boot manager that can read the partition table. What one must infer is that the boot code itself has become a part of the firmware. The other difference is that the boot loader and resume files are renamed winload.efi and winresume.efi. The succeeding steps are similar to BIOS-booting once winload.efi takes over control.