Yes yes, I skipped Vista again. 😉
Finally we get to our next type of Operating System, leaving the XP era behind. As of here we make a distinct difference between BIOS Boot and UEFI Boot.
Above picture illustrates the BIOS boot process for Windows Vista/7, without BitLocker.
POST and BIOS boot is still the same as with the Windows XP Boot Process
As of there the BIOS Magic Code (Bootable code on the MBR no longer points to NTLDR, it points to the Windows Boot Manager.
Bootmgr: Windows Boot Manager
When you look at the disk layout, you will see 2 partitions.
- System Reserved
- OS Disk
System Reserved:
the System Reserved partition holds the Boot Manager, the equivalent of NTLDR in Windows XP.
The Windows Boot Manager is controlled by the BCD Store, the equivalent of boot.ini in Windows XP.
The location of the BCD Store is on the same partition as bootmgr, in a folder called Boot
Boot.ini was readable in plain text, any text reader could just read this out.
the BCD Store however can only be read with BCDedit. Besides that, the BCD store is a lot more dynamic than Boot.ini. the BCD Store is after all, object oriented. If your machine crashes, this file will point you to WinRE instead of the actual windows partition.
Running BCDEdit without any parameters will show you 2 types with its inherited objects
Windows Boot Manager
Identifier: this is the object pointing to the Windows Boot Manager object
Device: the location of where the Boot Manager is registered. During your installation the BCD Store notes down the exact location of the Boot Manager. If you move the bootmgr file somewhere else, the BCD Store will not take this into account so you will have to edit the BCD store to get tell it otherwise. Any other “Boot Manager” cannot use the BCD store either. you can see a significant difference between the object device in Boot Manager and Boot Loader. the Boot Manager is loaded from a partition without a letter assigned to it, so the MBR needs to know where to point to.
Locale: This is the System Locale. As of Windows Vista/7 you can preload multiple languages, depending on the user who logs in the shell language can change, taking it further you can change the system locale as well.
Default: in the above picture it points to “Current”. So BCD tells the Boot Manager to use the “current” identifier, pointing to the Windows Boot Loader Object.
Resumeobject: point to the GUID of another object which at this point we cannot see yet. Resume object is used when you told Windows to hibernate.
displayorder: In the above picture it points to the default object. this means we have selected the “default” object, which has the “current” identifier as a variable pointing to the Windows Boot Loader
toolsdisplayorder: in the above picture it points to the memdiag identifier which at this point we cannot see yet. the Tools Display order is the object used to do diagnostics of your hardware.
Windows Boot Loader
Identifier: this is the object pointing to the Windows Boot Loader Object.
Device: This points us to the partition where the Windows Boot Loader has been registered.
Path: the path pointing to the winload.exe file. This is the Windows Boot Loader.
Fyi, you have winload.exe and winresume.exe. Winload is the cold boot start of Windows. Winresume, as the word says it will resume from hibernation. We will discuss this when discussing the resumeobject.
Locale: This is the System Locale. As of Windows Vista/7 you can preload multiple languages, depending on the user who logs in the shell language can change, taking it further you can change the system locale as well.
Recoverysequence: is pointing to the guid to load WinRe. As you may have noticed it is the exact same GUID as the Resumeobject. I will explain soon how Windows makes the distinction between Resuming and Recovering. (hint: inherit object)
Osdevice: the partition where Windows is found
Systemroot: the Windows folder, this variable is also available in your environment variables: %SystemRoot%
ITris Academy 