NTLDR is generally stored in the C-packing directory, is a hidden and read-only properties of the system files. Its primary responsibility is to parse Boot.ini files. If your understanding of it is not clear, then let's take Windows XP as an example to introduce the role of NTLDR in the system boot process.
Windows XP undergoes the three phases of a boot, boot, and load kernel during the booting process, which is completely different from the way Windows 9X directly reads the boot sector, and NTLDR plays a crucial role in the three-stage boot process.
1. Pre-boot phase
What the computer does during the boot phase is to run the Post program, Post will detect the total memory of the system and other hardware devices, load the first physical sector of the disk into memory, load the hard drive master boot record and run, and the master boot record will find the starting position of the active partition. The boot sector of the active partition is then loaded and executed, finally loading and initializing the Ntldr file from the boot sector.
2. Boot phase
During the boot phase, Windows XP will go through the initial boot loader phase, the operating system selection phase, the hardware detection phase, and the configuration selection phase in four small phases.
(1) in the initial boot loader phase, NTLDR will convert the microprocessor from the computer to the 32-bit flat memory mode, in real mode, the system will reserve the 640KB size of memory space for MS-DOS, and the rest of the memory is considered to be extended memory, In 32-bit flat mode, the system treats all memory as available memory, and then NTLDR executes the appropriate small file system driver, at which point Ntldr can recognize each file system partition in NTFS or FAT format, ending with the initial boot loader phase.
(2) When the boot loader phase is finished, it will enter the operating system selection phase, if more than one operating system is installed on the computer, Because NTLDR loads the correct Boot.ini file, the menu that requires the operating system will appear at startup, NTLDR is the location from the Boot.ini file where the system files are located. If the NT system is selected, then NTLDR will run the Ntdetect.com file, or the NTLDR will load Bootsect.dos and give control to Bootsect.dos. If there is only one operating system in the Boot.ini file or the timeout value is 0, then the menu screen for the operating system will not appear, and if the Boot.ini file is illegal or non-existent, NTLDR will attempt to boot the system from the default system volume.
Tip: When NTLDR starts, if the existing Hiberfil.sys file is issued in the root of the system and the file is valid, then NTLDR will read the information in the Hiberfil.sys file and let the system revert to the state before hibernation, and the Boot.ini file is not processed.
(3) When the operating system selection phase is completed will enter the hardware detection phase, when the Ntdetect.com file will collect the computer hardware information list, and then return the list to NTLDR, so NTLDR will load the hardware information into the registry "Hkey_local_ MACHINE "in the hardware.
(4) After the hardware detection phase will enter the configuration selection phase, if there are more than one hardware configuration list, then the profile selection menu will appear, if only one is not displayed.
3. Load Kernel phase
During the load kernel phase, NTLDR will load the NTOKRNL.EXE kernel program, then NTLDR will load the hardware abstraction layer (HAL.dll), then the system will load the "Hkey_machinesystem" key value in the registry, and NTLDR will read "Hkey_ Machinesystemselect "key value to determine which ControlSet will be loaded. The loaded ControlSet will contain the device drivers and the services that need to be loaded. Then NTLDR load the underlying device driver with the start key value of 0 under the registry "Hkey_local_machinesystemservice". When the ControlSet mirror CurrentControlSet is loaded, NTLDR passes control to NTOSKRNL.EXE, and the boot process ends.
Tip: If you press F8 at startup, we will see a variety of startup modes in the boot menu, at which point Ntldr will use the boot parameter to load the NT kernel according to the user's choice, and the user can also set the startup parameters in the Boot.ini file.