A boot loader is a special program whose purpose is to load other software and files that are required to bring the computing system into a ready-to-run state. NTLDR is an abbreviation for New Technology Loader, and it is the boot loader for all the releases of Microsoft’s Windows NT operating system up to Windows Server 2003 and Windows XP. In Windows Server 2008 and Windows Vista and Windows 7, NTLDR has been replaced by Windows Boot Manager and winload.exe.
A boot loader usually resides in the nonvolatile portion of memory. The NT Loader is primarily run from the main hard disk drive, but it can also be run from storage devices like USB drives, flash drives, CD-ROMs, or even floppy disks. If an appropriate boot sector is given in the file, NTLDR can even be used to load a non-NT-based operating system.
NT Loader requires the following two files for its proper functioning:
- NTLDR – It contains the main boot loader.
- Boot.ini – It contains the configuration options.
The menu options are stored in the boot.ini file, and NTLDR allows a user to choose the desired operating system from the menu. It also allows users to pass some preconfigured options to the kernel. Boot.ini is protected from the user configuration, as accidentally changing some values in it can cause serious problems such as boot failure. A user needs to first unlock the boot.ini file to edit it.
NTLDR performs the following steps during the booting process:
- It accesses the file system present on the boot drive. It can either be a FAT file system or an NTFS file system.
- If hyberfil.sys is available and it finds a hibernation image, then its contents are loaded into the memory and the system resumes where it left off. Otherwise, boot.ini is read and a boot menu is presented to the user.
- If an NT-based operating system is selected, then ntdetect.com is run; it gathers the required information about the computer’s hardware. However, if a non-NT-based operating system is selected, then NTLDR checks the boot.ini file and loads the associated files.
- Ntoskrnl.exe is then executed, and the information returned by ntdetect.com is passed to it.
Got Something To Say: