Boot Process, BCD, BCDEdit.exe, BootSect.exe in Windows Vista/Windows 7/ Server 2008

2011-12-29 Updated

Also see my other post, http://sysadmin-e.com/bitlocker-win7.

I made these notes a while back before Windows 7 came out. They should mostly apply to Windows 7 also.

Vista has totally changed the boot process from what has been used since NT. The new boot process is centered around the BCD, which stands for either "Boot Configuration Database" or "Boot Configuration Data" depending on the article or document. To modify the BCD, you can use BCDEdit.exe or the BCD WMI interface. If you just type bcdedit in a command prompt you'll see the current boot configuration.

Since modifying the BCD is not as easy as modifying the boot.ini of previous Windows versions, there are a few free GUI programs that can modify the BCD. I have only tried VistaBootPRO (http://www.vistabootpro.org) and it has worked fine.

BCD default location

C:\Boot\BCD

The file does not have an extension and has several associated log files named BCD.LOG in the same folder.

BCDEdit default location

C:\Windows\system32\bcdedit.exe
-------------------------------------------------------------------

Excerpt from http://support.microsoft.com/kb/919529:

Windows Vista uses a new Boot Configuration Database (BCD) store. This store contains a boot menu and all the information about operating systems that are installed on the computer. Therefore, a Boot.ini file that is from an earlier version of the Windows operating system cannot be used to start Windows Vista.

In earlier versions of the Windows operating system that run on a basic input/output system (BIOS)-based computer, such as Windows XP, the boot process starts with the system BIOS. The BIOS determines the boot device, and then loads the first physical sector. This physical sector is named the master boot record (MBR). The MBR contains the partition table and the necessary boot execution code. This code searches the partition table to find the active partition and passes control to the boot sector on the active partition. Then, the boot sector on the active partition loads the Ntldr program. The Ntldr program parses the Boot.ini file. This file is used to enumerate the operating systems that are installed.

[NTLDR, BOOT.INI and other pre-Vista Windows boot files are located on the root of the active partition.]

When Windows Vista starts on a BIOS-based computer, the BIOS loads the MBR and then loads the boot sector. However, boot code loads the new Windows Boot Manager program (Bootmgr). The Windows Boot Manager program parses the Boot Configuration Data file, enumerates the installed operating systems, and then displays the boot menu. If an earlier version of the Windows operating system is installed in a dual-boot configuration with Windows Vista, the Windows Boot Manager program transfers control to the Ntldr program for the earlier version of the Windows operating system.

Excerpt from BCD.doc at http://www.microsoft.com/whdc/system/platform/firmware/bcd.mspx:

For the common scenario of a PC/AT BIOS computer that is booting from its hard drive, the BIOS reads the master boot record (MBR) and transfers control to the MBR's code. MBR, in turn, transfers control to the code that loads the operating system. Historically, the primary application that is responsible for loading Windows has been Ntldr.

The data that has determined how Ntldr loaded Microsoft® Windows® has been contained in a text file that is named boot.ini and resides on the root folder of the boot drive. Boot.ini contains a separate boot entry for each version or configuration of Windows that is available to the user. If multiple configurations or versions of the operating system are available, Ntldr displays the list of boot entries to allow the user to specify which one should be loaded. It then proceeds to load the selected version of the operating system with a configuration that is based on the selected entry's boot options.

The boot process for computers that use Extensible Firmware Interface (EFI) firmware is completely different from that for PC/AT BIOS computers. EFI is the next-generation firmware model that serves as the interface between hardware platform and the operating system. It provides information about the platform that is necessary for the operating system to boot and is expected to replace the legacy BIOS in the coming decade.

The firmware on a computer that uses EFI contains a boot manager that loads an operating system EFI application that is based on variables that are stored in non-volatile RAM (NVRAM). The Windows EFI operating system loader does not use boot.ini at all. For further information on EFI, see the white paper titled EFI and Windows Vista.

Windows Vista introduces boot configuration data (BCD). This new data store serves essentially the same purpose as boot.ini. However, BCD abstracts the underlying firmware and provides a common programming interface to manipulate the boot environment for all Windows-supported computer platforms. BCD currently supports PC/AT BIOS and EFI systems. However, its programming interface is extensible and portable and has the ability to support other types of firmware in addition to the two discussed here.

Windows Vista introduces several new boot applications, including:

  • Bootmgr [Located in root of active partition.]: A system-wide application that controls boot flow. With a multiboot system, the boot manager displays an operating system selection menu.
  • Winload.exe [Located in C:\Windows\system32.]: The Windows Vista operating system loader. Each version of Microsoft Windows Vista™ and Microsoft Windows Server™ Code Name "Longhorn" that is installed on a computer has its own instance of winload.exe. The operating system loader creates the execution environment for the operating system and also loads the Windows Vista kernel, hardware abstraction layer (HAL), and boot drivers into memory.
  • Winresume.exe [Located in C:\Windows\system32.]: The Windows Vista resume loader. Each version of Windows Vista and Windows Server Longhorn that is installed on a computer has its own instance of winresume.exe. The resume loader restores Windows to its running state when a computer resumes from hibernation.

NTLDR can still be used on PC/AT BIOS systems to dual boot a Windows version earlier than Windows Vista.

-------------------------------------------------------------------

From http://technet2.microsoft.com/WindowsVista/en/library/49ded4da-b66f-4b42-9563-04c218a1a6ac1033.mspx?mfr=true - this link is no longer valid:

Bootsect.exe updates the master boot code for hard disk partitions to switch between BOOTMGR and NTLDR. You can use this tool to restore the boot sector on your computer. This file is located at C:\BOOT\BOOTSECT.EXE.

To restore the Vista MBR and the boot code that transfers control to the Windows Boot Manager program, type the following command: <Vista DVD>:\Boot\Bootsect.exe –NT60 All

To restore the Ntldr program that allows earlier versions of Windows (NT through 2000) to control the boot process, type the following command: <Vista DVD>:\Boot\Bootsect.exe –NT52 All

Leave a Reply