Building and Using a Windows XP Boot Disk
Use the procedures in this article to work around the problems that hinder your system from starting. Problems that can occur are (but not limited to) boot sector damage, missing files, a virus, improper drivers and so on. In this article this is what we cover. We cover some terminology and the boot process, possible problems and situations and then show you how to make a boot disk and use it. A non booting Server is not a good thing when it’s hosting a thousand web pages for a company. I recommend this disk be created and kept nearby in case you are in a jam and need to get a system up and running that will not boot.
"For a complete guide to security, check out 'Security+ Study Guide and DVD Training System' from Amazon.com"
In this section we will cover terminology that will be used throughout the chapter and define it.
- POST: Power On Self Test. When a computer starts or boots, the BIOS carries out a procedure that verifies that all the system's components are operating properly. Hearing beeps are indicators of a BIOS trying to either indicate a successful transition, or it’s giving you a beep code that helps you figure out a problem most likely in the BIOS.
- MBR: Short for Master Boot Record, a small program that is executed when a computer boots up. Typically, the MBR resides on the first sector of the hard disk. The program begins the boot process by looking up the partition table to determine which partition to use for booting
- BIOS: An abbreviation for Basic Input/Output System. On PC systems, the BIOS is used to perform all necessary functions to properly initialize that system’s hardware when power is first applied. The BIOS also helps with the boot process.
- CMOS: Complementary Metal Oxide Semiconductor. A chip which uses small amounts of electricity. It is used typically on battery-powered computers and to save configuration information on other computers when they are turned off.
The boot process once understood will help you visualize why putting certain files on a floppy disk will help you so much. Let’s look at the boot process. Click to visit Microsoft.
- The first thing that happens when you power on your PC is you have a POST. The POST stands for Power on Self Test and it tests your system hardware.
- Hardware such as Memory is tested as well as all other hardware on the system being verified. This can usually be seen on the monitor as the system starts.
- Once POST completes, the PC will attempt to locate a bootable device configured via the system BIOS/CMOS.
- Once the bootable device is found, the MBR (Master Boot Record) is loaded into memory
- The MBR locates the active partition and loads the boot sector into memory.
- The boot sector contains the code that starts Ntldr which is the boot strap loader for Windows XP. Ntldr must be located in root folder of the active partition along with Ntdetect.com, boot.ini, bootsect.dos (for dual booting) and Ntbootdd.sys (needed with some SCSI adapters)
- The operating system is ‘selected’ by NTLDR.
- NTLDR will use the Ntdetect.com, boot.ini, and bootsect.dos files to get the proper OS selected and loaded
- The system starts in 16-bit real mode, then moves to protected mode at 32-bit.
- Once NTLDR switches into 32-bit mode, the file system is loaded (NTFS, FAT32, etc) so that the boot.ini can be read and then checked.
- Once the boot.ini is checked, you select the OS you would like to load.
- Selecting XP from the boot menu causes Ntldr to run Ntdetect.com to get information about installed hardware.
- Ntldr then uses the ARC path specified in the boot.ini to find the boot partition. It may look something like this:
default=multi (0)disk (0)partition (2) \WINDOWS
multi(0)disk(0)partition(2)\WINDOWS="Microsoft Windows XP" /fastdetect
- Ntdetect.com can start to gather information about your systems hardware (such as):
- Computer ID
- Bus/adapter type
- SCSI adapters
- video adapters
- Com ports
- Parallel ports
- Floppy disks
- Pointing devices
- Computer ID
- Once Ntdetect.com collects the needed information, NTLDR loads Ntoskrnl and passes control to it.
- Ntoskrnl.exe and hal.dll are loaded. Ntoskrnl.exe and Hal.dll must be located in the %SystemRoot%\System32 folder.
- Next, the Registry is loaded and a hardware profile is selected. If you have multiple hardware profiles created, you may be asked to select from one to load.
- After you have selected the proper hardware profile (or if the default one just loads), then you will next be greeted by the login prompt.
- Ntoskrnl.exe starts Winlogon.exe which starts Lsass.exe (Local Security Administration), this is the program that displays the Welcome screen and allows a user to log on with their credentials (user name and password).
To get to this point, you have to have a healthy set of files to get you there. As with any other data, they are prone to corruption, damage or sabotage just like any other source of data. A boot disk is nothing more than a set of the most critical files that if they become damaged need to be replaced to allow the system to boot and load. You can use a boot disk in a time of disaster to get the system to the winlogon process and running to get to critical data or to bring the server up and operational to serve.
Problems occur, issues arise, and most times it’s unavoidable. Corruption or a boot sector virus can render just about any system dead in the water. So what could happen? In this section we cover some basic issues that can occur so that you just what your up against and why a boot disk can be very handy.
- Boot Sector Damage
- MBR (master boot record) Damage
- Virus Issues
- Missing or damaged files (Ntldr or Ntdetect.com)
- Incorrect Ntbootdd.sys driver
- To boot from the shadow of a broken mirror
Boot Disk 101
Now that you know the boot process and can see what could happen to hinder that process, let’s look at how to make and use the boot disk.
To create a boot disk for Windows XP for an NTFS or FAT Partition you will need to have a formatted floppy. It needs to be blank and virus free. You will also need the Windows XP CD-ROM or an operational Windows XP-based computer.
- Format your Floppy.
- Copy needed files (Ntldr, Ntdetect.com, and the boot.ini. Copy them from a system running Windows XP as long as it’s not virus infested and/or a Windows XP setup CD-ROM.
- Edit the boot.ini file you copied over to floppy. You will need to set the path correctly so you will need to understand the ARC naming convention. You will find what you need to know using Microsoft’s documentation.
- Start your computer by using the floppy disk, and then log on to Windows XP.
- If your computer boots from a SCSI hard drive, you may need to replace the multi(0) entry with scsi(0) under [operating systems]
- It is possible to disable the Windows XP boot splash screen and speeds up the boot process very slightly. Its more so if you would like practice editing the *.ini file and if you want to 'see' the boot process that this logo hides
- Edit the boot.ini
- Add " /noguiboot" right after "/fastdetect".
- Once you reboot the splash screen will be gone.
- It can be re-enabled by removing the new switch
- Edit the boot.ini
At times, even if you use the boot disk, you may still encounter solvable problems. Its not ‘that’ easy to use so lets look at some helpers and tips to get you through the most common jams:
- You may want to put a copy of edit on the boot disk to edit the boot.ini file with.
- The Boot.ini file will most always be the problem with the boot disk unless the boot disk is corrupted, damaged, infected, etc.
- You may see error messages about ‘ARC’ and if you do, its very common that your boot.ini file is not configured properly. If you don’t know the boot.ini syntax inside and out, then you may want to print out a copy of it and keep it with your boot disk or put a small text file on the floppy as well with a simple explanation so you can figure it out if you need to.
- 3rd party companies (makers of NTFSDOS for example) have products that can ‘mount’ an NTFS drive which can allow you to copy the files if needed (if you don’t have a FAT partition to get into), as well, to see the boot.ini current to the system if you need to get ideas on what was in the boot.ini in the original system that failed.
In this article we covered the basics of making a Windows XP boot disk. For those of you who are Microsoft Gurus, I hope this article served as a good source of information about how to save a Windows system from failure… we all look like champions when we save a system, think about if the system you were viewing this article with right here and now didn’t boot! I think you would want this disk! Tell me what you think is the Forums.