As I prepare for CompTIA's A+ Certification I will post my revision notes here.

Thursday, February 16, 2006

Windows XP Advanced Startup Options: Enable Boot Logging

Windows XP features an advanced startup screen, the options available here are only really needed when you're having difficulties booting into Windows. One of the options which helps diagnose problems with Windows is the "Logged" mode. This mode essentially starts Windows normally but logs all the actions Windows takes on boot up to a text file (ntbtlog.txt located in the Windows folder in Windows XP and the WINNT folder in Windows 2000) which you can later use to diagnose problems.

The advanced startup options menu is normally accessed by pressing the F8 key while the system is booting up. If you manage to press the key in time you'll see a menu like the following screen shot (screenshot from Windows XP)

Browsing to the ntbtlog.txt in the Windows directory you'll get an output similar to the following output, which enables you to see exactly which drivers failed or did not load.

Service Pack 2 2 16 2006 20:26:25.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver d347bus.sys
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS
Loaded driver compbatt.sys
Loaded driver \WINDOWS\System32\DRIVERS\BATTC.SYS
Loaded driver PCIIde.sys
Loaded driver \WINDOWS\System32\Drivers\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver pcmcia.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver d347prt.sys
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\System32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\w29n51.sys
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\serial.sys
Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\parport.sys
Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\system32\drivers\stac97.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\vsdatant.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\DRIVERS\processr.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\DRIVERS\arp1394.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\avg7core.sys
Loaded driver \SystemRoot\System32\Drivers\avg7rsw.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\Drivers\avg7rsxp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys
Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys

posted by Nik at 8:42 PM | 0 comments  

Tuesday, February 14, 2006

Windows NT/2000/XP Key Boot Files

The Windows startup routine for Windows NT/2000 and XP differs considerably from Windows 9x, not only are the procedures different, but the files used to boot the system are different too.

  • NTLDR - This is the bootstrap file that begins loading the operating system.
  • BOOT.INI - This file holds details of all operating systems installed on the machine.
  • BOOTSECT.DOS - This file is for dual-boot systems only, allowing it to boot to a DOS or Windows 9x system.
  • NTDETECT.COM - Checks for hardware each time the system loads.
  • NTBOOTDD.SYS - This file is purely for booting from SCSI drives where the BIOS is disabled.
  • NTOSKRNL.EXE - Windows operating system kernel.
  • HAL.DLL - Hardware Abstraction Layer, enables hardware and operating system.

The boot sequence of a machine running Windows NT/2000/XP can be seen side-by-side with a Windows 9x boot sequence in my previous post here: Windows NT/2000/XP boot process.

posted by Nik at 1:15 PM | 0 comments  

Monday, February 13, 2006

Windows 9x/NT/2000/XP Boot Sequences (side-by-side)

The Windows boot process is a complex process which involves a number of different steps. The Windows 9x sequence differs markedly from the Windows NT/2000/XP boot procedure. I've drawn up a table showing the processes side-by-side.
You'll notice the first two processes are identical, but that's where the similarities end.

Click here for explanations of the Windows 9x Startup files.

WINDOWS BOOT PROCESS
Win 9xWin NT/2000/XP
System Power-on-Self-Test (POST)System Power-on-Self-Test (POST)
Master Boot Record (MBR)
loads and finds boot sector		Master Boot Record (MBR)
loads and finds boot sector
IO.SYS loads into memory and starts processor in Real modeMBR determines filesystem and loads NTLDR
WIN.COM loads and transfers processor into Protected modeNTDLR switches system from Real to Protected mode and enables paging
NTLDR processes BOOT.INI
Windows kernal, virtual device drivers and GDI loadNTLDR loads and runs NTDETECT.COM checks and initialises devices
NTLDR loads to NTOSKRNL.EXE and HAL.DLL
NTLDR loads the HKEY_LOCAL_MACHINE\SYSTEM registry and device drivers
NTLDR passes control to NTOSKRNL.EXE
EXPLORER.EXE shell loadsWinlogon loads
Windows Desktop loads

posted by Nik at 8:09 PM | 0 comments  

Windows 9x Startup Files

You need to know the important system files that are involved in the system configuration in order to be able to diagnose problems with Windows machines. Windows 9x and Windows Me have similarities so most things here apply to Windows 95/98 and Me unless stated otherwise.

Important files in Windows are usually hidden by the operating system by default. To view these files in Windows Explorer it is necessary to "Show all hidden files". Some system files are stored in the root of the C drive, while others are stored in the WINDOWS directory, you'll discover that these files are exist purely for backwards compatibility whereas others affect the operation of your machine.

Windows Startup Files


  • MSDOS.SYS - Primarily handles disk I/O, stays in memory all the time.
  • EMM386.EXE - Allows Windows to control upper memory, this functionality is built into Windows Me.
  • HIMEM.SYS - This is a Windows 9x file which is used to access high memory area (HMA).
  • IO.SYS - Allows Windows to interact with the system hardware and BIOS. It also includes drivers for common hardware devices, ports and drives.
  • WIN.INI - This file was used to store system settings such and communications drivers, wallpaper, screen saver etc for Windows 3.x, 95/98. This file has now been replaced by the Registry.
  • WIN.COM - A file used by Windows 9x that initiates the protected load phase.
  • SYSTEM.INI - This file was used to store system settings such and language, location etc for Windows 3.x, 95/98. This file has now been replaced by the Registry.
  • COMMAND.COM - A command interpreter, or the DOS shell
  • CONFIG.SYS - A file that is used in MS-DOS and early versions of Windows to load device drivers and control memory usage.
  • AUTOEXEC.BAT - An automatically run batch file used to run commands on startup on MS-DOS and early versions of Windows. (more information about AUTOEXEC.BAT and CONFIG.SYS can be found here)

Editing non binary files such as AUTOEXEC.BAT can be achieved in a number of ways. Windows 95/98 provide a DOS tool called SYSEDIT, which essentially opens up a GUI with multiple text files allowing you to edit the following files:

  • SYSTEM.INI
  • CONFIG.SYS
  • WIN.INI
  • SYSTEM.INI
  • PROTOCOL.INI (Windows 9x only)
Whereas Windows 98/Me introduce a new tool called MSCONFIG.EXE which achieves the same end only in a slightly more user-friendly fashion, both SYSEDIT and MSCONFIG can be run from the command prompt.

posted by Nik at 1:14 PM | 0 comments  

Sunday, February 12, 2006

Overview of Hard Disk Technology

Hard disks contain several disks called platters, these platters are mounted on a spindle. The platters rotate at speeds between 2000 and 10000 rpm.
The data stored on the platters is read by several read/write heads, which are all mounted on a single actuator. Each side of each platter has its own head which floats above the platters surface.

Each platter is divided up into sectors and tracks. Sectors are shaped like slices of cake, whereas tracks are concentric circles running around the platter.
Tracks start out the outside edge. The first track contains the File Allocation Table (FAT).
Because hard disks contain more than one platter, and because the read/write heads on all platters read the same tracks on each disk, the collection of tracks the read/write heads access at any one point is called a cylinder.

Hard Drive Geometry

A hard drives geometry is essentially the spec of the hard drive which dictates how much data the drive can store and how quickly it can access it. Hard disks are rated by several variables:

  • Capacity
  • Seek time
  • Latency
  • Access time
  • Spin speed
A hard drives capacity can be calculated using the following formula:

Capacity = (No. Cyl x No. Heads) x (No. Sectors per track) x (Capacity per track)

Seek Time - This is the time it takes for the actuator to move from rest to the correct point on the disk.

Latency Factor - This is the time it takes for the correct track to pass underneath the read/write heads, the faster the spin speed the lower the latency factor.

Access Time - This is a found by adding the average seek time and average latency factors together.

posted by Nik at 4:34 PM | 0 comments