Search notes:

Booting Windows

Boot loader

The boot loader scans the registry for drivers whose start value (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\driverName) is 0 or 1.
These drivers are loaed into memory in the order that is specified in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder

Loading sub systems

TODO: The value of Required under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems.

Determine last boot time

The last time can be determined with systeminfo.exe. 
C:\> systeminfo | findstr /c:"System Boot Time:"
Because systeminfo.exe is localized, the text System Boot Time needs to be changed on Windows with a non-English installation language.

Safe booting

When Windows is booted in safe mode, a minimum of functionality is provided:
See also: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

TODO

autochk.exe
The value of ScfValue under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
During boot time, the Service Control Manager (SCM) is started.
Every time the NT kernel initializes, it always turns on the TerminalServer mask in ProductSuite. See the implementation of ExpWatchProductTypeInitialization in minkernel\ntos\ex\exinit.c (ExpSuiteMask is the variable of interest).
The creation of the WMI namespaces.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Pressing F8 before the Windows logo is displayed starts Windows in advanced troubleshoot modus.

Determine reason of last shutdown

get-winEvent -filterHashtable @{ LogName = 'System'; Id = 41, 1074, 6006, 6605, 6008; } |
sort-object timeCreated |
format-list Id, LevelDisplayName, TimeCreated, Message
The event 6006 is The Event log service was stopped and indicates a proper system shutdown.

See also

bcdedit.exe is the Boot Configuration Data Editor which allows to control the boot process.
%SystemRoot%\System32\Boot
Registry key HKEY_LOCAL_MACHINE\BCD00000000.
msconfig.exe is a tool to manage to startup process.
The Sysinternals tool Autoruns reveals which programs are run during Windows bootup or when a user logs in. 
PS C:\Users\Rene\> wmic os get bootDevice
BootDevice
\Device\HarddiskVolume1

Index

Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 8 attempt to write a readonly database in /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php:78 Stack trace: #0 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(78): PDOStatement->execute(Array) #1 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(30): insert_webrequest_('/notes/Windows/...', 1740444707, '3.133.124.247', 'Mozilla/5.0 App...', NULL) #2 /home/httpd/vhosts/renenyffenegger.ch/httpsdocs/notes/Windows/booting/index(115): insert_webrequest() #3 {main} thrown in /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php on line 78