Client/Server Runtime Subsystem

Client/Server Runtime Subsystem: Client/Server Runtime Subsystem, or csrss.exe, is a component of the Microsoft Windows NT operating system that provides the user mode side of the Win32 subsystem and is included in Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows Server 2008 and Windows 7. Because most of the Win32 subsystem operations have been moved to kernel mode drivers, in Windows NT 4 and later CSRSS is mainly responsible for Win32 console handling and GUI shutdown. It is critical to system operation; therefore, terminating this process will result in system failure. Under normal circumstances, CSRSS cannot be terminated with the taskkill command or with Windows Task Manager, though it is possible in Vista if the Task Manager is run in Administrator mode. On Windows 7 and Windows 8 Developer Preview, Task Manager will inform the user that terminating the process will result in system failure, and prompt if they want to continue.

Contents

1 Workings

2 History

3 Threats

4 See also

5 References

6 External links

Workings

CSRSS runs as a user-mode system service. When a user-mode process calls a function involving console windows, process/thread creation, or Side-by-Side support, instead of issuing a system call, the Win32 libraries (kernel32.dll, user32.dll, gdi32.dll) send an inter-process call to the CSRSS process which does most of the actual work without compromising the kernel.^[1] Window manager and GDI services are handled by a kernel mode driver (win32k.sys) instead.^[2]

History

The Windows NT 3.x series of releases had placed the Graphics Device Interface component in CSRSS, but this was moved into kernel mode with Windows NT 4.0 to improve graphics performance.^[3] The Windows startup process has changed significantly since Vista. 2 instances of csrss.exe are running in Windows 7 and Vista. ^[4]

Threats

Viruses, spyware, and trojans are known to infect or disguise themselves as this process. These include, but are not limited to:

Nimda.E ^[5]

W32/Netsky.ab@MM ^[6]

W32/VBMania@MM ^[7]

See also

List of Microsoft Windows components

References

^ "Detailed implementation of a system service in Windows NT". Undocumented Windows NT. http://www.left-brain.com/tabId/65/itemId/1642/pageId/29/Undocumented-Windows-NT.aspx.

^ Russinovich, Mark (2009). Windows Internals, 5th Edition. Microsoft Press. pp. 54.

^ "The Windows NT 4.0 Kernel mode change". MS Windows NT Kernel-mode User and GDI White Paper. Microsoft. http://technet.microsoft.com/en-us/library/cc750820.aspx#XSLTsection124121120120. Retrieved 2009-01-19.

^ "Inside the Windows Vista Kernel - Startup Processes". Inside the Windows Vista Kernel - Startup Processes. Microsoft. http://technet.microsoft.com/en-us/magazine/2007.03.vistakernel.aspx. Retrieved 2010-10-01.

^ "csrss.exe Windows process - What is it?". http://www.neuber.com/taskmanager/process/csrss.exe.html. Retrieved 2009-01-12.

^ "McAfee W32/Netsky.ab@MM Virus Profile". http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=124873. Retrieved 2009-01-12.

^ "Widespread Reporting of "Here you have" Virus (aka W32/VBMania@MM)". http://www.avertlabs.com/research/blog/index.php/2010/09/09/widespread-reporting-of-here-you-have-virus/. Retrieved 2010-09-10.

External links

Troubleshooting the Startup Process (Windows XP Professional Resource Kit)

v · d · eMicrosoft Windows components

Core

Active Scripting (WSH · VBScript · JScript) · Aero · AutoPlay · AutoRun · ClearType · COM (ActiveX · ActiveX Document · COM Structured storage · DCOM · OLE · OLE Automation · Transaction Server) · Desktop Window Manager · DirectX · Explorer · Graphics Device Interface · Imaging Format · .NET Framework · Search (IFilter · Saved search) · Server Message Block · Shell (Extensions · File associations · Namespace · Special Folders) · Start menu · Previous Versions · Taskbar · Windows USER · Win32 console · XML Paper Specification

Management tools

Backup and Restore Center · cmd.exe · Control Panel (Applets) · Device Manager · Disk Cleanup · Disk Defragmenter · Driver Verifier · Event Viewer · IEAK · IExpress · Management Console · Netsh · Problem Reports and Solutions · Resource Monitor · ‎Sysprep · System Policy Editor · System Configuration · Task Manager · System File Checker · System Restore · WMI · Windows Installer · Windows PowerShell · Windows Update · WAIK · WinSAT · Windows Easy Transfer

Applications

Calculator · Character Map · Contacts · DVD Maker · Fax and Scan · Internet Explorer · Journal · Magnifier · Media Center · Media Player · Mobile Device Center · Mobility Center · Narrator · Notepad · Paint · Windows Photo Viewer · Private Character Editor · Remote Assistance · Windows Desktop Gadgets · Snipping Tool · Sound Recorder · Store · Speech Recognition · Tablet PC Input Panel · WordPad · Portable Workspace Creator

Games

3D Pinball for Windows - Space Cadet · Chess Titans · FreeCell · Hearts · Hover! · Hold 'Em – Inkball · Mahjong Titans · Minesweeper · Purble Place · Reversi · Solitaire · Spider Solitaire · Microsoft Tinker

Kernel

Ntoskrnl.exe · hal.dll · System Idle Process · Registry · DLL · EXE · NTLDR / Boot Manager · Winlogon · Recovery Console · I/O · WinRE · WinPE · Kernel Patch Protection

Services

SCM · BITS · Task Scheduler · Wireless Zero Configuration · Shadow Copy · Error Reporting · Multimedia Class Scheduler · CLFS

File systems

NTFS (Hard link · Junction point · Mount Point · Reparse point · Symbolic link · TxF · EFS) · WinFS · FAT (FAT12 · FAT16 · FAT32) · exFAT · CDFS · UDF · DFS · IFS

Server

Domains · Active Directory · DNS · Group Policy · Roaming user profiles · Folder redirection · Distributed Transaction Coordinator · MSMQ · Windows Media Services · Rights Management Services · IIS · Terminal Services · WSUS · Windows SharePoint Services · Network Access Protection · PWS · DFS Replication · Remote Differential Compression · Print Services for UNIX · Remote Installation Services · Windows Deployment Services · System Resource Manager · Hyper-V

Architecture

NT series architecture · Object Manager · Startup process (Vista/7) · I/O request packet · Kernel Transaction Manager · Logical Disk Manager · Security Accounts Manager · Windows File Protection / Windows Resource Protection · Windows library files · LSASS · CSRSS · SMSS · MinWin

Security

Action Center · BitLocker · Defender · Data Execution Prevention · Mandatory Integrity Control · Protected Media Path · User Account Control · User Interface Privilege Isolation · Windows Firewall

Compatibility

command.com · Interix · Unix subsystem (Microsoft POSIX) · Virtual DOS machine · Windows on Windows · Windows XP Mode · WoW64

Categories:
Windows NT architecture
Microsoft Windows stubs

Игры ⚽ Поможем написать курсовую

Look at other dictionaries:

Client/Server Runtime Subsystem — CSRSS.exe (аббр. от англ. Client Server Runtime Subsystem) критически важный процесс операционной системы Windows. Исполняемый файл хранится в системной директории в папке system32. Процесс отвечает за работу: терминальных служб, служб… … Википедия
Runtime — Moteur d exécution Un moteur d exécution, bibliothèque d exécution ou runtime (abréviation de runtime system ou runtime library, runtime signifiant, en anglais, « au moment de l exécution ») est un programme ou une bibliothèque qui… … Wikipédia en Français
Session Manager Subsystem — (sous système gestionnaire de session smss.exe) est un composant de Windows. Il est exécuté dès le processus de démarrage de Windows. Durant cette phase, il lance autochk.exe pour vérifier le ou les différent(s) systèmes de fichiers, puis après… … Wikipédia en Français
List of Microsoft Windows components — The following is a list of Microsoft Windows components. Contents 1 Configuration and maintenance 2 User interface 3 Applications and utilities 4 Windows Server components … Wikipedia
Native API — The Native API (with capitalized N) is the publicly and incompletely documented application programming interface used internally by the Windows NT family of operating systems produced by Microsoft.[1]. It is predominately used during system boot … Wikipedia
Architecture of Windows NT — The Windows NT operating system family s architecture consists of two layers (user mode and kernel mode), with many different modules within both of these layers. The architecture of Windows NT, a line of operating systems produced and sold by… … Wikipedia
Microsoft Transaction Server — (MTS) was software that provided services to Component Object Model (COM) software components, to make it easier to create large distributed applications. The major services provided by MTS were automated transaction management, instance… … Wikipedia
Hybrid kernel — is a kernel architecture based on combining aspects of microkernel and monolithic kernel architectures used in computer operating systems. The category is controversial due to the similarity to monolithic kernel; the term has been dismissed by… … Wikipedia
Winlogon — est un composant de Windows qui gère l ouverture et la fermeture de session, et le Ctrl Alt Delete. En particulier, il charge le profil d un utilisateur après qu il s est authentifié il gère l écran de veille ; sur le retour au mode normal,… … Wikipédia en Français
WIN32S — Das Windows Application Programming Interface (kurz: WinAPI; zu dt. etwa: Windows Anwendungs Programmierungs Schnittstelle) ist eine Programmierschnittstelle und Laufzeitumgebung, welche Programmierern bereitsteht, um Anwendungsprogramme für… … Deutsch Wikipedia

Academic Dictionaries and Encyclopedias

Client/Server Runtime Subsystem

Contents

Workings

History

Threats

See also

References

External links

Look at other dictionaries:

Share the article and excerpts

Academic Dictionaries and Encyclopedias

Wikipedia

Client/Server Runtime Subsystem

Contents

Workings

History

Threats

See also

References

External links

Look at other dictionaries:

Share the article and excerpts

Direct link