Client/Server Runtime Subsystem

Client/Server Runtime Subsystem

Client/Server Runtime Subsystem, or csrss.exe, is a component of the Microsoft Windows NT operating system that provides the user mode side of the Win32 subsystem and is included in Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows Server 2008 and Windows 7. Because most of the Win32 subsystem operations have been moved to kernel mode drivers, in Windows NT 4 and later CSRSS is mainly responsible for Win32 console handling and GUI shutdown. It is critical to system operation; therefore, terminating this process will result in system failure. Under normal circumstances, CSRSS cannot be terminated with the taskkill command or with Windows Task Manager, though it is possible in Vista if the Task Manager is run in Administrator mode. On Windows 7 and Windows 8 Developer Preview, Task Manager will inform the user that terminating the process will result in system failure, and prompt if they want to continue.

Contents

Workings

CSRSS runs as a user-mode system service. When a user-mode process calls a function involving console windows, process/thread creation, or Side-by-Side support, instead of issuing a system call, the Win32 libraries (kernel32.dll, user32.dll, gdi32.dll) send an inter-process call to the CSRSS process which does most of the actual work without compromising the kernel.[1] Window manager and GDI services are handled by a kernel mode driver (win32k.sys) instead.[2]

History

The Windows NT 3.x series of releases had placed the Graphics Device Interface component in CSRSS, but this was moved into kernel mode with Windows NT 4.0 to improve graphics performance.[3] The Windows startup process has changed significantly since Vista. 2 instances of csrss.exe are running in Windows 7 and Vista. [4]

Threats

Viruses, spyware, and trojans are known to infect or disguise themselves as this process. These include, but are not limited to:

  • Nimda.E [5]
  • W32/Netsky.ab@MM [6]
  • W32/VBMania@MM [7]

See also

References

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Client/Server Runtime Subsystem — CSRSS.exe (аббр. от англ. Client Server Runtime Subsystem)  критически важный процесс операционной системы Windows. Исполняемый файл хранится в системной директории в папке system32. Процесс отвечает за работу: терминальных служб, служб… …   Википедия

  • Runtime — Moteur d exécution Un moteur d exécution, bibliothèque d exécution ou runtime (abréviation de runtime system ou runtime library, runtime signifiant, en anglais, « au moment de l exécution ») est un programme ou une bibliothèque qui… …   Wikipédia en Français

  • Session Manager Subsystem — (sous système gestionnaire de session smss.exe) est un composant de Windows. Il est exécuté dès le processus de démarrage de Windows. Durant cette phase, il lance autochk.exe pour vérifier le ou les différent(s) systèmes de fichiers, puis après… …   Wikipédia en Français

  • List of Microsoft Windows components — The following is a list of Microsoft Windows components. Contents 1 Configuration and maintenance 2 User interface 3 Applications and utilities 4 Windows Server components …   Wikipedia

  • Native API — The Native API (with capitalized N) is the publicly and incompletely documented application programming interface used internally by the Windows NT family of operating systems produced by Microsoft.[1]. It is predominately used during system boot …   Wikipedia

  • Architecture of Windows NT — The Windows NT operating system family s architecture consists of two layers (user mode and kernel mode), with many different modules within both of these layers. The architecture of Windows NT, a line of operating systems produced and sold by… …   Wikipedia

  • Microsoft Transaction Server — (MTS) was software that provided services to Component Object Model (COM) software components, to make it easier to create large distributed applications. The major services provided by MTS were automated transaction management, instance… …   Wikipedia

  • Hybrid kernel — is a kernel architecture based on combining aspects of microkernel and monolithic kernel architectures used in computer operating systems. The category is controversial due to the similarity to monolithic kernel; the term has been dismissed by… …   Wikipedia

  • Winlogon — est un composant de Windows qui gère l ouverture et la fermeture de session, et le Ctrl Alt Delete. En particulier, il charge le profil d un utilisateur après qu il s est authentifié il gère l écran de veille ; sur le retour au mode normal,… …   Wikipédia en Français

  • WIN32S — Das Windows Application Programming Interface (kurz: WinAPI; zu dt. etwa: Windows Anwendungs Programmierungs Schnittstelle) ist eine Programmierschnittstelle und Laufzeitumgebung, welche Programmierern bereitsteht, um Anwendungsprogramme für… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”