请输入您要查询的百科知识:

 

词条 Client/Server Runtime Subsystem
释义

  1. Malware hoaxes

  2. Technical details

  3. History

  4. See also

  5. References

  6. External links

Client Runtime Subsystem, or csrss.exe, is a component of the Windows NT family of operating systems that provides the user mode side of the Win32 subsystem and is included in Windows NT 3.1 and later.[1] Because most of the Win32 subsystem operations have been moved to kernel mode drivers in Windows NT 4 and later, CSRSS is mainly responsible for Win32 console handling and GUI shutdown. It is critical to system operation; therefore, terminating this process will result in system failure. Under normal circumstances, CSRSS cannot be terminated with the taskkill command or with Windows Task Manager, although it is possible in Vista if the Task Manager is run in Administrator mode. On Windows 7 and later, Task Manager will inform the user that terminating the process may result in system failure, and prompt if they want to continue.

Malware hoaxes

There are numerous virus hoaxes that claim that csrss.exe is malware and should be removed to prevent damage to the system; these are false, as removing csrss.exe or killing the csrss.exe process will result in a Blue Screen of Death.

In addition, technical support scammers pretending to be Microsoft representatives are known to use csrss.exe as "proof" of a virus infection, and convince the user being scammed into purchasing their rogue security software to remove it.[1]

Technical details

CSRSS runs as a user-mode system service. When a user-mode process calls a function involving console windows, process/thread creation, or side-by-side support, instead of issuing a system call, the Win32 libraries (kernel32.dll, user32.dll, gdi32.dll) send an inter-process call to the CSRSS process which does most of the actual work without compromising the kernel.[2] Window manager and GDI services are handled by a kernel mode driver (win32k.sys) instead.[3]

CSRSS is called along with winlogon.exe at Windows start-up. If either of the files is corrupted or otherwise inaccessible, the NT kernel will shut down the start-up process with a Blue Screen of Death. This is caused by a failure to move out of kernel mode and into user mode, the "normal" operation of Windows. The error code for this fault is 0xc000021a.

In Windows 7 and later, instead of drawing console windows itself, CSRSS spawns conhost.exe subprocesses to draw console windows for command line programs with the permissions of that user.

History

The Windows NT 3.x series of releases had placed the Graphics Device Interface component in CSRSS, but this was moved into kernel mode with Windows NT 4.0 to improve graphics performance.[4] The Windows startup process from Vista onward has changed significantly. Two instances of csrss.exe are running in Windows 7 and Vista.[5]

See also

  • List of Microsoft Windows components

References

1. ^{{cite web|url=http://news.softpedia.com/news/symantec-disavows-business-partner-caught-running-a-tech-support-scam-499310.shtml|title=Symantec Disavows Business Partner Caught Running a Tech Support Scam|last=Cimpanu|first=Catalin|publisher=Softpedia|date=Jan 22, 2016|accessdate=July 29, 2016}}
2. ^{{cite web|url=http://www.left-brain.com/tabId/65/itemId/1642/pageId/29/Undocumented-Windows-NT.aspx|title=Detailed implementation of a system service in Windows NT|accessdate=2010-06-10|work=Undocumented Windows NT}}
3. ^{{cite book|last=Russinovich|first=Mark|title=Windows Internals, 5th Edition|year=2009|publisher=Microsoft Press|pages=54}}
4. ^{{cite web|url=https://technet.microsoft.com/en-us/library/cc750820.aspx#XSLTsection124121120120|title=The Windows NT 4.0 Kernel mode change|accessdate=2009-01-19|work=MS Windows NT Kernel-mode User and GDI White Paper|publisher=Microsoft}}
5. ^{{cite web|url=https://technet.microsoft.com/en-us/magazine/2007.03.vistakernel.aspx|title=Inside the Windows Vista Kernel – Startup Processes|accessdate=2010-10-01|work=Inside the Windows Vista Kernel – Startup Processes|publisher=Microsoft}}

External links

  • [https://technet.microsoft.com/en-us/library/bb457123.aspx Troubleshooting the Startup Process (Windows XP Professional Resource Kit)]
{{Windows Components}}{{DEFAULTSORT:Client Server Runtime Subsystem}}

1 : Windows NT architecture

随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/11/11 9:48:59