HOME

TheInfoList



Click Here for Items Related To - CSRSS
OR:
CSRSS on:   [Wikipedia]   [Google]   [Amazon]

The Client/Server Runtime Subsystem, or csrss.exe, is a component of the
Windows NT Windows NT is a Proprietary software, proprietary Graphical user interface, graphical operating system produced by Microsoft as part of its Windows product line, the first version of which, Windows NT 3.1, was released on July 27, 1993. Original ...
family of
operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...
s that provides the
user mode A modern computer operating system usually uses virtual memory to provide separate address spaces or regions of a single address space, called user space and kernel space. This separation primarily provides memory protection and hardware prote ...
side of the Win32 subsystem. In modern versions of Windows, it is primarily involved with process and thread management, console window handling,
side-by-side assembly Side-by-side assembly (SxS, or WinSxS on Microsoft Windows) technology is a standard for executable files in Windows 98 Second Edition, Windows 2000, and later versions of Windows that attempts to alleviate problems (collectively known as "DLL He ...
loading and the shutdown process. Historically, it had also been responsible for window management and graphics rendering, however, these operations have been moved to
kernel mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer ...
starting with Windows NT 4.0 to improve performance. CSRSS instances are marked as critical processes, meaning that terminating one will crash the system. Built-in process management tools in most Windows versions will also refuse to kill instances of CSRSS. Under normal operation, there is a CSRSS instance for each session (two in
Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft W ...
and newer, one in earlier versions, both assuming there are no active
RDP RDP may refer to: Computing * Ramer–Douglas–Peucker algorithm, an algorithm for polygonal simplification * Recombination detection program, for analysing genetic recombination * Recursive descent parser, a type of top-down parser * Remote Desk ...
connections which spawn extra sessions).


Technical details

CSRSS runs as a user-mode system service. When a user-mode process calls a function involving console windows, process/thread creation, or side-by-side support, instead of issuing a
system call In computing, a system call (syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, accessing a hard disk drive ...
, the Win32 libraries (kernel32.dll, user32.dll, gdi32.dll) send an inter-process call to the CSRSS process which does most of the actual work without compromising the kernel. Window manager and
GDI GDI may refer to: Science and technology * Gasoline direct injection, a type of fuel injection * Graphics Device Interface, a component of Microsoft Windows * Guanosine nucleotide dissociation inhibitor, a protein Organisations * Gabriel Dumont I ...
services are handled by a kernel mode driver (win32k.sys) instead. CSRSS is called along with winlogon.exe from smss.exe at Windows start-up. If either of the files is corrupted or otherwise inaccessible, SMSS will tell the kernel to shut down the start-up process with a
Blue screen of death The blue screen of death (BSoD) or blue screen error, blue screen, fatal error, bugcheck, and officially known as a stop erroris a fatal system error, critical error screen displayed by the Microsoft Windows operating systems to indicate a cr ...
. The error code for this fault is 0xc000021a (STATUS_SYSTEM_PROCESS_TERMINATED). In Windows 7 and later, instead of drawing console windows itself, CSRSS spawns conhost.exe subprocesses to draw console windows for command line programs with the permissions of that user.


Malware hoaxes

There are numerous virus hoaxes that claim that csrss.exe is
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
and should be removed to prevent damage to the system; these are false, as removing csrss.exe or killing the csrss.exe
process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management * Business process, activities that produce a specific s ...
will result in a system crash in Windows applications. In addition,
technical support scam A technical support scam, or tech support scam, is a type of scam in which a scammer claims to offer a legitimate technical support service. Victims contact scammers in a variety of ways, often through fake Pop-up ad, pop-ups resembling error ...
mers pretending to be Microsoft representatives are known to use csrss.exe as "proof" of a virus infection, and convince the user being scammed into purchasing their
rogue security software Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on th ...
to remove it.


See also

*
List of Microsoft Windows components The following is a list of Microsoft Windows components. Configuration and maintenance User interface Applications and utilities Windows Server components File systems Core components Services This list is not all-inclusiv ...


References


External links


Troubleshooting the Startup Process (Windows XP Professional Resource Kit)
{{DEFAULTSORT:Client Server Runtime Subsystem Windows NT architecture