Difference between revisions of "Csrss.exe"

From ReactOS Wiki
Jump to: navigation, search
(Replaced content with "{{DISPLAYTITLE:csrss.exe}} {{stub}} User mode subsystem server (Part of Win32™ Personality? Subset of System Services?) {{Code history|subsystems/win32/csrss}} == S...")
(Updated information and added some relevant info from Wikipedia with mods.)
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
{{DISPLAYTITLE:csrss.exe}}
 
{{DISPLAYTITLE:csrss.exe}}
 
{{stub}}
 
{{stub}}
User mode subsystem server (Part of Win32™ Personality? Subset of System Services?)
+
[[Wikipedia:Client/Server Runtime Subsystem|Client/Server Runtime Subsystem]], or csrss.exe, is an essential component of the Windows NT&trade; family of operating systems. It provides the user mode side of the Win32 subsystem and is included in Windows 2000 and later, while Win32.sys is the kernel-mode portion of the Win32 Subsystem.<br /><br />
 +
 
 +
Since Windows NT 4, most of the Win32 subsystem operations have been moved to kernel mode drivers. So CSRSS is mainly responsible for Win32 console handling and GUI shutdown.<br />
 +
 
 +
== Technical details ==
 +
CSRSS runs as a user-mode [[Wikipedia:Windows service|system service]]. When a user-mode process calls a function involving console windows, process/thread creation, or [[Wikipedia:Side-by-side assembly|side-by-side]] support, instead of issuing a [[Wikipedia:system call|system call]], the Win32 libraries (kernel32.dll, user32.dll, gdi32.dll) send an [[Wikipedia:Local Procedure Call|inter-process call]] to the CSRSS process which does most of the actual work without compromising the kernel.<ref>[https://wenku.baidu.com/view/a9966e2d55270722192ef7cb.html "Detailed implementation of a system service in Windows NT"]. ''Undocumented Windows NT.'' Retrieved 2017-06-11.</ref> Window manager and [[Wikipedia:Graphics Device Interface|GDI]] services are instead handled by a kernel mode driver (win32k.sys).<ref>Russinovich, Mark (2009). ''Windows Internals, 5th Edition'' Microsoft Press. p. 54.</ref><br /><br />
 +
 
 +
CSRSS is called along with <tt>winlogon.exe</tt> at Windows startup. If either of the files is corrupted or otherwise inaccessible, the NT kernel will shut down the startup process with a [[Wikipedia:Blue Screen of Death|BSOD]] displaying error 0xc000021a. This is caused by a failure to move out of kernel mode and into user mode.<br /><br />
 +
 
 +
Vista and Windows 7 both run two instances of csrss.exe.<ref>[https://technet.microsoft.com/en-us/library/2007.03.vistakernel.aspx "Inside the Windows Vista Kernel – Startup Processes"]. ''Inside the Windows Vista Kernel – Startup Processes.'' Microsoft. Retrieved 2010-10-01.</ref><br /><br />
 +
 
 +
Starting with Windows 7, instead of drawing console windows itself, CSRSS spawns <tt>conhost.exe</tt> subprocesses to draw console windows for command line programs with the permissions of that user.
 +
<br /><br />
  
 
{{Code history|subsystems/win32/csrss}}
 
{{Code history|subsystems/win32/csrss}}
 +
 
== See also ==
 
== See also ==
 
*[[Win32k.sys|Kernel Mode Subsystem Server]]
 
*[[Win32k.sys|Kernel Mode Subsystem Server]]
  
 +
==Notes and references==
 +
<references/>
  
 
[[Category:Application]]
 
[[Category:Application]]

Revision as of 02:00, 13 June 2017

The page Csrss.exe is a short article on something that should have a lot more information written on it.
If you know anything else about it, you are STRONGLY encouraged to add the information in. If you are unsure of proper formatting or style, add it to the talk page or this page itself as you think best and others will help.


Client/Server Runtime Subsystem, or csrss.exe, is an essential component of the Windows NT™ family of operating systems. It provides the user mode side of the Win32 subsystem and is included in Windows 2000 and later, while Win32.sys is the kernel-mode portion of the Win32 Subsystem.

Since Windows NT 4, most of the Win32 subsystem operations have been moved to kernel mode drivers. So CSRSS is mainly responsible for Win32 console handling and GUI shutdown.

Technical details

CSRSS runs as a user-mode system service. When a user-mode process calls a function involving console windows, process/thread creation, or side-by-side support, instead of issuing a system call, the Win32 libraries (kernel32.dll, user32.dll, gdi32.dll) send an inter-process call to the CSRSS process which does most of the actual work without compromising the kernel.[1] Window manager and GDI services are instead handled by a kernel mode driver (win32k.sys).[2]

CSRSS is called along with winlogon.exe at Windows startup. If either of the files is corrupted or otherwise inaccessible, the NT kernel will shut down the startup process with a BSOD displaying error 0xc000021a. This is caused by a failure to move out of kernel mode and into user mode.

Vista and Windows 7 both run two instances of csrss.exe.[3]

Starting with Windows 7, instead of drawing console windows itself, CSRSS spawns conhost.exe subprocesses to draw console windows for command line programs with the permissions of that user.

Commit history (Source code can be found in: /reactos/subsystems/win32/csrss)

See also

Notes and references

  1. "Detailed implementation of a system service in Windows NT". Undocumented Windows NT. Retrieved 2017-06-11.
  2. Russinovich, Mark (2009). Windows Internals, 5th Edition Microsoft Press. p. 54.
  3. "Inside the Windows Vista Kernel – Startup Processes". Inside the Windows Vista Kernel – Startup Processes. Microsoft. Retrieved 2010-10-01.