What is the role of the Smss.exe process? What process is Smss.exe?

What is the Smss.exe process?

Smss.exe (Session Manager subsystem), which is used to initialize system variables for the conversation management subsystem, the MS-DOS driver name resembles LPT1 and COM, calls the Win32 shell subsystem and runs in the Windows login process. This is a session management subsystem that is responsible for initiating user sessions. This process is initialized through system processes and is reflected in a number of activities, including Windows login programs (Winlogon.exe) that are already running, WIN32 subsystem (Csrss.exe) threads, and set system variables.

What is the role of the Smss.exe process

Smss.exe (Session Manager) is the first user-mode process created in the Windows system. The kernel-mode system thread, which is responsible for completing the execution body and kernel initialization, created the actual SMSS process in the final phase. In the process of starting Windows, the Smss.exe action process is divided into 7 steps, respectively, as follows:

1. Create the LPC Port object, define symbolic connections for msdos, such as COM1, LPT1, and create \sessions directory
2 If you have terminal Services installed. Run the registry hklm\system\currentcontrolset\control\session Manager\bootexecute defined program, the general default is to run Autochk
3. Executes the delay in the HKLM\SYSTEM\CurrentControlSet\Control\Session manager\pendingfilerenameoperations table key, deletes, renames the Operation
4. Load HKEY_ Local_machine\system\currentcontrolset\control\session Manager\knowndlls initializes paging files and registry
5. Create System environment variables, These definitions are in HKLM\SYSTEM\CurrentControlSet\Session manager\environment
6. Load and initialize kernel modules for the WIN32 subsystem Win32k.sys
7. Create the WIN32 subsystem server process, including Csrss.exe, and create the Winlogon.exe process.
under HKLM\SYSTEM\CurrentControlSet\Control\Session Manager in the registry, you can find a number of configuration information that drives the initialization steps for Smss.exe. The main thread in the Smss.exe waits on the process handle of Csrss.exe and Winlogon.exe after performing these initialization steps. If either of these two processes terminates abnormally, SMSS crashes the system (the code that crashes is status_system_process_terminated or 0xc000021a), Because Windows relies on the existence of both processes to be able to run. (Broaden reading: What is the process of svchost.exe?) )

At the same time, Smss.exe waits to load subsystem requests, debug events, and create a new Terminal Server session (Terminal Server sessions) request. The creation of Terminal Services sessions (Terminal service session) is done by Smss.exe. When Smss.exe receives a request to create a session, it first invokes the Ntsetsysteminformation and requests the kernel-mode session data structure to be established. In turn, the internal memory manager function Mmsessioncreate is called, which establishes the session virtual address space that contains the paged memory pool in the session. and the data structure of each session that is allocated by the kernel mode portion (Win32k.sys) of the WIN32 subsystem and other session space device drivers. Smss.exe then creates an instance of Winlogon.exe and Csrss.exe for the session.

Smss.exe,smss.exe virus, please use Jinshan poison pa Perfect Removal and system repair

To judge the true and False Smss.exe method: There are several smss.exe processes, and some paths are "%WINDIR%SMSS." EXE ", at this time can be judged is the virus process, the user of the virus or Trojan.

Poisoning phenomenon:

Phenomenon One: The icon on the desktop could not be erased
Phenomenon Two: QQ processing workshop not to go, QQ Farm processing workshop could not open
Symptom three: Unable to delete file access denied
Phenomenon Four: QQ space cannot open
Phenomenon Five: Physxloader.dll abnormal problem
Phenomenon VI: binkw32.dll abnormal problem

Virus infection

File Smss.exe is stored in the directory C:\Windows\System32. The known Windows XP file size is 50,688 bytes (accounting for the total occurrence ratio of 90%), 45,568 bytes, 62,976 bytes, and 64,000 bytes.
This is a Windows system file. The program does not have a visual window. This file is issued by Microsoft. The risk of a technical threat is 4%, but you can also refer to the user's opinion.
If the Smss.exe is located in the directory C:\Windows, then the threat risk is 75%. The file size is 229,621 bytes (accounting for the total occurrence ratio 15%), 122,880 bytes, 34,816 bytes, 159,841 bytes, 51,712 bytes, 65,664 bytes, 45,866 bytes, 163,840 bytes, 229,888 bytes, 69,632 bytes , 53,249-byte, 15,872-byte, 106,496-byte, 50,767-byte, 55,296-byte. This is not a Windows core file. The document does not have the publisher's information. The application is not visible. This is an unknown file that is stored in a Windows directory. This process is automatically loaded when Windows starts (see registry key: Hkey_current_user\software\microsoft\windows\currentversion\run,hkey_local_ Machine\software\microsoft\windows\currentversion\run,hkey_local_machine\software\microsoft\windows Nt\currentversion\winlogon\shell,c:\windows\win.ini,hkey_ Users\.default\software\microsoft\windows\currentversion\run,hkey_local_ Machine\software\microsoft\windows\currentversion\runservices,hkey_local_machine\software\microsoft\windows Nt\currentversion\winlogon\userinit,hkey_current_user\software\microsoft\windows\currentversion\explorer\user Shell Folders,hkey_local_machine\software\microsoft\windows\currentversion\explorer\user Shell Folders). Smss.exe is the ability to monitor applications, manipulate other programs, and record input.
If the Smss.exe is located under a subdirectory under C:\Windows\System32\drivers, then the threat risk is 71%. The file size is 86,016 bytes (accounting for the total occurrence ratio of 81%) and 13,312 bytes. This program has no notes. The program is not visible. This is an unknown file that is stored in a Windows directory. This is not a Windows system file. Smss.exe is the ability to monitor applications.
If the Smss.exe is located under a subdirectory under C:\Windows, then the threat risk is 73%. The file size is 245,760 bytes (representing the total occurrence ratio 21%), 1,159,680 bytes, 45,126 bytes, 18,498 bytes, 32,768 bytes, 176,128 bytes, 225,280 bytes, 1,284,419 bytes, 172,032 bytes, 29, 184 bytes, 344,116 bytes.
If the Smss.exe is located under a subdirectory under C:\Windows\System32, then the threat risk is 75%. The file size is 223,232 bytes (accounting for the total occurrence ratio 22%), 9,525 bytes, 9,497 bytes, 10,752 bytes, 385,024 bytes, 227,328 bytes, 76,800 bytes.
If Smss.exe is in a subdirectory under "C:\Program Files", then the risk of threat is 58%. The file size is 3,428,352 bytes (representing the total occurrence ratio of 33%), 36,352 bytes, 363,952 bytes, 1,884,160 bytes, and 700,416 bytes.
If the Smss.exe is located in the directory C:\Windows\System32\drivers, then the threat risk is 52%. The file size is 94,208 bytes.
If the Smss.exe is located under the subdirectory under the C:\, then the threat risk is 65%. The file size is 1,146,880 bytes (accounting for the total occurrence ratio of 50%) and 420,864 bytes.
If the Smss.exe is located under the subdirectory of the directory "C:\Program Files\Common Files", then the threat risk is 56%. The file size is 21,538 bytes (accounting for the total occurrence ratio of 50%) and 13,650 bytes.
If the Smss.exe is located in the directory C:\, then the threat risk is 65%. The file size is 110,592 bytes (accounting for the total occurrence ratio of 50%) and 130,690 bytes.
If the Smss.exe is located under the directory "C:\Program Files\Common Files", then the threat risk is 100%. The file size is 130,690 bytes.
If the Smss.exe is located under the "C:\Documents and Settings" subdirectory, then the threat risk is 36%. The file size is 42,065 bytes.
Remember: Smss.exe can also be disguised by malware, especially if they exist in C:\Windows or C:\Windows\System32 directories. We recommend that you use the security Task Manager to check your computer's health to see if the smss.exe process is really harmful.