User:Hbelusca/CSRSS
- NT 3.10.340 (10-12-1992) Beta is the latest official released NT build to have the console server (consrv.dll), gdi32 server (gdisrv.dll) and user server (usersrv.dll) in separate dlls. Starting official released NT 3.10.404, all three are now within the well known winsrv.dll .
- About the mysterious CSRSS.exe command-line:
- - Windows 8+:
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
- - Windows NT 3/4/2000/XP/2003/Vista:
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Partially documented on Windows NT 3.1 October 1991 Beta (10-16-1991) Release: in NT.CFG (text configuration file that later became part of the SYSTEM registry hive) it is said:
// // The SubSystems section defines the command line required to load each // supported subsystem. The Subsystem keyword in the [Sm] section will // define which subsystems are actually loaded. If more than one subsystem // is requested, the order they are loaded is defined by their order in // the [SubSystems] section. // [SubSystems] Win32Char = ?:\Nt\Bin\csrss.exe ObjectDirectory=\Windows Windows=Off SubSystemType=Windows ServerDll=basesrv,1 ServerDll=consrv,2 ProfileControl=Off RequestThreads=4 Win32Gui = ?:\Nt\Bin\csrss.exe ObjectDirectory=\Windows Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=gdisrv,4 ServerDll=usersrv,3 ServerDll=consrv,2 ProfileControl=Off RequestThreads=4 Os2 = ?:\Nt\Bin\os2ss.exe Posix = ?:\Nt\Bin\psxss.exe
And in NTUSER.CFG (per-user settings??) it is mentioned:
[Sm] // // Start the Windows subsystem // SubSystem = Win32Gui
So the questions are:
- What is this
Windows=
option? - What is this
SubSystemType=
option?
Possible answers come from the string contents and the analysis of CSRSRV.DLL:
Windows=
associated with valueOn
will start the Win32 GUI environment. With any other value (Off
is not present in the strings of the DLL, so we can assume it's eitherOn
or anything else) it will NOT start the GUI. From the examples above it is suggested that this will fall back to pure text-mode. We can also see that in this latter case only BASESRV (associated with KERNEL32) and the console server dll CONSRV.DLL only are being loaded. No GUI subsystem (GDI nor USER) are actually loaded.SubSystemType=
associated value is able to take the following values:windows
,posix
,os2
,native
, or a custom numerical value, mapping to one of theIMAGE_SUBSYSTEM_xxx
values of the IMAGE_OPTIONAL_HEADER PE headerSubSystem
member.
This is the subsystem type that is being started and reported to SMSS.
Further analysis of CSRSRV.DLL of these different versions of Windows, shows that NT 3.10.404 (Beta prerelease) is the very last version supporting these switches; all other ones just ignore them.
- Other remarks:
- -
ProfileControl=
option seems to be last supported by CSRSRV in NT 3.1 as it's the only one implementing a non-trivial associated functionCsrSrvProfileControl()
; all other versions deprecated it (see https://geoffchappell.com/studies/windows/win32/csrsrv/api/srvinit/apidispatch.htm ). - -
RequestThreads=
option does not seem to be used anymore (but is still present in the possible list of values);MaxRequestThreads=
is used instead.