Difference between revisions of "User:Hbelusca/CSRSS"

From ReactOS Wiki
Jump to: navigation, search
(Some notes about CSRSS and its related DLLs on Windows)
 
(Update the discussion on "SubSystemType".)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Some notes about CSRSS and its related DLLs on Windows: ==
+
== Some notes about CSRSS and its related DLLs on Windows ==
  
 
* NT 3.10.340 (10-12-1992) Beta is the latest official released NT build to have the console server (consrv.dll), gdi32 server (gdisrv.dll) and user server (usersrv.dll) in separate dlls. Starting official released NT 3.10.404, all three are now within the well known winsrv.dll .
 
* NT 3.10.340 (10-12-1992) Beta is the latest official released NT build to have the console server (consrv.dll), gdi32 server (gdisrv.dll) and user server (usersrv.dll) in separate dlls. Starting official released NT 3.10.404, all three are now within the well known winsrv.dll .
Line 47: Line 47:
 
# What is this <code>SubSystemType=</code> option?
 
# What is this <code>SubSystemType=</code> option?
  
Possible answers come from the string contents of CSRSRV.DLL :
+
Possible answers come from the string contents and the analysis of CSRSRV.DLL:
 
# <code>Windows=</code> associated with value <code>On</code> will start the Win32 GUI environment. With any other value (<code>Off</code> is not present in the strings of the DLL, so we can assume it's either <code>On</code> or anything else) it will NOT start the GUI. From the examples above it is suggested that this will fall back to pure text-mode. We can also see that in this latter case only BASESRV (associated with KERNEL32) and the console server dll CONSRV.DLL only are being loaded. No GUI subsystem (GDI nor USER) are actually loaded.
 
# <code>Windows=</code> associated with value <code>On</code> will start the Win32 GUI environment. With any other value (<code>Off</code> is not present in the strings of the DLL, so we can assume it's either <code>On</code> or anything else) it will NOT start the GUI. From the examples above it is suggested that this will fall back to pure text-mode. We can also see that in this latter case only BASESRV (associated with KERNEL32) and the console server dll CONSRV.DLL only are being loaded. No GUI subsystem (GDI nor USER) are actually loaded.
# <code>SubSystemType=</code> associated value appears to be able to take the following values: <code>windows</code>, <code>posix</code>, <code>os2</code>, <code>native</code></br>The hypothesis here is that this may be associated to the default subsystem to be started.
+
# <code>SubSystemType=</code> associated value is able to take the following values: <code>windows</code>, <code>posix</code>, <code>os2</code>, <code>native</code>, or a custom numerical value, mapping to one of the <code>IMAGE_SUBSYSTEM_xxx</code> values of the [https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_optional_header32#members IMAGE_OPTIONAL_HEADER] PE header <code>SubSystem</code> member.</br>This is the subsystem type that is being started and reported to SMSS.
  
From further analysis of the CSRSRV.DLL files of these different versions of Windows is the fact that NT 3.10.404 (Beta prerelease) is the very last version supporting these switches; all other ones just ignore them.
+
Further analysis of CSRSRV.DLL of these different versions of Windows, shows that NT 3.10.404 (Beta prerelease) is the very last version supporting these switches; all other ones just ignore them.
  
 
* Other remarks:
 
* Other remarks:
:- <code>ProfileControl=</code> option seems to be last supported by CSRSRV in NT 3.1 as it's the only one implementing a non-trivial associated function <code<CsrSrvProfileControl()</code>; all other versions deprecated it (see https://geoffchappell.com/studies/windows/win32/csrsrv/api/srvinit/apidispatch.htm ).
+
:- <code>ProfileControl=</code> option seems to be last supported by CSRSRV in NT 3.1 as it's the only one implementing a non-trivial associated function <code>CsrSrvProfileControl()</code>; all other versions deprecated it (see https://geoffchappell.com/studies/windows/win32/csrsrv/api/srvinit/apidispatch.htm ).
 
:- <code>RequestThreads=</code> option does not seem to be used anymore (but is still present in the possible list of values); <code>MaxRequestThreads=</code> is used instead.
 
:- <code>RequestThreads=</code> option does not seem to be used anymore (but is still present in the possible list of values); <code>MaxRequestThreads=</code> is used instead.

Latest revision as of 19:35, 23 October 2022

Some notes about CSRSS and its related DLLs on Windows

  • NT 3.10.340 (10-12-1992) Beta is the latest official released NT build to have the console server (consrv.dll), gdi32 server (gdisrv.dll) and user server (usersrv.dll) in separate dlls. Starting official released NT 3.10.404, all three are now within the well known winsrv.dll .
  • About the mysterious CSRSS.exe command-line:
- Windows 8+:
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
- Windows NT 3/4/2000/XP/2003/Vista:
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Partially documented on Windows NT 3.1 October 1991 Beta (10-16-1991) Release: in NT.CFG (text configuration file that later became part of the SYSTEM registry hive) it is said:

//
// The SubSystems section defines the command line required to load each
// supported subsystem.  The Subsystem keyword in the [Sm] section will
// define which subsystems are actually loaded.  If more than one subsystem
// is requested, the order they are loaded is defined by their order in
// the [SubSystems] section.
//

[SubSystems]
    Win32Char = ?:\Nt\Bin\csrss.exe ObjectDirectory=\Windows Windows=Off SubSystemType=Windows ServerDll=basesrv,1 ServerDll=consrv,2 ProfileControl=Off RequestThreads=4
    Win32Gui = ?:\Nt\Bin\csrss.exe ObjectDirectory=\Windows Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=gdisrv,4 ServerDll=usersrv,3 ServerDll=consrv,2 ProfileControl=Off RequestThreads=4
    Os2 = ?:\Nt\Bin\os2ss.exe
    Posix = ?:\Nt\Bin\psxss.exe

And in NTUSER.CFG (per-user settings??) it is mentioned:

[Sm]

    //
    // Start the Windows subsystem
    //

    SubSystem = Win32Gui

So the questions are:

  1. What is this Windows= option?
  2. What is this SubSystemType= option?

Possible answers come from the string contents and the analysis of CSRSRV.DLL:

  1. Windows= associated with value On will start the Win32 GUI environment. With any other value (Off is not present in the strings of the DLL, so we can assume it's either On or anything else) it will NOT start the GUI. From the examples above it is suggested that this will fall back to pure text-mode. We can also see that in this latter case only BASESRV (associated with KERNEL32) and the console server dll CONSRV.DLL only are being loaded. No GUI subsystem (GDI nor USER) are actually loaded.
  2. SubSystemType= associated value is able to take the following values: windows, posix, os2, native, or a custom numerical value, mapping to one of the IMAGE_SUBSYSTEM_xxx values of the IMAGE_OPTIONAL_HEADER PE header SubSystem member.
    This is the subsystem type that is being started and reported to SMSS.

Further analysis of CSRSRV.DLL of these different versions of Windows, shows that NT 3.10.404 (Beta prerelease) is the very last version supporting these switches; all other ones just ignore them.

  • Other remarks:
- ProfileControl= option seems to be last supported by CSRSRV in NT 3.1 as it's the only one implementing a non-trivial associated function CsrSrvProfileControl(); all other versions deprecated it (see https://geoffchappell.com/studies/windows/win32/csrsrv/api/srvinit/apidispatch.htm ).
- RequestThreads= option does not seem to be used anymore (but is still present in the possible list of values); MaxRequestThreads= is used instead.