Critical system services,...

OSR_Community_User · June 1, 2011, 7:54pm

Hi,

i have a question on this topic:

http://msdn.microsoft.com/en-us/library/aa373646(VS.85).aspx

MSDN says: “Critical system services include smss.exe, csrss.exe, winit.exe, logonui.exe, lsass.exe, services.exe, winlogon.exe, System, svchost.exe with RPCSS, and svchost.exe with Dcom/PnP.”

I accidentally corrupted (in kernel mode) something that run into a CRITICAL_OBJECT_TERMINATION and then i wanted to find out what exactly makes a process or thread critical. So i found out that there is some “flag” set and can be requested with ZwQueryInformationProcess/Thread with ThreadBreakOnTermination/ProcessBreakOnTermination. Walking through the running processes and threads to see whats critical i found something out (on my vista 32 bit system) that confuses me a little: smss, lsass, winlogon, svchost(PnP) are not flagged,…rest is,…how come?

K.

Tim_Roberts · June 2, 2011, 12:46pm

xxxxx@arcor.de wrote:

i have a question on this topic:

http://msdn.microsoft.com/en-us/library/aa373646(VS.85).aspx

MSDN says: “Critical system services include smss.exe, csrss.exe, winit.exe, logonui.exe, lsass.exe, services.exe, winlogon.exe, System, svchost.exe with RPCSS, and svchost.exe with Dcom/PnP.”

I accidentally corrupted (in kernel mode) something that run into a CRITICAL_OBJECT_TERMINATION and then i wanted to find out what exactly makes a process or thread critical. So i found out that there is some “flag” set and can be requested with ZwQueryInformationProcess/Thread with ThreadBreakOnTermination/ProcessBreakOnTermination. Walking through the running processes and threads to see whats critical i found something out (on my vista 32 bit system) that confuses me a little: smss, lsass, winlogon, svchost(PnP) are not flagged,…rest is,…how come?

How could this information possibly be of use to anyone?

Seriously, you won’t get an answer to this unless you have access to the
operating system source code, and in that case you probably couldn’t
tell us the answer anyway.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

OSR_Community_User · June 2, 2011, 4:01pm

You are right Tim, that question was totally irrelevant, its not of use for anyone here.