Please enable JavaScript.

Coggle requires JavaScript to display documents.

Windows processes (psscan (psscan We came to the conclusion that it was…

- - - - session manager
        subsystem
      - Loads known dlls
      - \%systemroot%\System32\smss.exe
      - Creates session 0 (OS services)
        Creates session 1 (User session)
      - Creates
        CSRSS.EXE
        then exits
        
        \%SystemRoot%\system32\csrss.exe
        
        NT AUTHORITY\SYSTEM
        
        Creates/Deletes processes and threads, Temp files, etc
        
        Client Server Runtime subsystem
        
        One csrss process per session
        
        session 0
      - only one smss.exe exists in session 0
        the other one exits
      - Creates
        WINLOGON.EXE
        then exits
      - Creates WINNT.EXE
        then exits
        
        \%SystemRoot%\system32\wininit.exe
        
        NT AUTHORITY\SYSTEM
        
        Performs user-mode initialization tasks
        
        session 0
        
        SERVICES.EXE