MarketSession Manager Subsystem
Company Profile

Session Manager Subsystem

The Session Manager Subsystem, or smss.exe, is a component of the Microsoft Windows NT family of operating systems, starting in Windows NT 3.1. It is executed during the startup process of those operating systems.

Session initialization
The Session Manager Subsystem is the first user-mode process started by the kernel. Once started it creates paging files with configuration data from HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, the environment variables located at the registry entry HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment, and device mappings (e.g. CON:, NUL:, AUX:, COM1:, COM2:, COM3:, COM4:, PRN:, LPT1:, LPT2:, LPT3:, and drive letters) listed at the HKLM\System\CurrentControlSet\Control\Session Manager\DOS Devices registry key. This can be used to create permanent subst drives. The manager is responsible for starting the kernel and user modes of the Win32 subsystem. This subsystem includes win32k.sys (kernel-mode), winsrv.dll (user-mode), and csrss.exe (user-mode). Any other subsystems listed in the Required value of the HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems Registry key are also started. The manager is also responsible for doing any operations that are requested to be done at the start of a session. Commands listed in HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute, such as autochk and convert, are executed. These commands are run before services are loaded by later steps of the booting process. Any rename operations queued at HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations. This is used to allow previously in-use files (e.g. drivers) to be replaced as part of a reboot. Starting with Windows Vista, the Session Manager Subsystem creates a temporary instance of itself that launches the Windows Startup Application (wininit.exe) and a second Client/Server Runtime Subsystem (csrss.exe) for Session 0, a session dedicated to system processes. From here, the Windows Startup Application starts the Service Control Manager (services.exe), which starts all the Windows services that are set to "Auto-Start". The application also starts the Local Security Authority Subsystem Service (lsass.exe). Before Windows Vista, these processes were started by Windows Logon instead of the Windows Startup Application. Once the session is configured, the Session Manager Subsystem starts Winlogon (Windows Logon Application), which is responsible for handling interactive logons to a Windows system, either local or remote. == Operation ==
Operation
After the boot process is finished, the program resides in memory and can be seen running in the Windows Task Manager. It then waits for either winlogon.exe or csrss.exe to end, at which point Windows will shut down. If the processes do not end in an expected fashion, smss.exe may hang the system, or a bugcheck will occur. It also initiates new user sessions when needed. In some versions of Windows, by using special tools, the critical process status on smss.exe can be removed, after that, it can be terminated without a bluescreen, but any functions that use smss.exe stop working until the next reboot. The Local Session Manager Service (lsm.exe) sends requests to SMSS through the Asynchronous Local Inter-Process Communication (ALPC) port SmSsWinStationApiPort to start new sessions. Each time a user logs onto the system, the initial Session Manager creates a new instance of itself to configure a new session. This new process starts a Win32 subsystem and Winlogon process for the new session. This allows for multiple users to logon at the same time on Windows Server systems. == See also ==
Source: Wikipedia ↗
tickerdossier.comtickerdossier.substack.com