16,472
社区成员
发帖
与我相关
我的任务
分享\??\C:\Windows\System32\smss.exe到底是个什么路经?
今天枚举进程模块时得到这个文件名,可是读取时遇到错误,病毒吗?
...全文
请发表友善的回复…
发表回复
alphax 2007-09-21
- 打赏
- 举报
大家的winlogon.exe都长这个样吗?
alphax 2007-09-19
- 打赏
- 举报
up
jixingzhong 2007-09-17
- 打赏
- 举报
同问 ..
smzhzyc 2007-09-14
- 打赏
- 举报
我的也是输出这玩意
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
应该是正常的吧
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
应该是正常的吧
alphax 2007-09-14
- 打赏
- 举报
up
alphax 2007-09-14
- 打赏
- 举报
搞错了,应该是:
但是我的是\??\,而且,如果\??\等同于\\?\,那么我的读取不应该失败阿,迷惑
但是我的是\??\,而且,如果\??\等同于\\?\,那么我的读取不应该失败阿,迷惑
alphax 2007-09-14
- 打赏
- 举报
Session manager我懂,也早就知道他是session manager,就是不理解这个\\??\C:\
to 回复人:zzz3265(zzz) ( 五级(中级)) 信誉:103 2007-09-13 22:43:42 得分:0
>>MSDN看 CreateFile 里面第一个参数里面说明就有 这个东西的说明
只见:
The Unicode versions of several functions permit a maximum path length of 32,767 characters, composed of components up to 255 characters in length. To specify such a path, use the "\\?\" prefix
但是我的是\\??\,而且,如果\\??\等同于\\?\,那么我的读取不应该失败阿,迷惑
to 回复人:zzz3265(zzz) ( 五级(中级)) 信誉:103 2007-09-13 22:43:42 得分:0
>>MSDN看 CreateFile 里面第一个参数里面说明就有 这个东西的说明
只见:
The Unicode versions of several functions permit a maximum path length of 32,767 characters, composed of components up to 255 characters in length. To specify such a path, use the "\\?\" prefix
但是我的是\\??\,而且,如果\\??\等同于\\?\,那么我的读取不应该失败阿,迷惑
taianmonkey 2007-09-14
- 打赏
- 举报
Session Manager (Smss)
The Session Manager (\Windows\System32\Smss.exe) is the first user-mode process created in the system. The kernel-mode system thread that performs the final phase of the initialization of the executive and kernel creates the actual Smss process.
The Session Manager is responsible for a number of important steps in starting Windows, such as opening additional page files, performing delayed file rename and delete operations, and creating system environment variables. It also launches the subsystem processes (normally just Csrss.exe) and the Winlogon process, which in turn creates the rest of the system processes.
Much of the configuration information in the registry that drives the initialization steps of Smss can be found under HKLM\SYSTEM\CurrentControlSet\Control\Session Manager. Some of these are explained in Chapter 5 in the section on Smss. (For a more complete description of the keys and values, see the Registry Entries help file, Regentry.chm, in the Windows 2000 resource kits.)
After performing these initialization steps, the main thread in Smss waits forever on the process handles to Csrss and Winlogon. If either of these processes terminates unexpectedly, Smss crashes the system (using the crash code STATUS_SYSTEM_PROCESS_TERMINATED, or 0xC000021A), because Windows relies on their existence. Meanwhile, Smss waits for requests to load subsystems, debug events, and requests to create new terminal server sessions. (For a description of terminal services, see the section "Terminal Services and Multiple Sessions" in Chapter 1.)
Terminal Services session creation is performed by Smss. When a request comes in to Smss to create a session, it first calls NtSetSystemInformation with a request to set up kernel-mode session data structures. This in turn calls the internal memory manager function MmSessionCreate, which sets up the session virtual address space that will contain the session paged pool and the per-session data structures allocated by the kernel-mode part of the Win32 subsystem (Win32k.sys) and other session-space device drivers. (See Chapter 7 for more details.) Smss then creates an instance of Winlogon and Csrss for the session.
The Session Manager (\Windows\System32\Smss.exe) is the first user-mode process created in the system. The kernel-mode system thread that performs the final phase of the initialization of the executive and kernel creates the actual Smss process.
The Session Manager is responsible for a number of important steps in starting Windows, such as opening additional page files, performing delayed file rename and delete operations, and creating system environment variables. It also launches the subsystem processes (normally just Csrss.exe) and the Winlogon process, which in turn creates the rest of the system processes.
Much of the configuration information in the registry that drives the initialization steps of Smss can be found under HKLM\SYSTEM\CurrentControlSet\Control\Session Manager. Some of these are explained in Chapter 5 in the section on Smss. (For a more complete description of the keys and values, see the Registry Entries help file, Regentry.chm, in the Windows 2000 resource kits.)
After performing these initialization steps, the main thread in Smss waits forever on the process handles to Csrss and Winlogon. If either of these processes terminates unexpectedly, Smss crashes the system (using the crash code STATUS_SYSTEM_PROCESS_TERMINATED, or 0xC000021A), because Windows relies on their existence. Meanwhile, Smss waits for requests to load subsystems, debug events, and requests to create new terminal server sessions. (For a description of terminal services, see the section "Terminal Services and Multiple Sessions" in Chapter 1.)
Terminal Services session creation is performed by Smss. When a request comes in to Smss to create a session, it first calls NtSetSystemInformation with a request to set up kernel-mode session data structures. This in turn calls the internal memory manager function MmSessionCreate, which sets up the session virtual address space that will contain the session paged pool and the per-session data structures allocated by the kernel-mode part of the Win32 subsystem (Win32k.sys) and other session-space device drivers. (See Chapter 7 for more details.) Smss then creates an instance of Winlogon and Csrss for the session.
yxz_lp 2007-09-13
- 打赏
- 举报
怎么会是病毒,是系统关键进程,smss.exe为系统会话管理器。
sxlengwa 2007-09-13
- 打赏
- 举报
据说是正常情况,大家那个文件都长那个样子
Yofoo 2007-09-13
- 打赏
- 举报
MSDN看 CreateFile 里面第一个参数里面说明就有 这个东西的说明
alphax 2007-09-13
- 打赏
- 举报
谢谢,能不能给个msdn的相关解释文档的网页地址?
idancing 2007-09-13
- 打赏
- 举报
我也曾经以为这个是病毒
在启动里都把这个关了
在启动里都把这个关了
jingzhongrong 2007-09-13
- 打赏
- 举报
\??是一个目录对象
\??\C:、\??\D:这些符号链接(symbolic link)指向的是一个类似
\Device\Harddisk0\Partition1这样的设备对象
\??\C:、\??\D:这些符号链接(symbolic link)指向的是一个类似
\Device\Harddisk0\Partition1这样的设备对象
