What is the use of the smss.exe process in the Win7 System Task Manager?

If you have frequent users of the Win7 system task manager, you will find a process called "smss.exe", which is always running in the background. Out of curiosity, some users try to end the smss.exe process, but appear. "End this process will immediately shut down the operating system" prompt, then what is the process of smss.exe?

What is the process of smss.exe?

The Session Manager is responsible for many important steps in the startup and operation of the Windows operating system, such as opening additional page files, performing delayed file renames and deletions, and creating system environment variables. He also starts the Csrss.exe and Winlogon.exe processes, and the Winlogon.exe process creates other system processes in turn.

smss.exe This is a Windows background process that will start with the system. Because it is an important process running on the system, if you force it to terminate the system, it will be shut down, as shown below:

smss.exe is usually safe as a system process. The location of the program file is C:\\Windows\\System32\\smss.exe (C stands for the partition letter of the system installation).

Function:

smss.exe (Session Manager) is the first user-mode process created on Windows systems. The kernel mode system thread responsible for completing the execution and kernel initialization creates the actual Smss process in the final phase. In the process of starting Windows, smss.exe is divided into 7 steps, which are as follows:

Create an LPC port object and define symbolic links for MSDOS, such as COM1 and LPT1. If Terminal Services is installed, Create the \\Sessions directory to run the program defined by HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\BootExecute in the registry. The default is to run Autochk to execute the delay in the HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\PendingFileRenameOperations table key, delete The rename operation loads HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\KnownDLLs to initialize the paging files and the registry creation system environment variables. These definitions are loaded and initialized in the HKLM\\System\\CurrentControlSet\\Session Manager\\Environment kernel module Win32k of the Win32 subsystem. .sys creates Win32 subsystem server processes, including Csrss.exe and creates the Winlogon.exe process.

Under the HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager registry, you can find a lot of configuration information that drives the initialization steps of Smss.exe. The main thread in Smss.exe waits on the process handles of Csrss.exe and Winlogon.exe after performing these initialization steps. If either of these two processes terminates abnormally, Smss crashes the system (the crash code is STATUS_SYSTEM_PROCESS_TERMINATED or 0xC000021A) because Windows relies on the existence of both processes to run.

At the same time, Smss.exe waits for requests to load subsystems, debug events, and requests to create new terminal server sessions. The creation of a Terminal Services session is done by Smss.exe. When Smss.exe receives a request to create a session, it first calls NtSetSystemInformation to request a kernel-mode session data structure. In turn, the internal memory manager function MmSessionCreate is called, which establishes the session virtual address space, which contains the page break memory pool in the session, as well as the kernel mode part of the Win32 subsystem (Win32k.sys) and others. The data structure assigned to each session by the session space device driver. Then, Smss.exe creates an instance of Winlogon.exe and Csrss.exe for the session.

After reading the above, I finally got a certain understanding of the smss.exe process, knowing that this is a Windows background process, and it has a big effect, so users should not go to the smss.exe process. End it, or your Windows system will be closed.