PRocesses: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9
Dlls: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9
Popular: svchost.exe | csrss.exe | rthdcpl.exe | spoolsv.exe | mrt.exe | lsass.exe | Home | Manufacturers | Top 1000


Is there a way to inject behavior to csrss.exe and modify/enhance windows console?

I'm aware of Console2 and similar solutions, but I would really like to enhance every console window in my system. Any ideas?

View Complete Forum Thread with Replies

Related posts for csrss.exe

See Related Forum Messages: Follow the Links Below to View Complete Thread

Is it possible to get the “Image Path Name” of csrss.exe which is a SYSTEM process?
Hunting down application errors coming from csrss.exe
batch or vbs forced BSOD
Is there a way to inject behavior to csrss.exe and modify/enhance windows console?
make a windows 7 machine crash on BSOD
What does the csrss.exe process do?
is ??c:windows path legitimate

csrss.exe: Is it possible to get the “Image Path Name” of csrss.exe which is a SYSTEM process?

The windows system process (in Windows 7 for this example) 'csrss.exe' runs as a SYSTEM process and when I go to get (programmatically, of course) the process list with pid, command line, and image path name I get no values for command line or image path name because Windows won't let you grab that information for a SYSTEM process (I believe).

Is there a way I can grab image path name from a SYSTEM process? Does Windows actually prevent you from doing this? Is there a workaround?


csrss.exe: Hunting down application errors coming from csrss.exe

I'm the maintainer of a legacy Delphi application. On machines running this program an Application Error appears sometimes with the caption referring to this Delphi app and a message like the following:

The instruction at '...' referenced memory at '...'. The memory could not be 'read'.

Click on OK to terminate the program.

Task Manager says the process belonging to this message box is csrss.exe. What would be a systematic way to find the root cause of this e

csrss.exe: batch or vbs forced BSOD

Is there a way is batch or vbs to force the blue screen of death to appear, or a forced crash. This can happen from stopping the process 'csrss.exe' but it wont close via simple batch or vbs script. How can this be done?

csrss.exe: Is there a way to inject behavior to csrss.exe and modify/enhance windows console?

I'm aware of Console2 and similar solutions, but I would really like to enhance every console window in my system. Any ideas?

csrss.exe: make a windows 7 machine crash on BSOD

I'm trying to write a windows debug utility and I would need to automatically crash a Windows machine and make a Blue Screen Of Death appear.

I can obviously kill the csrss.exe process from the task manager, but the command TASKKILL /F /IM csrss.exe in a .bat file doesn't work.

Is there another way to make a Windows machine crash on bsod? Maybe some external library able to kill any process.

I would prefer to use a command line approach since I'm more familiar with it.

csrss.exe: What does the csrss.exe process do?

What is the purpose of the csrss.exe (Client/Server Runtime Server Subsystem) on Windows?

Maybe someone could give a good explanation or pointers to documentation? Unfortunately Google results are pretty noisy when searching a core process of Windows.

The reason I'm asking is that I got a BSOD from my service application which seems to be related to the csrss.exe process, at least this is what the analysis of the memory dump shows:



csrss.exe: is ??c:windows path legitimate

I am going to check loading and memory path of process to find malicious processes. for example if csrss.exe is executaed from other path than windows/system32 would be considered malicious. But the result of volatility for common process such as csrss.exe is as follow:

loading path : ??C:WINDOWSsystem32csrss.exe

mapped path : WINDOWSsystem32csrss.exe

or for sms.exe I have

loading path : SystemRootSystem32smss.exe

mapped path : WINDOWSsystem32smss.

msiexec.exe: How to analyze the logfile in “msiexec.exe /i your.msi /L*v c:logfile.txt” inorder to fix e…

I have an application with version no: 1.0.1, which is an upgrade to the older version 1.0.0.

When I try to install the new version 1.0.1, when my system already has the older version 1.0.0 installed, I am getting the error 2869.

But if I uninstall the older version manually & than try to install the newer version, then it installs successfuly.
It dawned on me that this error is due to some exception in custom action. And hence I executed the following command


mmc.exe: Getting hwnd of MMC.exe started by ShellExecuteEX

I need to get hwnd of MMC.exe process, started with ShellExecuteEX. Notepad.exe or Calc.exe works fine using GetWindowThreadProcessId, but looks like for MMC.exe another proccess is elevated by UAC. How to get its new ProcessID?

extrac32.exe: Extracting .cab files

I want to extract all .cab files inside a particular folder in c# .net

static int ExtractCabFiles()


Console.WriteLine('Extracting Cab files');
string strCommand = @'extrac32.exe';
var strArrCabDetails = new string[3];
strArrCabDetails[0] = ConfigurationManager.AppSettings['Cab_Files_Path'];
strArrCabDetails[1] = '/L';
strArrCabDetails[2] = Configur

kernel32.dll: status failed for LdrLoadDll

I'am trying to work-out the LdrLoadDll function and am having no luck with that..i also googled for some examples there is no much documentation or correct example about this.I know what it exactly does..Please check the code below.

//declaration function pointer for LdrLoadDll
typedef NTSTATUS (_stdcall*fp_LdrLoadDll)(
OUT PHANDLE ModuleHandle );

//calling LdrLoadDll using

waol.exe: UFT is not recognizing Web Objects appropriately

My hard drive crashed and I had to perform a clean install of Windows. I installed UFT version 11.5 and I having issue with UFT identifying Internet Explorer Dialogs as Web Objects. It seems to be related only to windows that were opened through a Modal Dialog Process. If I launch a new test, the object repository can recognize the browser correctly, it is only objects under a Modal Window that are not being identified as web objects. They are being identified as WinObject : Internet Explorer_Se

winword.exe: Winword.exe ignores parameters AFTER one parameter with quotes

My problem from word command-line-arguments space problem seems to be a specific winword.exe problem. says: MyApp.exe 'alpha with spaces' 'beta with spaces' ==> MyApp.exe, alpha with spaces, beta with spaces

This is not true for winword.exe.

winword.exe /alpha:1 /beta:2 ==> OK
winword.exe '/alpha:1 space' '/beta:2' ==> beta is missing?!
winword.exe /alpha:'1 s

php.exe: Passing Multiple files on PHP.exe

I am working on some project using Apache Ant where I am also using PHP.exe to validate PHP syntax in PHP file.

I am validating the PHP file by using the command as below

php -l index-1.php

And itís working fine, showing me error when there is some PHP syntax error but the problem is php.exe is not supporting multiple files, it accept only 1 file

I need to pass multiple files. Do you have any solutions for this problem?

acrobat.exe: Trying to use MAX SQL function for versions with multiple decimal points

UPDATE: Now that I think about it, using MAX would just give me the latest version and the count numbers that were given for that latest version, not all counts and times added up for 'version 10. Please let me know if there is a way around this so I can add up all counts and times for version 10.*

use CM_CSA
SF.FileVersion as 'FileVersion',
MUS.UsageCount as 'UsageCount',
MUS.UsageTime as

start1.exe: Using Rx Repeat() and Replay() to cache and restart a DNS query

I'm a Rx newbie, so I hope you can bear with me. As an exercise for myself, and possibly a sample I can demonstrate for colleagues, I've done two wrapper ides for Dns.BeginGetHostEntry()/EndGetHostEntry(): DnsResolver and DnsResolverRx.

The ides each have a single public static method:

void Resolve(string host, Action<IPHostEntry> getResult, Control context = null);

...and some additional requirements to make it interesting:
1. if context is provided, getResult

wrapper.exe: Execute batch file(in turn executes exe) from powershell

I am trying to execute a install activeMq service from powershell, for which I am trying to call a batch file (which inturn calls the wrapper.exe) using:

& 'C:apache-activemq-5.6.0inwin64InstallService.bat'

I am getting ''wrapper.exe'' is not recognized as an internal or external command,or batch file'

But when I execute InstallService.bat from command prompt I am able to run the service

Any help would be appreciated


This web site and all information written here is for information purposes only, WITHOUT ANY VARANTY. YOU ARE USING THIS PAGES ON YOU OWN RISK. You should always verify the accuracy of information provided on this page. We pay a big attention to provide you with the correct information. However, many spyware and malware programs use filenames of usual, non-malware processes and DLLs. If we have included information about csrss.exe that is inaccurate, we would appreciate your help by getting us know about your user review. Also, web links to software and DLL vendors are provided just for your conform, and we cannot guarantee its accuracy nor relevance with DLL or process listed on this page. We are not affiliated with this pages. We are not responsible for misprints on this site or changes occured since this page was published. The product, software and operating system names mentioned on this web site, can be copyrighted and registered trademarks of their owners.