» An ultimate catalog of computer data
Forum posts for csrss.exe
is ??c:windows path legitimate
I am going to check loading and memory path of process to find malicious processes. for example if csrss.exe is executaed from other path than windows/system32 would be considered malicious. But the result of volatility for common process such as csrss.exe is as follow:
loading path : ??C:WINDOWSsystem32csrss.exe
mapped path : WINDOWSsystem32csrss.exe
or for sms.exe I have
loading path : SystemRootSystem32smss.exe
mapped path : WINDOWSsystem32smss.exe
So are these two paths equal in these two examples or not ? i.e. is ??C:WINDOWS==WINDOWS
or SystemRootSystem32 == WINDOWSsystem32
View complete forum thread with replies
Other posts related to csrss.exe
See Related Forum Messages: Follow the Links Below to View Complete Thread
Is it possible to get the “Image Path Name” of csrss.exe which is a SYSTEM process?
Hunting down application errors coming from csrss.exe
batch or vbs forced BSOD
Is there a way to inject behavior to csrss.exe and modify/enhance windows console?
make a windows 7 machine crash on BSOD
What does the csrss.exe process do?
is ??c:windows path legitimate