| ÀúÀÚ |
±Ã±àÇÑ°Ô ¸¹½À´Ï´Ù µµ¿òÁ» |
Anonymous (0)
ºñȸ¿ø
|  °Ô½ÃÀÏ: 2004-02-23 19:34| |
À½
¾Æ ¸ÕÀú¿ä tasklist /svc ÀÌ°Å cmd â¿¡¼ Ãƴµ¥
¾Æ¹«°Íµµ ³ª¿ÀÁö¾Ê¾Æ¼ svchost¸¦ ¾ø¾ÖÁö ¸øÇÏ¿´½À´Ï´Ù.
±×¸®°í ÀÛ¾÷°ü¸®ÀÚ¿¡ °¡¸é ¹«Áö ¸¹Àº°ÔÀִµ¥ °Å±âÁß¿¡
lsass.exe smss.exe csrss.exe spools.exe ÀÌ·±°Ô ¶ß´Âµ¥¿ä ÀÌ°Ô ´Ù ¹«¾ùÀΰ¡¿ä ´Ù ¾ø¾Ö°í½ÍÀºµ¥ µµ¿ÍÁÖ¼¼¿ä^^ | |
|
Anonymous (0)
ºñȸ¿ø
| °Ô½ÃÀÏ: 2004-02-23 23:30||
Windows XP Professional Resource Kit(Second Edition)¿¡¼ Àοë.
¹ø¿ªÇϱⰡ Èûµé¾î¼,,, ±×³É Àо¸é ¾Ë¼ö ÀÖÀ¸¸®¶ó »ý°¢µË´Ï´Ù.(Àú¸¸ ±×·±°¡?)
lsass.exe : Local Security Authority (LSA)
A protected subsystem that authenticates and logs users on to the local system. In addition, the LSA maintains information about all aspects of local security on a system (collectively known as the local security policy), and provides various services for translation between names and identifiers.
smss.exe : Session Manager
After all entries that have Boot and Startup data types are processed, the kernel starts Session Manager. Session Manager (Smss.exe) performs important initialization functions, such as:
Creating system environment variables.
Starting the kernel-mode portion of the Windows subsystem (implemented by systemroot\System32\Win32k.sys), which causes Windows XP Professional to switch from text mode to graphics mode. Windows-based applications run in the Windows subsystem. This environment allows applications to access operating system functions, such as displaying information to the screen.
Starting the user-mode portion of the Windows subsystem (implemented by systemroot\System32\Csrss.exe).
Starting the Logon Manager (systemroot\System32\Winlogon.exe).
Creating additional virtual memory paging files.
Performing delayed rename operations for files listed in the registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations. For example, you might be prompted to restart the computer after installing a new driver or application so that Windows XP Professional can replace the file in use.
The Windows subsystem and the applications that run within it are user mode processes; they do not have direct access to hardware or device drivers. User-mode processes run at a lower priority than kernel-mode processes. When the operating system needs more memory, it can page to disk the memory that is used by user-mode processes. For more information about user-mode and kernel-mode components, see ¡°Common Stop Messages for Troubleshooting¡± in this book.
Session Manager searches the registry for service information that is contained in the following subkeys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager contains a list of commands to run before loading services. The Autochk.exe tool is specified by the value of the BootExecute entry and virtual memory (paging file) settings stored in the Memory Management subkey. Autochk, which is a version of the Chkdsk tool, runs at startup if the operating system detects a file system problem that requires repair before completing the startup process. For more information about Autochk and Chkdsk, see ¡°Troubleshooting Disks and File Systems¡± in this book.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Subsystems contains a list of available subsystems. For example, Csrss.exe contains the user-mode portion of the Windows subsystem.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename. The Service Control Manager initializes services that the Start entry designates as Auto-load.
csrss.exe : Client/Server Runtime Subsystem
Windows client server run-time subsystem handles Windows and graphics functions for all subsystems
spoolsv.exe : Spooler SubSystem App
The spooler processes include:
The client side of the spooler (Winspool.drv) makes a remote procedure call (RPC) call to the server side spooler (Spoolsv.exe).
Spoolsv.exe calls the print router (Spoolss.dll).
The router (Localspl.dll) sends the print job to the local print provider (LPP) or the remote print server if the job is being sent to a network printer.
The LPP polls print processors to find one that can handle the data type of the job.
The LPP sends the job to the print processor, which modifies the job as required to make it print properly.
The print processor sends the job to the page separator. A separator page is added if required.
The job is sent to the appropriate port print monitor. If print is bidirectional, the job is first sent to a language monitor, such as the Printer Job Language (PJL) monitor, and then sent on to the port monitor. If the job is unidirectional, the job is sent directly to the port monitor.
nulllsass.exesmss.exesmss.exenull |
Anonymous (0)
ºñȸ¿ø
| °Ô½ÃÀÏ: 2004-02-23 23:39||
Çæ Á»Àü¿¡ °Ë»öÇÒ¶© Çѱ۷ΠµÈ »çÀÌÆ®°¡ ¾Èº¸ÀÌ´õ´Ï Áö±Ý °Ë»öÇغ¸´Ï Çѱ۷ΠµÈ °÷ÀÌ Àֳ׿ä....¤Ì¤Ì
°ü¸®ÀÚ´Ô À§¿¡ ¿µ¾î·Î µÈ°Å »èÁ¦ ºÎŹµå¸³´Ï´Ù. À̰͵µ ¿µ¾î°¡ Æ÷ÇԵǾîÀÖÁö¸¸ À§¿¡°Å º¸´Ù´Â
http://www.ezbox.net/windows/¿¡¼ ÀοëÇß½À´Ï´Ù.
Csrss.exe - You cannot end this process from Task Manager.
This is the user-mode portion of the Win32 subsystem (with Win32.sys being the kernel-mode portion). Csrss stands for client/server run-time subsystem and is an essential subsystem that must be running at all times. Csrss is responsible for console windows, creating and/or deleting threads, and some parts of the 16-bit virtual MS-DOS environment.
Csrss´Â Client/Server Runtime SubSystemÀÇ ¾àÀڷμ, À©µµ¿ì ÄܼÖÀ» °üÀåÇÏ°í, ¾²·¹µå¸¦ »ý¼º/»èÁ¦Çϸç, 16bit °¡»ó MS-DOS ¸ðµå¸¦ Áö¿øÇÏ´Â Win32 ¼ºê½Ã½ºÅÛÀÇ À¯Àú¸ðµåÀÔ´Ï´Ù.
Explorer.exe - You can end this process from Task Manager.
This is the user shell, which we see as the familiar taskbar, desktop, and so on. This process isn't as vital to the running of Windows as you might expect, and can be stopped (and restarted) from Task Manager, usually with no negative side effects on the system.
ÀÛ¾÷Ç¥½ÃÁÙ, ¹ÙÅÁÈ¸é µî°ú °°Àº À¯Àú ½©À» Áö¿øÇÏ´Â ÇÁ·Î¼¼½º·Î ÀÛ¾÷°ü¸®ÀÚ¸¦ ÅëÇØ ÁßÁöµÉ ¼ö ÀÖ½À´Ï´Ù.
Internat.exe - You can end this process from Task Manager.
Internat.exe runs at startup; it loads the different input locales specified by the user. The locales to be loaded are taken from the following registry key:
HKEY_USERS\.DEFAULT\Keyboard Layout\Preload
Internat.exe loads the "EN" icon into the system tray, allowing the user to easily switch between locales. This icon disappears when the process is stopped, but the locales can still be changed through Control Panel.
»ç¿ëÀÚ¿¡ µû¸¥ ÀÔ·Â ·ÎÄÉÀÏÀ» ·ÎµåÇÕ´Ï´Ù.
Lsass.exe - You cannot end this process from Task Manager.
This is the local security authentication server, and it generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.
Lsass´Â Local Security Authentication ServerÀÇ ¾àÀڷμ, Winlogon ¼ºñ½º¿¡ ÇÊ¿äÇÑ ÀÎÁõ ÇÁ·Î¼¼½º¸¦ ´ã´çÇÕ´Ï´Ù. ÀÌ °úÁ¤Àº Msgina.dll°ú °°Àº ÀÎÁõ ÆÐÅ°Áö¸¦ ÀÌ¿ëÇÏ¿© ÀÌ·ç¾îÁý´Ï´Ù. ÀÎÁõÀÌ ¼º°øÀûÀ¸·Î ÀÌ·ç¾îÁö¸é Ãʱ⠽©À» ½ÇÇàÇϴµ¥ »ç¿ëµÇ´Â »ç¿ëÀÚ ¾×¼¼½º ÅäÅ«À» »ý¼ºÇÏ°í, »ç¿ëÀÚ°¡ ÃʱâÈÇÏ´ÀÇÏ´Â ´Ù¸¥ ÇÁ·Î¼¼½ºµéÀº ÀÌ ÅäÅ«À» »ó¼Ó¹Þ°Ô µË´Ï´Ù.
Mstask.exe - You cannot end this process from Task Manager.
This is the task scheduler service, responsible for running tasks at a time predetermined by the user.
Mstask´Â ÀÛ¾÷ ½ºÄÉÁì·¯ ¼ºñ½ºÀÔ´Ï´Ù.
Smss.exe - You cannot end this process from Task Manager.
This is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes and setting system variables. After it has launched these processes, it waits for either Winlogon or Csrss to end. If this happens "normally," the system shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang).
Smss´Â Session Manager SubSystemÀÇ ¾àÀڷμ, »ç¿ëÀÚ ¼¼¼ÇÀ» ½ÃÀÛÇÏ´Â ±â´ÉÀ» ´ã´çÇÕ´Ï´Ù. ÀÌ ÇÁ·Î¼¼½º´Â ½Ã½ºÅÛ ¾²·¹µå¿¡ ÀÇÇØ ½ÇÇàµÇ¸ç, Winlogon, Win32(Csrss.exe)À» ±¸µ¿½ÃÅ°°í, ½Ã½ºÅÛ º¯¼ö¸¦ ¼³Á¤ÇÕ´Ï´Ù. ÀÌ·¯ÇÑ °úÁ¤ÀÌ ³¡³ª¸é, Smss´Â WinlogonÀ̳ª Csrss°¡ ³¡³ª±â¸¦ ±â´Ù·Á, Á¤»óÀûÀÎ Winlogon/Csrss Á¾·á½Ã ½Ã½ºÅÛÀ» Á¾·á½ÃÅ°¸ç, ºñÁ¤»óÀûÀÎ Winlogon/Csrss Á¾·á½Ã, ½Ã½ºÅÛÀÌ ¸Ü´Â »óÅ°¡ µË´Ï´Ù. (System Hang)
Spoolsv.exe - You cannot end this process from Task Manager.
The spooler service is responsible for managing spooled print/fax jobs.
ÇÁ¸°ÅÍ ¹× ÆѽºÀÇ Spooling ±â´ÉÀ» ´ã´çÇÕ´Ï´Ù.
Svchost.exe - You cannot end this process from Task Manager.
This is a generic process, which acts as a host for other processes running from DLLs; therefore, don't be surprised to see more than one entry for this process. To see what processes are using Svchost.exe, use Tlist.exe from the Windows 2000 CD-ROM; the syntax is tlist -s at the command prompt.
For more information, see the following article : 250320 Description of Svchost.exe in Windows 2000
Svchost´Â DLL·ÎºÎÅÍ ½ÇÇàµÇ´Â ´Ù¸¥ ÇÁ·Î¼¼½ºµéÀÇ host ¿ªÇÒÀ» ÇØ ÁÝ´Ï´Ù. µû¶ó¼ ÀÛ¾÷°ü¸®ÀÚÀÇ ÇÁ·Î¼¼½º â¿¡´Â Çϳª ÀÌ»óÀÇ Svchost.exe°¡ Á¸ÀçÇÒ ¼ö ÀÖ½À´Ï´Ù. ½ÇÁ¦·Î ¾î¶² ÇÁ·Î¼¼½ºµéÀÌ Svchost»ó¿¡¼ ½ÇÇàµÇ°í ÀÖ´ÂÁö È®ÀÎÇϱâ À§Çؼ´Â, tlist -s ¸í·É¾î¸¦ »ç¿ëÇÏ¸é µË´Ï´Ù.
Services.exe - You cannot end this process from Task Manager.
This is the Services Control Manager, which is responsible for starting, stopping, and interacting with system services.
Service Control Manager·Î¼, ½Ã½ºÅÛ ¼ºñ½ºµéÀ» ½ÃÀÛ/Á¤Áö½ÃÅ°°í, ±×µé°£ÀÇ »óÈ£ÀÛ¿ëÇÏ´Â ±â´ÉÀ» ¼öÇàÇÑ´Ù.
System - You cannot end this process from Task Manager.
Most system kernel-mode threads run as the System process.
´ëºÎºÐÀÇ Ä¿³Î¸ðµå ¾²·¹µåµéÀÇ ½ÃÀÛÁ¡ÀÌ µÇ´Â ÇÁ·Î¼¼½ºÀÔ´Ï´Ù.
System Idle Process - You cannot end this process from Task Manager.
This process is a single thread running on each processor, which has the sole task of accounting for processor time when the system isn't processing other threads. In Task Manager, expect this process to account for the majority of processor time.
°¢ CPU¸¶´Ù Çϳª¾¿ ½ÇÇàµÇ´Â ¾²·¹µå·Î¼, (°³Àοë ÄÄÇ»ÅÍÀÇ °æ¿ì CPU°¡ ¿©·¯ °³ µé¾î°¡ ÀÖÁö´Â ¾Ê°ÚÁÒ?), ¸» ±×´ë·Î idle ÇÁ·Î¼¼½ºÀÔ´Ï´Ù. ³î°í ÀÖ´Ù´Â ¾ê±âÁÒ. System Idle ProcessÀÇ CPU Á¡À¯À²ÀÌ ³ôÀ»¼ö·Ï, ÄÄÅÍ°¡ ¸¹ÀÌ ³î°í ÀÖ´Ù´Â ¶æÀÔ´Ï´Ù.
Taskmgr.exe - You can end this process from Task Manager.
This is the process for Task Manager itself.
Task Manager Áï, ÀÛ¾÷°ü¸®ÀÚ ÀÚ½ÅÀÔ´Ï´Ù.
Winlogon.exe - You cannot end this process from Task Manager.
This is the process responsible for managing user logon and logoff. Moreover, Winlogon is active only when the user presses CTRL+ALT+DEL, at which point it shows the security dialog box.
»ç¿ëÀÚ ·Î±×ÀÎ/·Î±×¿ÀÇÁ¸¦ ´ã´çÇÏ´Â ÇÁ·Î¼¼½ºÀÔ´Ï´Ù. À©µµ¿ìÀÇ ½ÃÀÛ/Á¾·á½Ã¿¡ È°¼ºÈ µÇ¸ç, ¶ÇÇÑ Ctrl-Alt-DelÀ» ´·¶À» °æ¿ì¿¡µµ È°¼ºÈµË´Ï´Ù.
Winmgmt.exe - You cannot end this process from Task Manager.
Winmgmt.exe is a core component of client management in Windows 2000. This process initializes when the first client application connects or continuously when management applications request its services.
Ŭ¶óÀ̾ðÆ® °ü¸®ÀÇ ÇÙ½É ¿ä¼ÒÀÔ´Ï´Ù.
Many of the processes that cannot be ended from Task Manager can be ended using the Resource Kit utility kill.exe. However, this command may cause system failure or other unwanted side effects.
À§¿¡ ±â¼úÇÑ ÇÁ·Î¼¼½ºµé Áß¿¡¼, ÀÛ¾÷°ü¸®ÀÚ¿¡¼ [ÇÁ·Î¼¼½º ³¡³»±â]·Î Á¾·á½Ãų ¼ö ÀÖ´Â ÇÁ·Î¼¼½º´Â Explorer.exe, Internat.exe, Taskmgr.exe »ÓÀÔ´Ï´Ù.
³ª¸ÓÁö ÇÁ·Î¼¼½ºµéÀº À©µµ¿ì¸¦ Á¤»óÀûÀ¸·Î ¿î¿µÇϴµ¥ ÀÖ¾î ÇʼöÀûÀÎ ÇÁ·Î¼¼½ºµé·Î¼, ÀÛ¾÷°ü¸®ÀÚ¿¡¼ Á¾·á½Ãų ¼ö ¾ø½À´Ï´Ù. ´Ü, ÀÌ·¯ÇÑ ÇÁ·Î¼¼½ºµéµµ Resource KitÀÇ kill.exe ¸í·ÉÀ¸·Î °Á¦Á¾·á½Ãų ¼ö´Â ÀÖÁö¸¸, ½Ã½ºÅÛ ´Ù¿îÀ» À¯¹ßÇϰųª, ´Ù¸¥ ºÎÀÛ¿ëÀ» ³ºÀ» ¼ö ÀÖ½À´Ï´Ù.
|
Anonymous (0)
ºñȸ¿ø
| °Ô½ÃÀÏ: 2004-02-23 23:42||
Àúµµ tasklist /svcÃĵµ »ç¿ëÇÒ¼ö ÀÖ´Â ¸í·É¾î°¡ ¾Æ
´Ï¶ó°í ³ª¿À´Âµ¥¿ä... |
Anonymous (0)
ºñȸ¿ø
| °Ô½ÃÀÏ: 2004-02-25 20:19||
À¢»ðÁú
http://www.microsoft.com/korea/technet/prodtechnol/windows2000serv/deploy/prodspecs/win2ksvc.asp
¼¹ö ¹öÀüÀ̶ó ÇÁ·Î¹öÀü°ú Â÷ÀÌ°¡ ÀÖÀ»¼öÀÖ½À´Ï´Ù
http://qaos.com/sections.php?op=viewarticle&artid=183
¿©±â QAOS °Á¶õ¿¡ ÀÖ´Â °ÍÀε¥ ÀϹÝÀûÀÎ »ç¿ëÀÚ¶ó¸é À̰͸¸ ºÁµµµË´Ï´Ù | |
| |
| |
(