fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Windows 2008 System Files

Below lists the core Windows 2008 system files. The list "Core System Files" was derived from the "System Files" list (found here). The "System Files" list was obtained using the "file name" XML tags within %WinDir%\WinSxS\Backup\*.manifest. The %WinDir%\WinSxS\Backup is a cache storage for backing up critical system files that are needed to start Windows, as implemented by the WRP (Windows Resource Protection) system.

Core System Files

FILE  PATH DESCRIPTION
advapi32.dll  %SYSTEMROOT%\system32\ Part of the advanced API library.
command.com %SYSTEMROOT%\system32\ DOS Interpreter language.
config.sys  %SYSTEMROOT%\ Boot-up System environment configuration.
csrss.exe  %SYSTEMROOT%\system32\ The main executable for the Microsoft Client/Server Run-time Server Subsystem. 
himem.sys %SYSTEMROOT%\system32\ Used for addressing memory in the high memory area.
hosts  %SYSTEMROOT%\system32\drivers Hosts file used for name to IP mappings.
lsass.exe  %SYSTEMROOT%\system32 Used to enforce the systems security policy. 
ntoskrnl.exe  %SYSTEMROOT%\system32\ Kernel Image for the NT family of operating systems.
samlib.dll  %SYSTEMROOT%\system32\ Used for a subset of the windows login and security process.
samsrv.dll  %SYSTEMROOT%\system32\ Used for a subset of the windows login process.
services  %SYSTEMROOT%\system32\ Used for Standard Windows Services.
services.exe  %SYSTEMROOT%\system32\ Used for Standard Windows Services.
shell.dll %SYSTEMROOT%\ Used as part of the Windows shell and is responsible for such things as the start menu and the taskbar.
shell32.dll %SYSTEMROOT%\system32\ Used as part of the Windows shell, containing components such as dialog boxes, icons, menus etc.
smss.exe  %SYSTEMROOT%\system32\ This is the session manager subsystem, which is responsible for starting the user session. 
system.ini  %SYSTEMROOT% Used in the early versions of Windows to load device drivers and the Program Manager/Windows Explorer. Kept for backwards compatibility. 
wininit.exe  %SYSTEMROOT%\system32\ Used to start the main background services such as scm, lsass and lsm.exe.
winlogon.exe  %SYSTEMROOT%\system32\ Responsible for logon and logoff operations.


Note : Windows 2008 R2 has a slightly varied list of system files which can be found here.

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001