13
11
When I kill wininit.exe
, Windows 7 suddenly shuts down. Can someone explain this using Windows mechanics?
I feel like this might because the process provides something important, or this might be a security feature.
13
11
When I kill wininit.exe
, Windows 7 suddenly shuts down. Can someone explain this using Windows mechanics?
I feel like this might because the process provides something important, or this might be a security feature.
41
From Windows Internals, Part 1
Windows Initialization Process (Wininit.exe)
6+1 A sourced and detailed answer — what a rarity – kinokijuf – 2014-03-16T16:15:27.873
20
This is correct. wininit.exe
is flagged as critical.
and killing critical system processes is not allowed and Windows will bugcheck the system with CRITICAL_OBJECT_TERMINATION
7
A post on groovypost.com explains the origin of winit.exe
("Windows Initialize") and that today it primarily acts as a launcher for the majority of the background applications that are always running.
Look at the screenshot in that blog post which explains that killing the wininit.exe
process will also affect anything that was launched by that process:
[...] wininit.exe is a critical system process the Windows requires in order to function. Ending this process will likely result in a critical system error in which you’ll need to restart your computer. As you can see in the chart below, wininit.exe is at the top of the process tree for all of windows services, including svchost.exe.
2But killing a process in Windows does not force termination of the processes it's created. Windows doesn't work that way. – Jamie Hanrahan – 2014-08-11T02:37:41.120
3
The wininit.exe
process is the windows start up application which is found in the %systemroot%\system32
folder (in most systems, %systemroot% maps to C:\Windows).
During boot, the smss.exe process creates wininit, which in turn create the lsass.exe (Local Security Authority Subsystem), services.exe (the services controller manager), and lsm.exe (Local Session Manager).
Like the csrss.exe
process, termination of the wininit.exe process will crash the machine with STOP Code 0xF4 (CRITICAL_OBJECT_TERMINATION) (but interestingly, suspending the process is possible).
Since wininit.exe is in the system32 folder, if wininit.exe is found outside of it's folder (in C:\Windows\ or in your application data folder), then it is most likely malicious.
This just duplicates David Marshall’s answer. – kinokijuf – 2014-03-16T21:20:49.957
2@kinokijuf, still 10 reps earned (and that's just so far), not bad =) – Andrew Savinykh – 2014-03-17T09:16:45.550
This is pure speculation, but I'd guess wininit is similar to linux's init. This starts every other running process (and they are therefore its child processes), so killing it shuts down every process - thereby shutting down the system. – w4etwetewtwet – 2014-03-16T13:57:28.967
5That speculation is wrong, and there is a specific Windows NT mechanism at play here, as mentioned in some of the answers. – JdeBP – 2014-03-16T14:50:56.183
7To a lot of people, killing
wininit.exe
(a system process) causing a crash is not at all a surprise, so you may want to explain why you have asked the question at all. It is analogous to asking Hey, why does my system turn off when I yank out the power cord?; there is a perfectly good, but too obvious answer, so some people may think it is silly and pointless. My best guess why you are asking is because you think it is supposed to be only part of the boot process because of the name, and so you expect it to not be used after a successful boot up. – Synetech – 2014-03-16T21:39:11.130@Synetech I do not find the matter as transparent as you seem to. – Simon Kuang – 2014-03-17T19:07:15.270
1Sure, but a remark about why you find it surprising would lend more credence to the question. Sometimes people ask questions that seem too obvious which are looked down upon because others think that the poster is not really looking for an answer and is only trying to farm some rep points. Your question could fall in either category, and I just thought an explanation of your confusion would help clarify. This question seems obvious because
wininit.exe
is a high-priority, protected,SYSTEM
process and not easily ended, so it should not be a surprise that it causes problems if killed. – Synetech – 2014-03-18T01:23:41.780