Geoff Chappell, Software Analyst
The CSRSS Server DLL that is built in to CSRSRV.DLL has never offered many API routines and most have long been implemented just as failing trivially. One, however, is vital. As with any API routine in any CSR server DLL, these can be called from a CSRSS client through the NTDLL function CsrClientCallServer and may be allowed as calls from other DLLs in the server process through the CSRSRV function CsrCallServerFromServer.
The CSRSRV API routines each have the prototype
ULONG ApiRoutine (CSR_API_MSG *, CSR_REPLY_STATUS *);
The caller selects a routine by specifying an API number. The high word is a 0-based index which is necessarily 0 for the built-in server as a CSRSS server DLL. Whatever symbolic names Microsoft has for the API numbers as constants to use when calling the corresponding API routines are not known. The table below gives only the name of each API routine as known from public symbol files for CSRSRV.DLL.
API Number | API Routine | Versions | Remarks |
---|---|---|---|
0x00000000 (3.10 to 4.0) | CsrSrvNullApiCall | 3.10 to 4.0 | |
0x00000001 (3.10 to 4.0); 0x00000000 |
CsrSrvClientConnect | all | |
0x00000002 (3.10 to 3.51); 0x00000001 |
CsrSrvThreadConnect | 3.10 to 3.51 | |
CsrSrvUnusedFunction | 5.0 and higher | fails trivially; invalid as server call |
|
0x00000003 (3.10 to 4.0); 0x00000002 |
CsrSrvProfileControl | 3.10 to 4.0 | fails trivially in 3.51 to 4.0 |
CsrSrvUnusedFunction | 5.0 and higher | fails trivially; invalid as server call in 5.2 and higher |
|
0x00000004 (3.10 to 4.0); 0x00000003 |
CsrSrvIdentifyAlertableThread | 3.10 to 5.1 | |
CsrSrvUnusedFunction | 5.2 and higher | fails trivially; invalid as server call |
|
0x00000005 (3.10 to 4.0); 0x00000004 |
CsrSrvSetPriorityClass | 3.10 to 5.1 | succeeds trivially in 5.0 to 5.1 |
CsrSrvUnusedFunction | 5.2 and higher | fails trivially; invalid as server call |
CSRSS was soon relieved of any role in profiling, such that the API routine CsrSrvProfileControl is implemented for trivial failure as early as version 3.51. When version 4.0 greatly reduced the involvement of CSRSS in thread management, the CsrSrvThreadConnect routine was not just made to fail but was instead removed: its API number was not reassigned, but the corresponding pointer in the dispatch table is NULL.
When version 5.0 removed the CsrSrvNullApiCall, for which no use is known in any version, it resequenced the API numbers. Perhaps with a view to not changing them ever again, it also formalises the retention of API numbers as mere placeholders for API routines that have no use. As each API number is taken out of use, the original API routine is removed and its place in the dispatch table is redirected to CsrSrvUnusedFunction. By version 5.2, CSRSRV has only one API routine that is not so redirected.