CsrAllocateCaptureBuffer

The CsrAllocateCaptureBuffer function obtains a capture buffer such as can be sent as extra data with a message to the CSRSS server.

Declaration 

PVOID 
CsrAllocateCaptureBuffer (
    ULONG MaxMessagePointers, 
    ULONG Size);

in version 5.0 and higher, but 

PVOID 
CsrAllocateCaptureBuffer (
    ULONG MaxMessagePointers, 
    ULONG MaxCapturePointers, 
    ULONG Size);

in versions 3.10 to 4.0.

Parameters

The MaxMessagePointers and MaxCapturePointers arguments tell respectively how many message and capture pointers to allow for. Both types of pointers point into the capture buffer. Message pointers are in the message. Capture pointers are in the capture buffer.

The Size argument tells how many bytes to allow for allocations from within the capture buffer.

Return Value

The function returns the address of the allocated capture buffer, else it returns NULL for failure.

The capture buffer begins with a CSR_CAPTURE_HEADER structure, but it is here thought that the function hides this as an implementation detail. The caller does not manipulate the structure but passes the returned address to other functions, e.g., CsrAllocateCapturePointer, CsrAllocateMessagePointer and CsrCaptureMessageBuffer for further work on the capture buffer, and eventually to CsrClientCallServer to include the capture buffer when sending a message to the server.

Availability

The CsrAllocateCaptureBuffer function is exported by name from NTDLL.DLL in all known Windows versions, i.e., starting from version 3.10.

Documentation Status

The CsrAllocateCaptureBuffer function is not documented. Neither is Microsoft known to have disclosed a C-language declaration in any header from any publicly released kit for software development.

Behaviour

IN PROGRESS

This page was created on 25th June 2019 and was last modified on 26th June 2019.

Copyright © 2019. Geoff Chappell. All rights reserved. Conditions apply.