Geoff Chappell, Software Analyst
The CsrAllocateMessagePointer function obtains space in a capture buffer such that the allocated space is pointed to from within an API message.
ULONG CsrAllocateMessagePointer ( PVOID CaptureBuffer, ULONG Size, PVOID *Pointer);
The CaptureBuffer argument is the address of a capture buffer, as obtained from calling CsrAllocateCaptureBuffer.
The Size argument tells how many bytes are required from free space in the capture buffer.
The Pointer argument is the address of a variable that is to receive a pointer to the allocated space. The intention is that this variable is in the API message.
The function returns the size in bytes that has been obtained for the message, else it returns zero for failure.
The CsrAllocateMessagePointer function is exported by name from NTDLL.DLL in all known Windows versions, i.e., starting from version 3.10.
The CsrAllocateMessagePointer function is not documented. Neither is Microsoft known to have disclosed a C-language declaration in any header from any publicly released kit for software development.
IN PROGRESS