RtlStringCchCatEx function

The RtlStringCchCatExW and RtlStringCchCatExA functions concatenate two character-counted strings.


NTSTATUS RtlStringCchCatEx(
  _Inout_opt_ LPTSTR  pszDest,
  _In_        size_t  cchDest,
  _In_        LPCTSTR pszSrc,
  _Out_opt_   LPTSTR  *ppszDestEnd,
  _Out_opt_   size_t  *pcchRemaining,
  _In_        DWORD   dwFlags


pszDest [in, out, optional]

A pointer to a buffer which, on input, contains a null-terminated string to which pszSrc will be concatenated. On output, this is the destination buffer that contains the entire resultant string. The string at pszSrc is added to the end of the string at pszDest and terminated with a null character. The pszDest pointer can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.

cchDest [in]

The size of the destination buffer, in characters. The maximum number of characters allowed is NTSTRSAFE_MAX_CCH. If pszDest is NULL, cchDest must be zero.

pszSrc [in]

A pointer to a null-terminated string. This string will be concatenated to the end of the string that is contained in the buffer at pszDest. The pszSrc pointer can be NULL, but only if STRSAFE_IGNORE_NULLS is set in dwFlags.

ppszDestEnd [out, optional]

If the caller supplies a non-NULL address pointer, then after the concatenation operation completes, the function loads that address with a pointer to the destination buffer's resulting null string terminator.

pcchRemaining [out, optional]

If the caller supplies a non-NULL address pointer, the function loads the address with the number of unused characters that are in the buffer pointed to by pszDest, including the terminating null character.

dwFlags [in]

One or more flags and, optionally, a fill byte. The flags are defined as follows:


If set and the function succeeds, the low byte of dwFlags is used to fill the portion of the destination buffer that follows the terminating null character.


If set, either pszDest or pszSrc, or both, can be NULL. NULL pszSrc pointers are treated like empty strings (TEXT("")), which can be copied. NULL pszDest pointers cannot receive nonempty strings.


If set and the function fails, the low byte of dwFlags is used to fill the entire destination buffer, and the buffer is null-terminated. This operation overwrites any preexisting buffer contents.


If set and the function fails, the destination buffer is set to an empty string (TEXT("")). This operation overwrites any preexisting buffer contents.


If set and the function returns STATUS_BUFFER_OVERFLOW, the contents of the destination buffer are not modified.


Return value

The function returns one of the NTSTATUS values that are listed in the following table. For information about how to test NTSTATUS values, see Using NTSTATUS Values.

Return codeDescription

This success status means source data was present, the output string was created without truncation, and the resultant destination buffer is null-terminated.


This warning status means the operation did not complete due to insufficient space in the destination buffer. If STRSAFE_NO_TRUNCATION is set in dwFlags, the destination buffer is not modified. If the flag is not set, the destination buffer contains a truncated version of the created string.


This error status means the function received an invalid input parameter. For more information, see the following paragraph.

The function returns the STATUS_INVALID_PARAMETER value when:

  • An invalid flag was specified.
  • The value in cchDest is larger than the maximum buffer size.
  • The destination buffer was already full.
  • A NULL pointer was present without the STRSAFE_IGNORE_NULLS flag.
  • The destination buffer pointer was NULL, but the buffer size was not zero.
  • The destination buffer pointer was NULL, or its length was zero, but a nonzero length source string was present.



RtlStringCchCatExW and RtlStringCchCatExA should be used instead of the following functions:

  • strcat

  • wcscat

The size, in characters, of the destination buffer is provided to ensure that RtlStringCchCatExW and RtlStringCchCatExA do not write past the end of the buffer.

RtlStringCchCatExW and RtlStringCchCatExA add to the functionality of RtlStringCchCat by returning a pointer to the end of the destination string, as well as the number of characters left unused in the destination buffer. Flags can be passed to the function for additional control.

Use RtlStringCchCatExW to handle Unicode strings and RtlStringCchCatExA to handle ANSI strings. The form you use depends on your data.

String data typeString literalFunction








If pszSrc and pszDest point to overlapping strings, the behavior of the function is undefined.

Neither pszSrc nor pszDest can be NULL unless the STRSAFE_IGNORE_NULLS flag is set, in which case either or both can be NULL. If pszDest is NULL, pszSrc must either be NULL or point to an empty string.

For more information about the safe string functions, see Using Safe String Functions.


Target platform



Available in Windows XP with Service Pack 1 (SP1) and later versions of Windows.


Ntstrsafe.h (include Ntstrsafe.h)





Unicode and ANSI names

RtlStringCchCatExW (Unicode) and RtlStringCchCatExA (ANSI)

See also




Send comments about this topic to Microsoft