tombkeeper(t0mbkeeper_at_hotmail.com)
/*MSNMessenger的口令是经过DPAPI加密后保存在注册表中的
*这个程序演示解码过程
*tombkeeper[0x40]nsfocus[0x2e]com
*tombkeeper[0x40]xfocus[0x2e]net
*2004.08.11
*/
#include
#pragmacomment(lib,"Advapi32.lib")
#defineFCHK(a)if(!(a)){printf(#a"failed\n");return0;}
typedefstruct_CRYPTOAPI_BLOB{
DWORDcbData;
BYTE*pbData;
}DATA_BLOB;
typedefstruct_CRYPTPROTECT_PROMPTSTRUCT{
DWORDcbSize;
DWORDdwPromptFlags;
HWNDhwndApp;
LPCWSTRszPrompt;
}CRYPTPROTECT_PROMPTSTRUCT,*PCRYPTPROTECT_PROMPTSTRUCT;
typedefBOOL(WINAPI*PCryptUnprotectData)(
DATA_BLOB*pDataIn,
LPWSTR*ppszDataDescr,
DATA_BLOB*pOptionalEntropy,
PVOIDpvReserved,
CRYPTPROTECT_PROMPTSTRUCT*pPromptStruct,
DWORDdwFlags,
DATA_BLOB*pDataOut
);
PCryptUnprotectDataCryptUnprotectData=NULL;
intmain(void)
{
intret;
HMODULEhNtdll;
HKEYhKey;
DWORDdwType;
charData[0x100]={0};
DWORDdwSize;
DATA_BLOBDataIn;
DATA_BLOBDataOut;
ret=RegOpenKeyEx
(
HKEY_CURRENT_USER,
"Software\\Microsoft\\MSNMessenger",
0,
KEY_READ,