This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <comdef.h>
#include <ActiveDS.h>
#include <dpapi.h>
#include <ncryptprotect.h>
#include <strsafe.h>
SECURITY_STATUS __stdcall Pfncryptstreamoutputcallback(
void\* pvCallbackCtxt,
const BYTE\* pbData,
SIZE\_T cbData,
BOOL fFinal
) {
std::cout << "Total Objects: 12 " << "\n";
// Assuming you have already allocated memory for the data buffer
for (size\_t i = 0; i < cbData; ++i) {
printf("%c", pbData[i]);
}
// Don't forget to free the allocated memory
return ERROR\_SUCCESS;
}
int _tmain(int argc, _TCHAR* argv[])
{
CoInitialize(NULL);
HRESULT hr = S\_OK;
IDirectorySearch\* pDirSearch = NULL;
LPCWSTR username = L"xxx";
LPCWSTR password = L"xxx!";
LPWSTR path = L"LDAP://xxxx/DC=xxx,DC=com";
hr = ADsOpenObject(path, username, password, ADS\_SECURE\_AUTHENTICATION, IID\_IDirectorySearch, (void\*\*)&pDirSearch);
if (SUCCEEDED(hr))
{
LPWSTR QueryStr = new WCHAR[256];
wcscpy(QueryStr, L"(cn=G-TEAM)");
LPWSTR attributes[] = { L"distinguishedName", L"msLAPS-EncryptedPassword" };
DWORD attributeCount = sizeof(attributes) / sizeof(LPWSTR);
ADS\_SEARCH\_HANDLE hSearch2;
ADS\_SEARCH\_COLUMN col{};
ADS\_SEARCHPREF\_INFO SearchPref[3];
SearchPref[0].dwSearchPref = ADS\_SEARCHPREF\_SEARCH\_SCOPE;
SearchPref[0].vValue.dwType = ADSTYPE\_INTEGER;
SearchPref[0].vValue.Integer = ADS\_SCOPE\_SUBTREE;
SearchPref[1].dwSearchPref = ADS\_SEARCHPREF\_PAGESIZE;
SearchPref[1].vValue.dwType = ADSTYPE\_INTEGER;
SearchPref[1].vValue.Integer = 1000;
SearchPref[2].dwSearchPref = ADS\_SEARCHPREF\_CACHE\_RESULTS;
SearchPref[2].vValue.dwType = ADSTYPE\_BOOLEAN;
SearchPref[2].vValue.Boolean = FALSE;
pDirSearch->SetSearchPreference(SearchPref, 3);
hr = pDirSearch->ExecuteSearch(QueryStr, attributes, attributeCount, &hSearch2);
int count = 0;
while ((hr = pDirSearch->GetNextRow(hSearch2)) == S\_OK)
{
ADS\_SEARCH\_COLUMN controlCol;
hr = pDirSearch->GetColumn(hSearch2, L"msLAPS-EncryptedPassword", &controlCol);
std::cout << "Total Objects1: " << count << "\n";
if (controlCol.dwNumValues > 0)
{
for (DWORD i = 0; i < controlCol.dwNumValues; ++i)
{
NCRYPT\_PROTECT\_STREAM\_INFO info;
info.pfnStreamOutput = &Pfncryptstreamoutputcallback;
info.pvCallbackCtxt = NULL;
NCRYPT\_STREAM\_HANDLE handle;
SECURITY\_STATUS ret;
ret = NCryptStreamOpenToUnprotect(&info, NCRYPT\_SILENT\_FLAG, NULL, &handle);
BYTE\* encryptedPass = static\_cast<BYTE\*>(controlCol.pADsValues[i].OctetString.lpValue);
SIZE\_T encryptedPassLength1 = 0;
SIZE\_T encryptedPassLength = controlCol.pADsValues[i].OctetString.dwLength;
for (size\_t i = 0; i < encryptedPassLength; ++i) {
printf("%02X ", encryptedPass[i]);
}
std::cout << "Encrpted PassLength: " << encryptedPassLength << "\n";
std::cout << "Total Objects5: " << count << "\n";
if (ret == ERROR\_SUCCESS) {
SIZE\_T offset = 16;
SIZE\_T sizeToCopy = encryptedPassLength - offset;
BYTE\* alloc = (BYTE\*)LocalAlloc(LPTR, sizeToCopy);
if (alloc != nullptr) {
memcpy(alloc, encryptedPass + offset, sizeToCopy);
}
SIZE\_T size = LocalSize(alloc);
if (size != 0) {
printf("Allocated size: %u bytes\n", size);
}
for (size\_t i = 0; i < sizeToCopy; ++i) {
printf("%02X ", alloc[i]);
}
std::cout << "Total Objects10: " << count << "\n";
ret = NCryptStreamUpdate(handle, alloc, encryptedPassLength - offset, TRUE);
}
if (hSearch2)pDirSearch->CloseSearchHandle(hSearch2);
if (pDirSearch)pDirSearch->Release();
}
}
}
}
CoUninitialize();
return 0;
}
While executing NCryptStreamUpdate() it fails in my computer but works fine in actual DC of G-team computer why decryption fails?Is Decryption of computer only possible in domain joined computers?
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Hello Dinesh Kumar A,
Thank you for posting in Microsoft Community forum.
What is the programming language of the code above?
If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
Hi @Daisy Zhou123 ,
The language I used here is c++.
I am inquiring about the decryption of LAPS (Local Administrator Password Solution), and I would like to know if attempting decryption of LAPS passwords would violate Microsoft's policies. We are interested in providing a LAPS feature for our customers to view decrypted passwords. As we haven't found any official documentation on how to decrypt LAPS passwords using CNG DPAPI , we have studied the 'Get-LAPSADPassword' cmdlet to understand the encryption process to decrypt it using c++ instead of powershell.
Thanks in advance
Regards
Dinesh Kumar A
Hello Dinesh Kumar A,
Thank you for your reply.
I also want to know the decryption of LAPS comes under Microsoft policy violation
A: Please view Microsoft Terms of Use | Microsoft Legal
For your problem in the original post, since there are no engineers dedicated to C++ in this forum. in order to be able to get a quick and effective handling of your issue, I recommend that you repost your question in the Q&A forum, where there will be a dedicated engineer to give you a professional and effective reply.
Here is the link for Q&A forum.
Questions - Microsoft Q&A
Click the "Ask a Question" button in the upper right corner to post your question and select "C++" tag and any other tag related to your products.
If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
