Edit

Share via

RtlDecryptMemory function (ntsecapi.h)

  • Article

[The RtlDecryptMemory function is available for use in the operating systems specified in the Requirements section. It may be altered or unavailable in subsequent versions. Instead, use the CryptUnprotectMemory function.]

The RtlDecryptMemory function decrypts memory contents previously encrypted by the RtlEncryptMemory function.

Note  This function has no associated import library. This function is available as a resource named SystemFunction041 in Advapi32.dll. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Advapi32.dll.
 

Syntax

NTSTATUS RtlDecryptMemory(
  [in, out] PVOID Memory,
  [in]      ULONG MemorySize,
  [in]      ULONG OptionFlags
);

Parameters

[in, out] Memory

A pointer to the memory to encrypt. The size of the memory must be a multiple of the RTL_ENCRYPT_MEMORY_SIZE constant.

[in] MemorySize

Number of bytes to which Memory points. The number of bytes must be a multiple of the RTL_ENCRYPT_MEMORY_SIZE constant.

[in] OptionFlags

Value that specifies how the encryption works over process boundaries and impersonation. This parameter can be one of the following values. The values are mutually exclusive. You must specify the same flag when encrypting and decrypting the memory.

Value Meaning
0
 Encrypt and decrypt memory in the same process. An application running in a different process will not be able to decrypt the data.
RTL_ENCRYPT_OPTION_CROSS_PROCESS
 Encrypt and decrypt memory in different processes. An application running in a different process will be able to decrypt the data.
RTL_ENCRYPT_OPTION_SAME_LOGON
 Use the same logon credentials to encrypt and decrypt memory in different processes. An application running in a different process will be able to decrypt the data. However, the process must run as the same user that encrypted the data and in the same logon session.

Return value

If the function is successful, the return value is STATUS_SUCCESS.

If the function fails, the return value is an NTSTATUS code that indicates the error.

Requirements

Requirement Value
Minimum supported client Windows XP, Windows XP [desktop apps only]
Minimum supported server Windows Server 2003, Windows Server 2003 [desktop apps only]
Target Platform Windows
Header ntsecapi.h
DLL Advapi32.dll