Stepped into DPAPI inner functionement question...
I'm (potentially) in a context pre-logon which means no user has logged on already.
Since the CryptProtectData function uses current user credentials, how will it be acting ?
I was so wondering if there were any issue for this or if it was simply unusable in this context.
And... whatever can be the answer, does anyone knows what(/how to find out) the "key" used for the flag LOCAL_MACHINE. What kind of credentials/identifier is used to make the encryption specific to the machine ?
Answers/advises/redirections/suggestions will be greatly appreciated
In your case you should use CRYPTPROTECT_LOCAL_MACHINE flag for dwFlags parameter.
If you don't - only the SYSTEM user can decrypt protected data.