it's the basic calling of CryptUnprotectData using the data (encrypted password) after "51:b:" or "x9392".
so take the password, convert it from string of hex values to bytes (so "010002" becomes the 3 bytes 0x01, 0x00 and 0x02) and fill a DATA_BLOB structure (pbData with the bytes and cbData with the length).
and then call the function:
Code:
DATA_BLOB DataIn,
DataOut;
LPWSTR description;
memset(&DataIn, 0, sizeof(DataIn));
memset(&DataOut, 0, sizeof(DataOut));
description = NULL;
// fill DataIn with the binary password and its length
CryptUnprotectData(
&DataIn, // input data
&description, // output description
NULL,
NULL, // reserved
NULL, // optional prompt structure
CRYPTPROTECT_UI_FORBIDDEN, // flags
&DataOut);
obviously the decrypted password is located in DataOut.pbData, attention that it could be in ASCII or unicode (utf16) mode