Root > Reference > All Functions > MemUnprotect

Procedure MemUnprotect

Previous pageReturn to chapter overviewNext page   

Decrypts process memory.







Code (Delphi)

procedure MemUnprotect(

const AProtectedData: Pointer;

const AProtectedDataSize: Cardinal;

out AData: Pointer;

out ADataSize: Cardinal

); overload;


function MemUnprotect(

const AProtectedData: RawByteString

): RawByteString; overload;


procedure MemUnprotect(

var AProtectedData: TEncryptBuffer

); overload;


procedure MemUnprotect(

const AProtectedData: TEncryptBuffer;

out AData: TEncryptBuffer

); overload;



AProtectedData [in]

Encrypted data to decrypt.


AProtectedDataSize [in]

Size of AProtectedData.


AData [out]

Decrypted sensitive data. Can be deleted by FreeMem function (but we recommend to use SecureFree function instead).


ADataSize [out]

Size of AData.


AProtectedData [in]

Encrypted data to decrypt.


AProtectedData [in, out]

On input: encrypted data to decrypt. Must be allocated with AllocMem function.

On output: unencrypted sensitive data (size will be different). Can be deleted by EncryptBufferFree or SecureFree functions.


AData [out]

Unencrypted sensitive data (size will be different). Delete this data by EncryptBufferFree or SecureFree functions.


Return value

Unencrypted sensitive data (size will be different).



MemUnprotect function decrypts memory that was encrypted using the MemProtect function.


Using MemProtect and MemUnprotect for password encryption is not secure because the data exists as plaintext in memory before it is encrypted and at any time the caller decrypts it for use.


You must encrypt and decrypt the memory during the same boot session. If the computer is restarted before you call the MemUnprotect function, you will not be able to decrypt the data.


When you have finished using the sensitive information, clear it from memory by calling the FillChar function.


See also

Send feedback... Build date: 2022-03-28
Last edited: 2022-03-28
The documentation team uses the feedback submitted to improve the EurekaLog documentation. We do not use your e-mail address for any other purpose. We will remove your e-mail address from our system after the issue you are reporting has been resolved. While we are working to resolve this issue, we may send you an e-mail message to request more information about your feedback. After the issues have been addressed, we may send you an email message to let you know that your feedback has been addressed.

Permanent link to this article: