[code]
3  Hide  Hide  83  Recv 
0000  FF 26 53 00 01 00 00 00 04 00 00 00 02 00 00 00    .&S.............
0010  32 39 37 32 34 31 39 34 20 31 32 35 33 30 30 33    29724194 1253003
0020  37 30 31 00 32 39 37 32 36 36 39 30 20 33 30 36    701.29726690 306
0030  32 39 39 33 35 31 30 00 32 39 37 32 36 36 38 38    2993510.29726688
0040  20 31 30 32 39 39 35 39 33 35 32 00 35 36 31 32    1029959352.5612
0050  38 31 00                                          81.

[/code]

I've requested it, the simple part, but I'm not sure how to treat these values for extraction. They appear to be split by a null byte but some are two numbers long? I've only requested 4 system keys here. I see them, but I'm now sure how I should extract them. Can they be pulled out as DWORDS?

Also, I should ask. Are these file times? GetTickCount values? I'm assuming file times.

Most of those are File times.
Format:
[quote](DWORD) Number of accounts
(DWORD) Number of keys
(DWORD) Request ID
(STRING[]) Requested Key Values[/quote]
I assume you requested: "System\Account Created", "System\Last Logon",  "System\Last Logoff", "System\Time Logged"
If so, Then the 1st 3 are File times, and the last 1 is the ammount of seconds you have been logged in on that account.

The 1st value of Each file time string is the HighDateTime and the 2nd part is the LowDateTime.
Place them into a FileTime struct, then convert it to a SystemTime struct using FileTimeToSystemTime() API. and then you can print out the information,  As for the Time logged, Theres 60 seconds in a minute, 60 mins in an hr, 24 hrs in a day, 7 days a week, etc..
~-~(HDX)~-~

[code]
void HandleRecordData(char *data) {
FILETIME Time;
SYSTEMTIME SysTime;
unsigned long Accounts = *(unsigned long*)(data + PACKET_HEAD);
unsigned long Keys = *(unsigned long*)(data + PACKET_HEAD + 4);

sscanf((data + (PACKET_HEAD + 12)), "%i %i", Time.dwHighDateTime, Time.dwLowDateTime);
FileTimeToSystemTime(&Time, &SysTime);
AppendText(hBNChat, GRAY, "System\\Account Created: %s %s\n", SysTime.wDayOfWeek, SysTime.wYear);

return;
}
[/code]

Know why the program might be crashing on that sscanf line? I'm not sure if this is the best way to grab these values but I think it might work,

Alright, so this is what I have... it works - everything except the time logged part. If it's the total number of seconds I've been logged on, shouldn't what I'm doing work?

[code]
void HandleRecordData(char *data) {
int x, length;
FILETIME Time;
SYSTEMTIME SysTime;
char AcctCreatedHigh[128], AcctCreatedLow[128];
char LastLogonHigh[128], LastLogonLow[128];
char LastLogoffHigh[128], LastLogoffLow[128];
char TimeLogged[128], Month[32], Day[32];

strcpy(AcctCreatedHigh, data + (PACKET_HEAD + 12));
for(x = 0; x < strlen(AcctCreatedHigh); x++) {
if(AcctCreatedHigh[x] == 0x20) {
AcctCreatedHigh[x] = '\0';
}
}
strcpy(AcctCreatedLow, data + (PACKET_HEAD + 12 + strlen(AcctCreatedHigh) + 1));
Time.dwHighDateTime = atol(AcctCreatedHigh);
Time.dwLowDateTime = atol(AcctCreatedLow);
FileTimeToSystemTime(&Time, &SysTime);
GetMonth(SysTime.wMonth, Month);
GetDay(SysTime.wDayOfWeek, Day);
AppendText(hBNChat, GRAY, "%s\\Recorddata\\Account Created: %s, %s %i, %i %i:%i:%i\n", szLocalAccountInfo.szRealUsername, Day, Month, SysTime.wDay, SysTime.wYear, SysTime.wHour > 12 ? SysTime.wHour - 12 : SysTime.wHour, SysTime.wMinute, SysTime.wSecond);

length = PACKET_HEAD + 12 + strlen(AcctCreatedHigh) + 1 + strlen(AcctCreatedLow) + 1;
strcpy(LastLogonHigh, data + length);
for(x = 0; x < strlen(LastLogonHigh); x++) {
if(LastLogonHigh[x] == 0x20) {
LastLogonHigh[x] = '\0';
}
}
length += (strlen(LastLogonHigh) + 1);
strcpy(LastLogonLow, data + length);
Time.dwHighDateTime = atol(LastLogonHigh);
Time.dwLowDateTime = atol(LastLogonLow);
FileTimeToSystemTime(&Time, &SysTime);
GetMonth(SysTime.wMonth, Month);
GetDay(SysTime.wDayOfWeek, Day);
AppendText(hBNChat, GRAY, "%s\\Recorddata\\Last Logon: %s, %s %i, %i %i:%i:%i\n", szLocalAccountInfo.szRealUsername, Day, Month, SysTime.wDay, SysTime.wYear, SysTime.wHour > 12 ? SysTime.wHour - 12 : SysTime.wHour, SysTime.wMinute, SysTime.wSecond);


length += (strlen(LastLogonLow) + 1);
strcpy(LastLogoffHigh, data + length);
for(x = 0; x < strlen(LastLogoffHigh); x++) {
if(LastLogoffHigh[x] == 0x20) {
LastLogoffHigh[x] = '\0';
}
}
length += (strlen(LastLogoffHigh) + 1);
strcpy(LastLogoffLow, data + length);
Time.dwHighDateTime = atol(LastLogoffHigh);
Time.dwLowDateTime = atol(LastLogoffLow);
FileTimeToSystemTime(&Time, &SysTime);
GetMonth(SysTime.wMonth, Month);
GetDay(SysTime.wDayOfWeek, Day);
AppendText(hBNChat, GRAY, "%s\\Recorddata\\Last Logoff: %s, %s %i, %i %i:%i:%i\n", szLocalAccountInfo.szRealUsername, Day, Month, SysTime.wDay, SysTime.wYear, SysTime.wHour > 12 ? SysTime.wHour - 12 : SysTime.wHour, SysTime.wMinute, SysTime.wSecond);

length += (strlen(LastLogoffLow) + 1);
strcpy(TimeLogged, data + length);
int iTimeLogged = atol(TimeLogged);
int days = iTimeLogged / 86400;
iTimeLogged -= days;

int hours = iTimeLogged / 3600;
iTimeLogged -= hours;

int minutes = iTimeLogged / 60;
iTimeLogged -= minutes;

AppendText(hBNChat, GRAY, "%s\\Recorddata\\Time Logged: %i days, %i hours, %i minutes, %i seconds\n", szLocalAccountInfo.szRealUsername, days, hours, minutes, iTimeLogged);

return;
}
[/code]

EDIT: This is a pretty intensive function. If anyone knows a better way to do what I'm doing then please, let me know. :-p

Change

[code]
int iTimeLogged = atol(TimeLogged);
int days = iTimeLogged / 86400;
iTimeLogged -= days;

int hours = iTimeLogged / 3600;
iTimeLogged -= hours;

int minutes = iTimeLogged / 60;
iTimeLogged -= minutes;[/code]

into

[code]
int iTimeLogged = atol(TimeLogged);
int days = iTimeLogged / 86400;
iTimeLogged -= days * 86400;

int hours = iTimeLogged / 3600;
iTimeLogged -= hours * 3600;

int minutes = iTimeLogged / 60;
iTimeLogged -= minutes * 60;
[/code]