here is where it's called from.
if(!DoOpenDialog(hwnd, szfilename)) return 0;
char *buff = OpenCryption(hwnd, szfilename);
MessageBox(hwnd, BAD_OPEN_TEXT, MB_TITLE, MB_ICONWARNING);
return 0; }
delete  buff;
I don't get it, are you saying ZeroMemory(pointer, 0) would actually set pointer to null!?
Potential overflow on the ZeroMemory(szDataPath, MAX_PATH) call. What if szDataPath doesn't point to a memory block of at least MAX_PATH+1 bytes? You will corrupt memory in that case.