Hi Paul, + * Write a singe value and it's data to: s/singe/single/, s/it's/its/ + /* Turn OID into a wide-character string */ + Len = MultiByteToWideChar( CP_ACP, 0, OID, -1, NULL, 0 ); + OIDW = HeapAlloc( GetProcessHeap(), 0, Len * sizeof(WCHAR) ); + MultiByteToWideChar( CP_ACP, 0, OID, -1, OIDW, Len ); + + /* Allocate the needed space for UsageKey */ + UsageKey = HeapAlloc(GetProcessHeap(), 0, (lstrlenW(Trust) + lstrlenW(Usages) + Len) * sizeof(WCHAR)); You can avoid one HeapAlloc by calculating Len as you do, but not converting OID to a wide-char string until you've allocated UsageKey. Something like: len = MultiByteToWideChar( CP_ACP, 0, OID, -1, NULL, 0 ); UsageKey = HeapAlloc(GetProcessHeap(), 0, (lstrlenW(Trust) + lstrlenW(Usages) + len) * sizeof(WCHAR)); lstrcpyW(UsageKey, Trust); lstrcatW(UsageKey, Usages); MultiByteToWideChar( CP_ACP, 0, OID, -1, UsageKey + lstrlenW(Trust) + lstrlenW(Usages), len ); Note also that OID can't contain multibyte characters, so you may use a loop to copy it character by character to UsageKey instead of calling MultiByteToWideChar, if you prefer. + HeapFree(GetProcessHeap(), 0, OIDW); You leak UsageKey here. --Juan __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com