How to remove string from process memory?

3
votes

I have an application which takes a string from the Windows Forms text box and passes it to an API which uses a string as the parameter. I see that the string can still be queried from the process memory after the task is complete. I have come across suggestions to use SecureString for string memory management capabilities. But, if I understand correctly, the purpose of the string is defeated if the secure string is built from a string or the value of the secure string is ultimately stored in a string.

Please suggest what is the best possible solution.

1
c#stringsecurestringmemory-dump
is it encrypted on the wire? if not, why are you even concerned about it in memory?Mitch Wheat
Any parameter is pass to methods on the execution stack. When method is finished the execution stack point is restored back to location before method is called. So any variables used by methods are still on the stack and not accessible. The calling method would have to destroy the variable before returning to remove object from stack.jdweng
If its come from a WinForms TextBox control, then there's already an unknown/unknowable number of copies of that string lurking everywhere. You can't fix this leak. Either re-engineer this to use SecureString throughout or accept that someone with sufficient access to the machine(s) on which this code is running could potentially read this data from process memory. But bear in mind - someone with that level of access could easily have installed a keylogger anyway.Damien_The_Unbeliever

1 Answers

8
votes

SecureString is not considered secure. If you need to do this, you can either use a char[] and overwrite the data once done, or you can use unsafe code to overwrite a string when done (just... hope it wasn't interned or a shared reference); note that this applies everywhere in the call stack. Note that the OS may have copied the page for various reasons and it may even be on disk (swap file) if the memory wasn't very carefully allocated.

However, by the time memory analysis tools are a factor in a winforms app, it would be easier to use a key logger, or just take a wrench and threaten someone for the password: