Re: Eavesdrop on call stack - peeking at variable values in a running process using the VS.NET IDE

From: Shawn Farkas [MS] (shawnfa_at_online.microsoft.com)
Date: 05/29/03 

Date: Thu, 29 May 2003 10:34:40 -0700

Hi Joubert,

    You're asking if it is possible for someone to read your decrypted username and password at any point during program execution? The answer is yes, given sufficent privilege, anyone with a debugger can go ahead and look at the values stored in memory. If they knew where to look, they would be able to read your decrypted username and password. However, if you are going to use the strings in an unencrypted form, even in unmanaged code, they will be in memory for at least a short period of time, and the same problem applies.

-Shawn
  "Joubert" <com.pwc.za@nel.joubert> wrote in message news:uypJAZdJDHA.2224@TK2MSFTNGP11.phx.gbl...
  Hi,

  Background:
  I'm trying to see whether, during runtime, the values of my application's variables are accessible to an outsider.

  Steps:
  1) Compile application for a Release Build.
  2) Run it from Explorer
  3) Using the VS.NET IDE, I attach to the running process
  4) I then Pause the process
  5) Paging through the call stack I come across:

  Source code:
  In my code, I've overloaded the Show method with some string arguments (as above). The values of username and password are passed in encrypted form. However, at some point I call encryption/decryption methods to deal with the strings (the encryption/decryption methods reside in a different assembly).

  Query:
  When I pass the cleartext strings around inside my application can they be lifted by an eavesdropper? I have already confirmed with the above that one entry point is when one passes the variables between form methods. What about when calling methods across assembly borders?

  Cheers
  Joubert.

callstack.jpg