Re: Getting passwords from the heap?

["Jason R. Seats" <Jason.Seats () TechGuardSecurity com>]

Dennis McHenry wrote:
> From: "Felix von Leitner" <leitner () vim org>
> > This wasn't perchance a Microsoft operating system you were using?
> It's been a while since I've done C for a win system, but as I recall Malloc
> returns zeroed-out chunks.
>
> My response to Jason's point, though, is that if a program doesn't handle
> sensitive information in a prudent manner (preventing it from being swapped
> to disk, overwriting the memory space where it was stored, etc.), the
> information could indeed be in memory.  I'd label this as a programming
> error for the application that left it's sensitive info. sitting around,
> rather than an OS problem (I don't recall Windows saying it wiped memory
> after closing applications).
>
> If you're using a win box, you can use debug to examine memory remnants.

If you are using the debug version of the C-runtime libs for Windows,
freed memory is set to a characteristic value so that you can recognize
if you are ever de-referencing a pointer into freed memory (0x45 is
think).  You can use the debugger to watch Release built applications
memory in a realistic way though.

-- 
Jason Seats
Information Security Software Engineer
TechGuard Security
jason.seats () techguardsecurity com
www.techguardsecurity.com
636-519-4848