Home .NET / .NET Core - Is Memory Accessible Externally?
Reply: 0

.NET / .NET Core - Is Memory Accessible Externally?

Melbourne Developer
1#
Melbourne Developer Published in 2017-12-07 23:22:50Z

If I write a C# app and compile to .NET, or .NET Core, or even Mono, can external apps access the memory in the running process?

I.e. if I write this line of code:

var password = "some password";

Could a piece of malware scan through the memory addresses of the process and get the string?

I guess the question is somewhat OS specific. And, I guess it would also depend on what access privileges the malware has, right? I'm guessing that answer to my question would be different from say MacOS/Linux to Windows, right?

Edit: Is there any conceivable way of protecting a string in memory? Is there some encryption mechanism that could achieve this?

One thing I can do to mitigate the problem is to use SecureString. But, it's not perfect: https://msdn.microsoft.com/en-us/library/system.security.securestring(v=vs.110).aspx#HowSecure

Microsoft's recommended approach is to:

Instead of using SecureString to protect passwords, the recommended alternative is to use an opaque handle to credentials that are stored outside of the process.

Although, this isn't a concrete answer. It's too abstract for me to understand what they are recommending I do.

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.306398 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO