Fellow co-worker, Corneliu Tusnea has figured out a way to easily reverse the .NET frameworks SecureString instances and integrated it as a feature into his Hawkeye application (already a formidable tool for editing .NET objects in running applications). The SecureString class is designed to be an easy way for developers to obsfucate strings in memory so that its difficult to get them out of a memory dump by spreading it through the memory space of the host process. They just give you a little bit of extra security.
At runtime, anyone who knows their way around the .NET Framework can probably think up a way to get a SecureString instance back into its unencrypted state, but where the real power of Hawkeye comes in is the way you can just attach to a running process.
Since Corneliu a “good guy” he has decided to only offer the SecureString decryption functionality in Hawkeye for a price in an effort to stop it being used by the vast majority for illegitimate purposes. Well before he released his code he also contacted Microsoft to discuss the issue.
There isn’t really anything that can be done about it – SecureStrings MUST be reversable at some point in time so Microsoft suggested that he go ahead with his release, but put it in a commercial version. Corneliu has decided to donate the proceeds from Hawkeye to a worthy charity which will change on a rolling basis – way to go Corneliu.
You can download Hawkeye from Project Distributor.