How to remove string from process memory?

Question

I have an application which takes a string from the Windows Forms text box and passes it to an API which uses a string as the parameter. I see that the string can still be q

Answer 1

SecureString is not considered secure. If you need to do this, you can either use a char[] and overwrite the data once done, or you can use unsafe code to overwrite a string when done (just... hope it wasn't interned or a shared reference); note that this applies everywhere in the call stack. Note that the OS may have copied the page for various reasons and it may even be on disk (swap file) if the memory wasn't very carefully allocated.

However, by the time memory analysis tools are a factor in a winforms app, it would be easier to use a key logger, or just take a wrench and threaten someone for the password: