Whoops, what is that password doing memory?

Optimizing compilers are not always your friend :-)

Well turns out ZeroMemory a lovely Microsoft function, can be completely optimized away by Microsoft's compiler. So that means if you decided to clear the memory where sensitive information was living, the compiler could decide,

No, I don't think so. As nothing in your program uses that memory after the ZeroMemory call, I feel it is not efficent to put all those zeroes into memory.

Therefore, I, the great and powerful optimizing compiler, will ignore your puny request to clear out memory. So has it spoken, so shall it not be done :-)

Microsoft solution: Yet another function!

SecureZeroMemory

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/memory/base/securezeromemory.asp

This way, if the compiler can be told, "Hey stupid, I don't care how smart you think you are, I really, really want this memory set to zero. Just do it and no fiddling with my code please." :-)

Enjoy!

See also the lovely _heapmin() function for a similar, but ancient, Microsoft gotcha()