Root > Reference > All Functions > MemProtect

Procedure MemProtect

Previous pageReturn to chapter overviewNext page   

Encrypts process memory.







Code (Delphi)

procedure MemProtect(

const AData: Pointer;

const ADataSize: Cardinal;

out AProtectedData: Pointer;

out AProtectedDataSize: Cardinal

); overload;


function MemProtect(

const AData: RawByteString

): RawByteString; overload;


procedure MemProtect(

var AData: TEncryptBuffer

); overload;


procedure MemProtect(

const AData: TEncryptBuffer;

out AProtectedData: TEncryptBuffer

); overload;



AData [in]

Sensitive data to encrypt.


ADataSize [in]

Size of AData.


AProtectedData [out]

Encrypted data. Can be deleted by FreeMem function (but we recommend to use SecureFree function instead).


AProtectedDataSize [out]

Size of AProtectedData.


AData [in]

Sensitive data to encrypt.


AData [in, out]

On input: sensitive data to encrypt. Must be allocated with AllocMem function.

On output: encrypted data (size will be different). Can be deleted by EncryptBufferFree or SecureFree functions.


AProtectedData [out]

Encrypted data (size will be different). Delete this data by EncryptBufferFree or SecureFree functions.


Return value

Encrypted data (size will be different).



This function encrypts memory to prevent others from viewing sensitive information in your process. For example, use the MemProtect function to encrypt memory that contains a password. Encrypting the password prevents others from viewing it when the process is paged out to the swap file. Otherwise, the password is in plaintext and viewable by others.


Using MemProtect and MemUnprotect for password encryption is not secure because the data exists as plaintext in memory before it is encrypted and at any time the caller decrypts it for use.


Typically, you use the MemProtect function to encrypt sensitive information that you are going to decrypt while your process is running. Do not use this function to save data that you want to decrypt later; you will not be able to decrypt the data if the process or computer is restarted. To save encrypted data to a file to decrypt later, use the DataProtect, TEAEncrypt, or RSAEncrypt functions.


Call the MemUnprotect function to decrypt memory encrypted with the MemProtect function. When you have finished using the sensitive information, clear it from memory by calling the FillChar function.


Typically, only a user with the same logon credential as the user who encrypted the data can decrypt the data. In addition, the encryption and decryption usually must be done on the same computer. Moreover, decryption usually must be done within the same process.


The function creates a session key to perform the encryption. The session key is derived again when the data is to be decrypted.


The function also adds a Message Authentication Code (MAC) (keyed integrity check) to the encrypted data to guard against data tampering.


See also

Send feedback... Build date: 2022-03-28
Last edited: 2022-03-28
The documentation team uses the feedback submitted to improve the EurekaLog documentation. We do not use your e-mail address for any other purpose. We will remove your e-mail address from our system after the issue you are reporting has been resolved. While we are working to resolve this issue, we may send you an e-mail message to request more information about your feedback. After the issues have been addressed, we may send you an email message to let you know that your feedback has been addressed.

Permanent link to this article: