Following up yesterday’s post about the firewire hack that lets you read memory over firewire, it was noted in the article I linked to that the hack did not yet work in Vista.  I’m guessing that this is because of the copious use of address space randomization by the OS, which would likely make any attempt to modify the windows password code at a fixed address pretty much worthless.  That said, if you knew a particular signature for the code it seems like you could just dump the ram to your external firewire device, scan it for the signature, and then figure out the randomly created offset; however it might be pretty difficult to figure out that signature in RAM in the first place.  This is quite a bit away from my area of expertise, so thoughts from anyone a bit more knowledgeable in this area?

~ Joshbw