Playing around with Process Hacker (a really nice tool), we found that SQL Server Management Studio 2008 stores connection strings in plain text in memory.

Using the Process Hacker memory search utility we can get that information.
To do this you must have enough privileges to read other process memory, but let's assume you have that.

In order to see the password you can follow this steps:

1. Find Ssms.exe process



2. Open process properties and search memory using String scan



3. Use Filter button to search using Regular Expressions



Simply use the following regular expression
"server=.+;uid=.+;password=.+;Application Name=.+"
and you will find the connection string.

Using this method you can find several passwords in other processes. It's just a matter of knowing what pattern to search.

Based on this we decided to create a tool that will let you search patterns in the memory of any remote process.

We'll update the Projects section when we have this new tool.