Conditional breakpoint on VirtualAlloc coming from the plugin's module or periphery modules. Find out when and where the allocated memory is stored and that should be your pointer. This is probably going to be a mess if the plugin is Flash, or any other highly used plugin because memory references will most likely have multiple levels of indirection because of multiple flash/other files.
Signature scanning shouldn't really be a problem anyways... just look through every page that is not associated with a module (and other relevant information in the MEMORY_BASIC_INFORMATION structure) and scan it with a non-trivial algorithm (Knuth-Morris-Pratt or Boyer-Moore are two algorithms that come to mind).