jerf at jerf.org
Thu Jan 6 15:05:31 EST 2005
On Thu, 06 Jan 2005 03:27:56 -0800, lbolognini wrote:
> Could you please give me some advice on the best approach to solve this
To the best of my knowledge, and I'd be surprised if this wasn't true,
wxPython does not have the necessary tools to do this.
That program doesn't even use the clipboard; it uses low-level security
flaws* in Windows to directly access text in other programs as it is being
typed, watch for trigger text to go by, and then dynamically replace it;
all of which is a major security flaw in the absence of user permission.
This *particular* application is harmless, but it's still exploiting holes.
Since those holes don't exist cross-platform, wxWindows won't reflect
them. You'd need to go to the WinAPI, and after that I have no idea what
comes next... but I do know it's going to be tricky, painful work and if
you didn't already know you needed to do this, you probably don't want to
go here. Here There Be Dragons.
*: The security flaw lies in the Windows messaging model; once you have a
window handle you can send it any message and get back any data you want,
including stuffing that window with any new data you want, which is a
gaping flaw indeed in a world of buffer exploits. IIRC, there is no way to
do any sort of user-based security, so even if you do everything as a
low-priv user except use this one program as administrator, if that
program has a window on the screen and a buffer overflow, that's a root
exploit waiting to be coded.
More information about the Python-list