There's a big difference between DDE and SendMessage():
DDE is essentially mIRC polling a configurably named interface to see if it has new messages. These messages can be initiated from anywhere by any program that supports DDE and knows the name of mIRC's DDE server.
SendMessage() is *quite* a bit different:
First, mIRC *must* initiate the communication. You can't use SendMessage() to communicate with mIRC without mIRC first knowing what/where it should be reading for new 'messages'. As far as I know, the only way to do this is via the use of DLL or COM commands/identifer's from within mIRC; both of which can be disabled via mIRC's options. Otherwise the program would have to do some memory editing, and at that point, it'd just be easier to completely bypass SendMessage()
Next, SendMessage() is quite obscure as it requires the program, not only to force mIRC to initiate communication, but the program has to create and maintain the conduit for passing data and issuing commands. This conduit has a very specific format that minimizes dangerous code to the point that 'messages' are no more dangerous than issuing commands via the editbox (even to the point of enforcing the $dll, $com, and $decode options).
It'd be far easier for a malicious program to either edit mirc.ini or hack memory than to attempt abusing SendMessage().
-
As far as SendKey() is concerned, there's not a concise way to disable the functionality as it is handled by windows and when a SendKey() is issued, without a few kludges there's no way the program knows the difference between user input and SendKey()
Last edited by FroggieDaFrog; 05/06/14 09:04 PM.
