| This uses Windows UI Automation (UIA) — the same COM API that screen readers use. Every standard Windows application exposes its entire element tree through this interface: buttons, text fields, values, coordinates.
Including browsers, Electron apps, and yes, antivirus software. What makes this different from typical automation tools: - It reads any application's UI as structured text — no screenshots, no OCR - It can intercept and manipulate inputs on the fly, acting as a man-in-the-middle between user and application - It simulates real human input events (keyboard, mouse), not injected API calls — making it indistinguishable from actual user interaction - It's a 2MB static binary with zero runtime dependencies - There is no process injection, no hooking, no DLL loading — just standard Windows COM calls that every screen reader makes - it dont touched any TOS , EULA or Laws and its Protected by the Assecibility Laws and with that not patchable. The uncomfortable implication: the same API that exists to help blind people navigate their computer gives any program full read/write access to every running application's UI. Windows treats this as intended behavior, not a security boundary. Longer writeup: https://dev.to/tlrag/i-built-a-new-software-primitive-in-85-... |