'Sniffing' closed source Qt applications

[squidge]

In a previous topic, it was talked about injecting a DLL into a Qt app to connect to it's slots and signals.

I'm thinking of what could be possible in a more generic way - injecting into a Qt application, listing the controls on the form, show the signals and slots and being able to interact with the application.

It seems that there IS a method that allows you to receive the array containing the signals and slots supported by an object, and we can get that list of objects by getting the parent and using children.

Does this sound feasible?

Who knows, it could grow into a new testing framework

[wysota]

If an application is dynamically linked then the simplest way is to substitute one of Qt libraries or Qt plugins with your own (the latter is probably easiest). Listing objects and their properties is trivial then thanks to QApplication::topLevelWindows(), QObject::findChildren() and QMetaObject. To try to compensate this the application provider can use the "build key" feature of Qt, do some signing or encryption or link statically. Then you can still probably substitute the language runtime in some cases.

[tbscope]

Who knows, it could grow into a new testing framework

Some debuggers do work like this. They include their own code in the process being debugged. Usually it contains things like a modified version of malloc etc...

If you take for example Squish, it also works by hooking in the process being tested.