Using SetWindowText in WIN32 GDI, and securely deleting data typed in

Question

I wish to securely delete (not even a trace in memory) anything that user types into a textbox. I wonder if setting it to "" is secure enough. SetWindowText is a function in Win32 API, in user32.dll.

In the program:

SetWindowText(myHandle, "Hello");
SetWindowText(myHandle, "Goodbye");

//Was the buffer containing chars "Hello" overwritten by the
//series of chars "Goodb"?

//Or was another chunk of buffer being allocated to store "Goodbye",
//hence "Hello" still exist somewhere in the memory?

SetWindowText(myHandle, "");
//What does Windows do to the buffer that used to store chars "Goodbye"?
//Does it wipe out and replace the data in the buffer to all 0s here?
//Or does "Goodbye" actually still stays in the memory?

Answer 1

This is formally unspecified, and quite complicated in practice. The simple answer is therefore "no, it's not secure"

Answer 2

No, it isn't secure because GDI copies your string multiple times, for example to make it wide-char string: you use SetWindowTextA but it's just a wrapper for SetWindowTextW, so SetWindowTextA copies your string to wide-char string.

For secure solution you should implement your own textbox with custom user input handling (WM_KEY*, etc) and custom rendering (WM_DRAW).

To check its security run your program under OllyDbg and scan whole memory for your string (Alt-M, Ctrl-B).