Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/user-interface/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Powershell 如何检查HTA是否为前台窗口?_Powershell_User Interface_Hta - Fatal编程技术网
Fatal编程技术网
  • powershell/
  • Powershell 如何检查HTA是否为前台窗口?

Powershell 如何检查HTA是否为前台窗口?

powershell user-interface

Powershell 如何检查HTA是否为前台窗口?,powershell,user-interface,hta,Powershell,User Interface,Hta,我试图确定HTA是否是前景窗口。以下PowerShell通常会标识前台窗口: Add-Type @" using System; using System.Runtime.InteropServices; public class UserWindows { [DllImport("user32.dll")] public static extern IntPtr GetForegroundWindow(); } "@ $a = [UserWin

我试图确定HTA是否是前景窗口。以下PowerShell通常会标识前台窗口:

Add-Type @"
   using System;
   using System.Runtime.InteropServices;
   public class UserWindows {
      [DllImport("user32.dll")]
      public static extern IntPtr GetForegroundWindow();
   }
"@

$a = [UserWindows]::GetForegroundWindow()
get-process | ? { $_.mainwindowhandle -eq $a }
但是,如果HTA在前台,则返回no进程。(即,有一个MainWindowHandle,但没有进程!)

MSHTA进程具有完全不同的MainWindowHandle,但没有窗口

Process Hacker将HTA窗口(框架或内容)标识为mshta进程

如何通过脚本匹配HTA窗口和mshta.exe?或者,如何获取HTA窗口的MainWindowHandle而不知道它是否在前面?

返回的Foregroundwindow不是任何进程的MainWindowHandle,只是mshta的窗口句柄,您必须检查所有窗口句柄。
我使用工具cmdow.exe手动执行了此操作(必须将句柄转换为十六进制),并为我的示例HTA helpomatic获得了此代码:

> cmdow 0x14E0F46
Handle   Lev  Pid -Window status- Image    Caption
0x14E0F46 1 153048 Res Ina Ena Vis mshta    The HTA Helpomatic -- Presented by t
应该有更好/更强大的方法来枚举窗口句柄,但此更改的脚本将使用提到的

样本输出:

> .\Get-ForegrounWindow.ps1
0x15C04A2 1 127148 Res Act Ena Vis powershell Windows PowerShell
0x7F0DE4 1 135416 Res Act Ena Vis TextPad  TextPad - Q:\Test\2017-06\09\Get-ForegrounWindow.ps1
0x16205D0 1 121732 Res Act Ena Vis bash     usernamet@computer: ~
0x14E0F46 1 153048 Res Act Ena Vis mshta    The HTA Helpomatic -- Presented by the Microsoft Scripting Guys
返回的Foregroundwindow不是任何进程的mainwindowhandle,只是mshta的窗口句柄,您必须检查所有窗口句柄。
我使用工具cmdow.exe手动执行了此操作(必须将句柄转换为十六进制),并为我的示例HTA helpomatic获得了此代码:

> cmdow 0x14E0F46
Handle   Lev  Pid -Window status- Image    Caption
0x14E0F46 1 153048 Res Ina Ena Vis mshta    The HTA Helpomatic -- Presented by t
应该有更好/更强大的方法来枚举窗口句柄,但此更改的脚本将使用提到的

样本输出:

> .\Get-ForegrounWindow.ps1
0x15C04A2 1 127148 Res Act Ena Vis powershell Windows PowerShell
0x7F0DE4 1 135416 Res Act Ena Vis TextPad  TextPad - Q:\Test\2017-06\09\Get-ForegrounWindow.ps1
0x16205D0 1 121732 Res Act Ena Vis bash     usernamet@computer: ~
0x14E0F46 1 153048 Res Act Ena Vis mshta    The HTA Helpomatic -- Presented by the Microsoft Scripting Guys
修改了来自的答案,以获得符合我需要的答案:

Add-Type  @"
using System;
using System.Runtime.InteropServices;
using System.Text;
public class UserWindows {
   [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
      public static extern int GetWindowText(IntPtr hwnd,StringBuilder lpString, int cch);
   [DllImport("user32.dll", SetLastError=true, CharSet=CharSet.Auto)]
      public static extern IntPtr GetForegroundWindow();
   [DllImport("user32.dll", SetLastError=true, CharSet=CharSet.Auto)]
      public static extern Int32 GetWindowTextLength(IntPtr hWnd);
}
"@

while(1) {
   $ForgroundWindow = [UserWindows]::GetForegroundWindow()
   $FGWTitleLength = [UserWindows]::GetWindowTextLength($ForgroundWindow)
   $StringBuilder = New-Object text.stringbuilder -ArgumentList ($FGWTitleLength + 1)
   $null = [UserWindows]::GetWindowText($ForgroundWindow,$StringBuilder,$StringBuilder.Capacity)
   if ($StringBuilder.ToString() -match $HTAWindowTitleRegEx) {
      # Put further scripting here for when the HTA window is in front
   }
   Start-Sleep -Seconds 1
}
希望这对某人有所帮助。

修改了中的答案,以获得满足我需要的答案:

Add-Type  @"
using System;
using System.Runtime.InteropServices;
using System.Text;
public class UserWindows {
   [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
      public static extern int GetWindowText(IntPtr hwnd,StringBuilder lpString, int cch);
   [DllImport("user32.dll", SetLastError=true, CharSet=CharSet.Auto)]
      public static extern IntPtr GetForegroundWindow();
   [DllImport("user32.dll", SetLastError=true, CharSet=CharSet.Auto)]
      public static extern Int32 GetWindowTextLength(IntPtr hWnd);
}
"@

while(1) {
   $ForgroundWindow = [UserWindows]::GetForegroundWindow()
   $FGWTitleLength = [UserWindows]::GetWindowTextLength($ForgroundWindow)
   $StringBuilder = New-Object text.stringbuilder -ArgumentList ($FGWTitleLength + 1)
   $null = [UserWindows]::GetWindowText($ForgroundWindow,$StringBuilder,$StringBuilder.Capacity)
   if ($StringBuilder.ToString() -match $HTAWindowTitleRegEx) {
      # Put further scripting here for when the HTA window is in front
   }
   Start-Sleep -Seconds 1
}
希望这对某人有所帮助。

谢谢你的建议,但我正在努力避免使用第三方工具(而且我真的不想被标记为恶意软件,这很可能与CMDOW.EXE有关)。我没有时间找到其他解决方案,这只是为了说明获取所有窗口句柄的原理,并通过这些句柄获取原始进程。感谢您的建议,但我正在尝试避免使用第三方工具(我真的不想被标记为恶意软件,这很可能与CMDOW.EXE有关)。我没有时间找到其他解决方案,它只是展示了获取所有窗口句柄的原理,并通过它来获取原始进程。