我已经在PowerShell中编写了Windows服务。它运作良好,但是我需要找到一个主要的限制解决方案。我需要使用Windowed应用程序列出所有进程-这是用于被动应用程序计量(即每个登录用户打开并正在使用的应用程序)。
该服务以Local System身份运行。我可以看到所有进程,但是由于该服务位于非交互式桌面(会话ID 0)中,因此看不到MainWindowTitle或MainWindowhandle,标题全部为null,句柄全部为0。
我尝试使用Get-Process,Get-CIMInstance Win32_Process和[System.Diagnostics.Process]::GetProcesses()。这些都不起作用(我得到了所有进程,但撤回了数据)。
我决定创建一个C#控制台应用程序,PowerShell服务将执行该应用程序并从中收集响应。这是可行的,但仍然排除了“敏感”信息,因此关键属性MainWindowhandle始终为0。
这里是C#控制台应用程序(仅用于测试是一项快速的工作:]
using Newtonsoft.Json; using System; using System.Collections.Generic; using System.ComponentModel; using System.Diagnostics; using System.Linq; using System.Security.Permissions; namespace ProcessManager { public class ProcessRecord { // Auto-Initialized properties public string Name { get; set; } public int MainWindowHandle { get; set; } public string WindowTitle { get; set; } public int SessionId { get; set; } public DateTime StartTime { get; set; } } class Program { [PermissionSetAttribute(SecurityAction.LinkDemand, Name = "FullTrust")] [HostProtectionAttribute(SecurityAction.LinkDemand, SharedState = true, Synchronization = true, ExternalProcessMgmt = true, SelfAffectingProcessMgmt = true)] [PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")] static void Main(string[] args) { listProcesses(); } public static void listProcesses() { List<ProcessRecord> processesList = new List<ProcessRecord>{}; Process.GetProcesses().ToList().ForEach(p => { try { processesList.Add(new ProcessRecord { Name = p.ProcessName, MainWindowHandle = (int) p.MainWindowHandle, WindowTitle = p.MainWindowTitle, SessionId = p.SessionId, StartTime = p.StartTime }); } catch (Win32Exception) { // Just ignoring this to avoid the Access Denied exception for low-level system processes } }); Console.WriteLine(JsonConvert.SerializeObject(processesList)); } } } I tried running the service as a Local User in the local Administrators group. I also tried enabling 'Allow the service to interact with the desktop' out of desperation. I've invested a good 6 hours in this and unfortunately, my deadline is closing in. Can anyone point me in the right direction? **I do not need to know the MainWindowHandle**, I just need to list processes where the MainWindowhandle is not 0. Unfortunately, I will need to know the session ID. How should I proceed? Is the answer simple **"It cannot be done"** or is there a naughty workaround, such as impersonation? Maybe there's an easier way to list applications opened by users without having to depend on `MainWindowHandle != 0`? Thanks for any pointers!我已经在PowerShell中编写了Windows服务。它运作良好,但是我需要找到一个主要的限制解决方案。我需要列出窗口应用程序的所有进程-这是...
如果您需要使用窗口应用程序进行处理,则可以按属性mainwindowhandle过滤处理
Get-Process | Where-Object {$_.mainwindowhandle -ne 0} | select ProcessName | ft -HideTableHeaders