Window Actions
Window actions refer to a set of techniques employed by Remote Access Trojans (RATs) or Command-and-Control (C2) frameworks to manipulate application windows that have been previously enumerated regardless of whether they are currently visible to the user.
These manipulations can include:
- Changing the window title (caption)
- Resizing or repositioning the window
- Modifying its visibility (showing, hiding, updating opacity)
- Altering its state (e.g., maximized, minimized, restored)
- Closing the window or terminating the entire process
While these actions are often leveraged by unsophisticated attackers or "script kiddies" for disruptive or trolling purposes (e.g., interfering with user activities), they can also be used in more advanced attack scenarios. For example: phishing or code injection.
Featured Windows APIs
-
FindWindowUser32.dll -
PostMessageUser32.dll -
SendMessageUser32.dll -
GetWindowThreadProcessIdUser32.dll -
TerminateProcessKernel32.dll -
SetWindowLongUser32.dll -
GetWindowLongUser32.dll -
SetLayeredWindowAttributesUser32.dll -
ShowWindowUser32.dll -
SetWindowPosUser32.dll -
SetWindowLongPtrUser32.dll -
GetActiveWindowUser32.dll
Associated Code Snippets
| Id | Name | Language | Author | Published Date |
|---|---|---|---|---|
| 25 | Message Hijacking via SetWindowLongPtr |
 Delphi
|
DarkCoderSc | 1 day, 16 hours ago. |
| 23 | Update Window Position And Size |
Delphi
|
DarkCoderSc | 1 day, 17 hours ago. |
| 22 | Change Window State |
Delphi
|
DarkCoderSc | 1 day, 17 hours ago. |
| 21 | Show / Hide Window |
Delphi
|
DarkCoderSc | 1 day, 17 hours ago. |
| 20 | Update Window Opacity Level |
Delphi
|
DarkCoderSc | 1 day, 20 hours ago. |
| 19 | Close Window via TerminateProcess |
Delphi
|
DarkCoderSc | 1 day, 20 hours ago. |
| 18 | Close Window via SendMessage |
Delphi
|
DarkCoderSc | 1 day, 20 hours ago. |
| 17 | Close Window via PostMessage |
Delphi
|
DarkCoderSc | 1 day, 20 hours ago. |