Window Actions
Window actions refer to a set of techniques employed by Remote Access Trojans (RATs) or Command-and-Control (C2) frameworks to manipulate application windows that have been previously enumerated regardless of whether they are currently visible to the user.
These manipulations can include:
- Changing the window title (caption)
- Resizing or repositioning the window
- Modifying its visibility (showing, hiding, updating opacity)
- Altering its state (e.g., maximized, minimized, restored)
- Closing the window or terminating the entire process
While these actions are often leveraged by unsophisticated attackers or "script kiddies" for disruptive or trolling purposes (e.g., interfering with user activities), they can also be used in more advanced attack scenarios. For example: phishing or code injection.
Featured Windows APIs
-
FindWindowUser32.dll -
PostMessageUser32.dll -
SendMessageUser32.dll -
GetWindowThreadProcessIdUser32.dll -
TerminateProcessKernel32.dll -
SetWindowLongUser32.dll -
GetWindowLongUser32.dll -
SetLayeredWindowAttributesUser32.dll -
ShowWindowUser32.dll -
SetWindowPosUser32.dll -
SetWindowLongPtrUser32.dll -
GetActiveWindowUser32.dll
Associated Code Snippets
| Id | Name | Language | Author | Published Date |
|---|---|---|---|---|
| 25 | Message Hijacking via SetWindowLongPtr |
 Delphi
|
DarkCoderSc | 6 months ago. |
| 23 | Update Window Position And Size |
Delphi
|
DarkCoderSc | 6 months ago. |
| 22 | Change Window State |
Delphi
|
DarkCoderSc | 6 months ago. |
| 21 | Show / Hide Window |
Delphi
|
DarkCoderSc | 6 months ago. |
| 20 | Update Window Opacity Level |
Delphi
|
DarkCoderSc | 6 months ago. |
| 19 | Close Window via TerminateProcess |
Delphi
|
DarkCoderSc | 6 months ago. |
| 18 | Close Window via SendMessage |
Delphi
|
DarkCoderSc | 6 months ago. |
| 17 | Close Window via PostMessage |
Delphi
|
DarkCoderSc | 6 months ago. |
Associated Feature
| Feature Name | Dangerousness | Key Categories |
|---|---|---|
 Application / Window Manager
|
Low | Spy / Surveillance, Disruption |