4

One of my co-workers loses focus on his current window each like 5 minutes or so. Now I'm wondering which process steals the focus

I found this cool application focus.exe which will list the current foreground window - the window which has the focus.

Whenever the focus was stolen, the program printed this information:

9524:Could not open process | Wed Oct 18 14:57:15 2017
19304:Could not open process | Wed Oct 18 14:57:15 2017

As you can see the focus gets stolen by a process that could not been opened, so this information doesn't help me that much. What helps me, is that it still logs the processes PID.

So i wrote a little PowerShell Oneliner which should catch every new process that get's created and should output the process information:

$p = ps ; while (1) { ps | ? { $_.id -notin $p.Id } ; sleep -milliseconds 1 }

But this didn't catch any of the PID's focus.exe pointed out.

How can I catch processes that couldn't been started, but still got a PID?

SimonS
  • 9,869

1 Answers1

3

ok i got it, the PID just didn't get recognized because PowerShell put out so much that it got overwritten. so when I just out-file'd the new processes I could see the PID in the Log.

$p = ps ; while (1) { ps | ? { $_.id -notin $p.Id } | out-file C:\install\PID.txt -append ; sleep -milliseconds 1 }

the focus-stealing process was a background Task of Avira btw. :)

edit: here a solution without writing a log file. I just needed to update $p so each new process only gets printed once

$p = ps ; while (1) { ps | ? { $_.id -notin $p.Id } ; $p = ps ; sleep -milliseconds 1 }
SimonS
  • 9,869