Lazy Diary @ Hatena Blog

PowerShell / Java / miscellaneous things about software development, Tips & Gochas. CC BY-SA 4.0/Apache License 2.0

Record the mouse position and the top window title to Windows Event Log

Windows PowerShell

Requirement

Record the user activity to Windows Event Logs.
The mouse position*1 and top window title *2 are used to indicate the activity.

Solution

Run the following PowerShell script every 5 minutes from the Task Scheduler.

Add-Type -AssemblyName System.Windows.Forms
$x = [System.Windows.Forms.Cursor]::Position.X
$y = [System.Windows.Forms.Cursor]::Position.Y

$code = @'
    [DllImport("user32.dll")]
     public static extern IntPtr GetForegroundWindow();
    [DllImport("user32.dll")]
    public static extern IntPtr GetWindowThreadProcessId(IntPtr hWnd, out int ProcessId);
'@
Add-Type $code -Name Utils -Namespace Win32
$myPid = [IntPtr]::Zero;

$hwnd = [Win32.Utils]::GetForegroundWindow()
$null = [Win32.Utils]::GetWindowThreadProcessId($hwnd, [ref] $myPid)
$process = (Get-Process | Where-Object ID -eq $myPid)
$path = ($process | Select-Object Path).Path
$title = ($process | Select-Object MainWindowTitle).MainWindowTitle

Write-EventLog -LogName MyLogName -Source MyLogSource -EventID 1 -Category 0 -EntryType "Information" -Message "X=$x, Y=$y`n$path`n$title"

*1:https://letspowershell.blogspot.com/2016/06/powershell_20.html

*2:https://qiita.com/Xiacchi/items/ad7d35eb476f2f2fb8ae