You can execute commands in the context of an AppX Package to gain access to it's virtualized resources (example virtualized registry keys or files)
The Invoke-CommandInDesktopPackage cmdlet requires 3 mandatory arguments: -AppId, -Command and -PackageFamilyName.
- The
-Commandfalg can be any command we want to excute. - In order to obtain the
PackageFamilyNamewe can executeGet-AppxPackagewith the package name. For example we can for theCalculatorpackage:
Get-AppxPackage *calc*
Name : Microsoft.WindowsCalculator
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Architecture : X64
ResourceId :
Version : 11.2210.0.0
PackageFullName : Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe
IsFramework : False
PackageFamilyName : Microsoft.WindowsCalculator_8wekyb3d8bbwe
PublisherId : 8wekyb3d8bbwe
IsResourcePackage : False
IsBundle : False
IsDevelopmentMode : False
NonRemovable : False
Dependencies : {Microsoft.UI.Xaml.2.8_8.2212.15002.0_x64__8wekyb3d8bbwe, Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe,
Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe, Microsoft.VCLibs.140.00_14.0.30704.0_x64__8wekyb3d8bbwe...}
IsPartiallyStaged : False
SignatureKind : Store
Status : Ok- To obtain the
AppIdwe need a to query the application manifest. We can do so by using theGet-AppxPackageManifestcmdlet and providing it with thePackageFullName
$(Get-AppxPackageManifest $(Get-AppxPackage *calc*).PackageFullName).Package.Applications.Application.IdMerging all of this and the final query will look like this
Get-AppxPackage *calc* | % { Invoke-CommandInDesktopPackage -Command cmd.exe -PreventBreakaway -PackageFamilyName $_.PackageFamilyName -AppId $((Get-AppxPackageManifest $_.PackageFullName).Package.Applications.Application.id) }This new process will have some additional attributes in it's token:
WIN://SYSAPPIDWIN://PKGWIN://PKGHOSTID
