Prev: wmi monitoring files that are being modified
Next: How to "harvest" the contents of a hidden or "about blank" web
From: Tom Tyson on 4 Aug 2010 17:16
Hi again,

I'm looking for a way to hide the HTA / vbscript code I've written from
users. I basically want to compile my HTA to an exectable, pulling in all
the resouces (vbs files, graphics etc.) and distribute the .exe file.

The best thing I found was ExeScript - but it would still create and leave a
plain text file with my script code in the users temp folder. Is there any
on-the-fly compiler that doesn't leave any source code behind?

Tom


From: Todd Vargo on 4 Aug 2010 19:54
Tom Tyson wrote:
> Hi again,
>
> I'm looking for a way to hide the HTA / vbscript code I've written from
> users. I basically want to compile my HTA to an exectable, pulling in all
> the resouces (vbs files, graphics etc.) and distribute the .exe file.
>
> The best thing I found was ExeScript - but it would still create and leave
> a plain text file with my script code in the users temp folder. Is there
> any on-the-fly compiler that doesn't leave any source code behind?

So the following statement is a lie?

"Executing the script in computer memory without writing to the disk.
Therefore, the security of the script is enhanced since it is impossible to
see the contents."

--
Todd Vargo

(Post questions to group only. Remove "z" to email personal messages)

From: Mayayana on 4 Aug 2010 20:04
|
| The best thing I found was ExeScript - but it would still create and leave
a
| plain text file with my script code in the users temp folder. Is there any
| on-the-fly compiler that doesn't leave any source code behind?
|

Compiling means software compiled to native code.
Script is interpreted. so before it runs it has to be
decoded. There's no such thing as "compiled script".
What you're doing is just compression, encryption,
or some such. You can hide it from most people, like
you're doing now, but you can't compile it to a real EXE.
And even if you hide it, it's an HTA. So people can just
right-click -> View Source.


From: Tom Tyson on 5 Aug 2010 05:42

"Todd Vargo" <tlvargo(a)sbcglobal.netz> wrote in message
news:uwqz0BDNLHA.5396(a)TK2MSFTNGP05.phx.gbl...
> Tom Tyson wrote:
>> Hi again,
>>
>> I'm looking for a way to hide the HTA / vbscript code I've written from
>> users. I basically want to compile my HTA to an exectable, pulling in all
>> the resouces (vbs files, graphics etc.) and distribute the .exe file.
>>
>> The best thing I found was ExeScript - but it would still create and
>> leave a plain text file with my script code in the users temp folder. Is
>> there any on-the-fly compiler that doesn't leave any source code behind?
>
> So the following statement is a lie?
>
> "Executing the script in computer memory without writing to the disk.
> Therefore, the security of the script is enhanced since it is impossible
> to see the contents."
>
> --
> Todd Vargo
>
> (Post questions to group only. Remove "z" to email personal messages)

In my scenario, when I run the executable created from the HTA with
ExeScript, it acts just like a self-extracting archive, ie. extracting all
resources, including the HTA source, to its working directory. Once the app
is closed, it deletes all the resources it created.





From: Mayayana on 5 Aug 2010 08:24
|
| In my scenario, when I run the executable created from the HTA with
| ExeScript, it acts just like a self-extracting archive, ie. extracting all
| resources, including the HTA source, to its working directory. Once the
app
| is closed, it deletes all the resources it created.
|

That's all it can do. Look up "compile". Look up
"interpreted code". Anyone who claims to "compile"
script is either lying or doesn't know what they're
talking about. That kind of software has to be doing
something like an SFX. That's all the more true with
a HTA. Mshta.exe has to be given a webpage, which
it then loads into an IE window. You can't pass an
EXE to mshta!! You might be able to zlib-encode the
page. IE should recognize that. But you're really
just using the wrong tool for the job you want to do.

It's like Flash video online: In the
final analysis it's a downloaded file. There's no way
around that. Website owners want to sell ads so
they try to make people think it's a broadcast, like
TV. They try to prevent people from saving the file.
Generally they have pretty good luck with that scam.
But it can never be foolproof because people can't
see the video unless the file is downloaded. No amount
of pretending will turn an FLV into a broadcast.


 |  Next  |  Last
Pages: 1 2 3
Prev: wmi monitoring files that are being modified
Next: How to "harvest" the contents of a hidden or "about blank" web