Prev: wmi monitoring files that are being modified
Next: How to "harvest" the contents of a hidden or "about blank" web
From: Tom Tyson on 4 Aug 2010 17:16 Hi again, I'm looking for a way to hide the HTA / vbscript code I've written from users. I basically want to compile my HTA to an exectable, pulling in all the resouces (vbs files, graphics etc.) and distribute the .exe file. The best thing I found was ExeScript - but it would still create and leave a plain text file with my script code in the users temp folder. Is there any on-the-fly compiler that doesn't leave any source code behind? Tom
From: Todd Vargo on 4 Aug 2010 19:54 Tom Tyson wrote: > Hi again, > > I'm looking for a way to hide the HTA / vbscript code I've written from > users. I basically want to compile my HTA to an exectable, pulling in all > the resouces (vbs files, graphics etc.) and distribute the .exe file. > > The best thing I found was ExeScript - but it would still create and leave > a plain text file with my script code in the users temp folder. Is there > any on-the-fly compiler that doesn't leave any source code behind? So the following statement is a lie? "Executing the script in computer memory without writing to the disk. Therefore, the security of the script is enhanced since it is impossible to see the contents." -- Todd Vargo (Post questions to group only. Remove "z" to email personal messages)
From: Mayayana on 4 Aug 2010 20:04 | | The best thing I found was ExeScript - but it would still create and leave a | plain text file with my script code in the users temp folder. Is there any | on-the-fly compiler that doesn't leave any source code behind? | Compiling means software compiled to native code. Script is interpreted. so before it runs it has to be decoded. There's no such thing as "compiled script". What you're doing is just compression, encryption, or some such. You can hide it from most people, like you're doing now, but you can't compile it to a real EXE. And even if you hide it, it's an HTA. So people can just right-click -> View Source.
From: Tom Tyson on 5 Aug 2010 05:42 "Todd Vargo" <tlvargo(a)sbcglobal.netz> wrote in message news:uwqz0BDNLHA.5396(a)TK2MSFTNGP05.phx.gbl... > Tom Tyson wrote: >> Hi again, >> >> I'm looking for a way to hide the HTA / vbscript code I've written from >> users. I basically want to compile my HTA to an exectable, pulling in all >> the resouces (vbs files, graphics etc.) and distribute the .exe file. >> >> The best thing I found was ExeScript - but it would still create and >> leave a plain text file with my script code in the users temp folder. Is >> there any on-the-fly compiler that doesn't leave any source code behind? > > So the following statement is a lie? > > "Executing the script in computer memory without writing to the disk. > Therefore, the security of the script is enhanced since it is impossible > to see the contents." > > -- > Todd Vargo > > (Post questions to group only. Remove "z" to email personal messages) In my scenario, when I run the executable created from the HTA with ExeScript, it acts just like a self-extracting archive, ie. extracting all resources, including the HTA source, to its working directory. Once the app is closed, it deletes all the resources it created.
From: Mayayana on 5 Aug 2010 08:24 | | In my scenario, when I run the executable created from the HTA with | ExeScript, it acts just like a self-extracting archive, ie. extracting all | resources, including the HTA source, to its working directory. Once the app | is closed, it deletes all the resources it created. | That's all it can do. Look up "compile". Look up "interpreted code". Anyone who claims to "compile" script is either lying or doesn't know what they're talking about. That kind of software has to be doing something like an SFX. That's all the more true with a HTA. Mshta.exe has to be given a webpage, which it then loads into an IE window. You can't pass an EXE to mshta!! You might be able to zlib-encode the page. IE should recognize that. But you're really just using the wrong tool for the job you want to do. It's like Flash video online: In the final analysis it's a downloaded file. There's no way around that. Website owners want to sell ads so they try to make people think it's a broadcast, like TV. They try to prevent people from saving the file. Generally they have pretty good luck with that scam. But it can never be foolproof because people can't see the video unless the file is downloaded. No amount of pretending will turn an FLV into a broadcast.
|
Next
|
Last
Pages: 1 2 3 Prev: wmi monitoring files that are being modified Next: How to "harvest" the contents of a hidden or "about blank" web |