Compiling .hta file to .exe

StackOverflow https://stackoverflow.com/questions/3979305

  •  09-10-2019
  •  | 
  •  

Question

I have searched far and wide for a way to compile my .hta file (and resources) to a .exe file.

There are plenty of applications that claim to be able to do this - but they have not worked for this application - which is a mixture of javascript and VB.

Simply, (and naively,) I don't want people looking at / screwing with the code. Any suggestions or solutions would be greatly appreciated.

EDIT: Of course, I understand that javascript and VB are not "compilable" since they are interpreted languages. I am just looking for a way to truly hide the source.

Was it helpful?

Solution

You can "compile to exe" by simply wrapping the HTA into an executable which knows how to setup the HTA context/window.

The most trivial approach (which sounds like ExeScript) is to simply extract the HTA/resources first and then execute them. One could theoretically do this without temporary files by injecting data into a running IE context, but the task becomes more difficult. The internal JS may or may not be obfuscated and the wrapper may or may not add an additional layer of obfuscation/"encryption". (PayMo, and I am sure there are others, uses a wrapped context approach to distribute a single runnable exe).

If protecting "intellectual property" is the goal, hire a good lawyer :-)

OTHER TIPS

HTAEdit, which comes bundled with VBSedit, does not truly hide the hta code. At run time, it extracts the original hta file to a subdirectory in %temp% and passes it off to mshta.exe to execute. The converted exe's created by VBSedit don't seem to do this as far as I can tell.

Try using VBSedit, it definitely works for converting both vbs and hta to exe

I'm not sure about compiling to an exe - but if you minify & obfuscate your source code, unless you've got something incredibly valuable, it'd be a huge job to reverse-engineer.

http://developer.yahoo.com/yui/compressor/

Good luck.

You don't need a compiler, you need an encryptor/decryptor, like my project (under construction), the CFS project (Cryptographica File Security).

My clue is to create VBScript or JScript file for HTA to be dynamically spawned by. So you compile not HTA, but the script. This approach meets your security requirements much better than HTA packed to SFX.

Prepare the resources first - import to HTA all external files: scripts, stylesheets, and images (base64-encoded), to make your HTA standalone app. Then create eg VBScript file, and copy all HTML content from your HTA to the string variable in the script, replacing new line and tab symbols to " & vbCrLf & " and " & vbTab & ". Add code to create HTA window dynamically, .write() that string variable to the window's document, and quit script.

Note that Window_OnLoad() may not work properly due to pushing the content to window, that was already loaded.

Then just encrypt your completed VBScript to exe (using true encrypting utility, eg Primal Script 2012, ExeScript, VbsEdit or ScriptCryptor). And change icon with PE Explorer.

All that will take some time, but it is worth doing.

UPD: Here is an example of prepared script by the link.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top