Compile Powershell Script To Exe

• It encapsulates the script with a lightweight PowerShell host written in C# and compiles the dynamically generated C# source code in memory to an EXE file. The resulting EXE is an.NET assembly that contains the source script encoded in Base64.
• Feb 16, 2017  What is the best 'free' way to compile PS1 files to EXE. I have read that there's something in the community extensions and also in PowerGUI Pro but I do not want to pay for that if I don't have to.
• Sep 21, 2015  what are the possibilities of compiling a powershell script into an executable so a user can start it without having to go via powershell or powershell ISE and at no point see the console. I'm looking into an alternative that has to be free ( if possible as i'll be using it perhaps only one or 2 times ).

• Powershell Convert To Exe
• Compile Powershell Script To Exe Windows 10

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

PS2EXE-GUI: 'Convert' PowerShell Scripts to EXE Files with GUI Overworking of the great script of Ingo Karstein with GUI support. The GUI output and input is activated with one switch, real windows executables are generated.

• ' href='https://www.remkoweijnen.nl/blog/'>Home

Author: Remko Weijnen13Mar

Recently I stumbled upon an executable that appeared to be a PowerShell script converted into an executable.

I was curious to the actual script so I decided to have a look and see how I could convert the executable back into PowerShell.

Having seen similar techniques to turn vb scripts and java jar’s into executables I first looked if this particular executable was simply carrying the payload in the resource section.

I opened the executable with Resource Hacker and saw 2 resources (note that I am using a simple HelloWorld executable here in the screenshots). The first resource, named 1, is clearly a Unicode string with the title:

Resource Hacker – HelloWorld.exe

The second resource, named 4 is probably carrying the payload and is encrypted or obfuscated:

Resource Hacker

I saved the resource as a .bin file and inspected it with a hex viewer:

test.bin

The code turned out to be AES encrypted and I wrote a tool to decrypt it. As the decrypted code had a comment line Code generated by:Â SAPIEN Technologies, Inc., PowerShell Studio 2016 v5.3.130 I could conclude that it was compiled using Sapien PowerShell Studio.

I asked a few PowerShell people I know to test my decryptor and they came back with positive results. In this testing I noticed that there were some different variants of the code that Sapien uses and so far I have identified 3 different ones which can be decrypted.

One tester noted of a different tool, ISESteroids, that can also convert PowerShell scripts into executables. ISESteroids uses a different technique but the decryptor tool also supports it.

The decryptor has the following commandline arguments:

ExeToPosh usage

Note that the tool comes in both 32- and 64 bit versions so you need to use the one that matches your binaries bitness (else you will get a System.BadImageFormatException).

Here’s an example of using it:

ExeToPosh ExampleExeToPosh0.2.zip (8565 downloads)

Share this:

Like this:

LikeLoading...

Related

Please consider donating something (even a small amount is ok) to support this site and my work:
Filed under: UncategorizedRSS feed for comments on this postTrackBack URI

JulienMarch 13th, 2017 at 20:151

Good job but the download link doesn’t work! Thanks for sharing 😉

JulienMarch 13th, 2017 at 22:562

The download works now! 🙂

FelMarch 18th, 2017 at 15:483

Everything so nice , so much work done, and here you are not providing source code or anything else that the exe, you sure should work for Microsoft.

Remko WeijnenMarch 19th, 2017 at 18:094

I’m not sure what bashing Microsoft adds here. With regards to the source code I have reasons for not publishing it. Goal was enable you to read exe powershell scripts before executing and that has been accomplished…

Remko WeijnenMarch 19th, 2017 at 19:595

Not sure why you are responding so harsh, I have good reasons for not publishing the source code… The goal was to be able to view what’s inside PowerShell Executables and that has been accomplished.

Reggie WattsJune 16th, 2017 at 19:576

Too bad it looks like it has a trojan in it. I was hoping for a real solution, not to get my enterprise owned.

Remko WeijnenJune 17th, 2017 at 12:217

Hi Reggie, I can tell you the alerts is a false positive and I’ve even reported that to several AV vendors but sadly due to the nature of the program (encryption and loading resources from exe) it flags some AV’s.
If you don’t trust me on this, try it in a VM or a sandbox solution such as Sandboxie.

squ1zzySeptember 14th, 2017 at 19:578

Hi Remko,

When using your tool it say’s “password ????????????>??????????” and the output is still encrypted. Do you know why? Can you tell more about how you found the key and IV?

Cheers,
Squ1zZy

squ1zzySeptember 18th, 2017 at 22:279

There’s a document online how to decrypt an executable using a newer version of PowerShell Studio:

https://www.thalpius.com

BenMay 29th, 2018 at 0:3610

Hey mate, thanks for writing this.
i tried it today and am getting the following

C:Temp>ExeToPosh.exe /i Monitor.exe /o test.ps1
ExeToPosh 0.2 written by Remko Weijnen
Input file: Monitor.exe
Output file: test.ps1
Packer: Sapien (PowerShell Studio) variant 3

Unhandled Exception: System.ArgumentNullException: Value cannot be null.
Parameter name: source
at System.Runtime.InteropServices.Marshal.CopyToManaged(IntPtr source, Object destination, Int32 startIndex, Int32 length)
at ExeToPosh.Program.LoadProperties(Assembly ass)
at ExeToPosh.Program.Main(String[] args)

followed by a crash window.

I am running the x64 version on x64 win 10 1803, under an elevated command prompt.

any suggestions ?

Remko WeijnenMay 29th, 2018 at 1:0411

Can you share the exe?

Leave a reply

• Entries (RSS)
• Comments (RSS)

Profile

Top Posts

• Query Active Directory from Excel
• How rdp passwords are encrypted
• RNS 315: Enable the hidden bluetooth carkit
• Default username password HP Storageworks P2000
• Adding a hidden Exchange mailbox to Outlook
• Trick to Export Private Key from Certificate Request
• Enable Developer mode on VW Discover Pro with VCDS
• Update AMD Display Driver under BootCamp
• Citrix Receiver Unknown client error 1110

Recent Comments

Laurent Daudelin on Update AMD Display Driver under BootCampSorin Srbu on Determining if Battery Backed Write Cache is installedBelkin Support on silly issue with DHCP reservation on Netgear WNDR3700 routerMatty Ice on ClickOnce Applications in Enterprise EnvironmentsGiovanni on Google Earth fix for XenApp, RDSH & Horizon

Featured Downloads

ExeToPosh0.2.zip (8565 downloads)

AMD Radeon Crimson ReLive (2242 downloads)

Google Earth Compatibility Fix for Horizon, RDSH and XenApp (3047 downloads)

test-file (2617 downloads)

mstsc.exe build 6.1.7600.16385 (42821 downloads)

mage (3711 downloads)

DecryptPITFile.zip (3623 downloads)

rc4.zip (3592 downloads)

CtxPassCom.zip (3685 downloads)

SetMixedCode.zip (2896 downloads)

Powershell Convert To Exe

Donate

Blogroll

Andrew Morgan

Arnout’s blog

Assa’s Blog

Barry Schiffer

Delphi Praxis

Ingmar Verheij

Jedi Api Blog

Jedi API Library

Jeroen Tielen

Kees Baggerman

Compile Powershell Script To Exe Windows 10

Categories

Archives

• March 2018 (1)
• January 2018 (4)
• December 2017 (3)
• April 2017 (1)
• March 2017 (5)
• February 2017 (4)
• May 2016 (3)
• March 2016 (1)
• October 2015 (2)
• September 2015 (1)
• January 2015 (1)
• August 2014 (1)
• July 2014 (8)
• May 2014 (1)
• November 2013 (1)
• October 2013 (2)
• September 2013 (3)
• August 2013 (4)
• June 2013 (2)
• May 2013 (3)
• April 2013 (5)
• March 2013 (5)
• February 2013 (1)
• January 2013 (5)
• December 2012 (9)
• November 2012 (3)
• October 2012 (3)
• August 2012 (4)
• July 2012 (2)
• June 2012 (1)
• May 2012 (6)
• March 2012 (13)
• February 2012 (12)
• January 2012 (9)
• December 2011 (9)
• November 2011 (4)
• October 2011 (5)
• September 2011 (10)
• August 2011 (10)
• July 2011 (2)
• June 2011 (8)
• May 2011 (12)
• April 2011 (4)
• March 2011 (14)
• February 2011 (8)
• January 2011 (32)
• December 2010 (23)
• November 2010 (19)
• October 2010 (10)
• September 2010 (6)
• August 2010 (1)
• July 2010 (1)
• June 2010 (6)
• March 2010 (7)
• February 2010 (3)
• December 2009 (3)
• November 2009 (11)
• September 2009 (2)
• July 2009 (1)
• June 2009 (5)
• May 2009 (1)
• April 2009 (2)
• March 2009 (3)
• February 2009 (6)
• January 2009 (3)
• December 2008 (8)
• November 2008 (5)
• October 2008 (3)
• September 2008 (3)
• August 2008 (3)
• June 2008 (6)
• May 2008 (2)
• April 2008 (3)
• March 2008 (5)
• January 2008 (3)
• December 2007 (3)
• November 2007 (13)
• October 2007 (10)

Site Admin |powered by WordPress |Theme

%d bloggers like this:

This has been asked for many times. But it's unlikely to get done.

First, even if MS were to do it, it would almost certainly end up compiled as IL (Intermediate Language), like all .NET binaries. These are convertible back to code with tools like reflector. So an execution is not going to be very helpful in terms of 'security'.

My suggestion to you is to NOT obfuscate your code, but to digitally sign it and set the execution policy on the Win7 boxes to run signed code only. That way, any 'fixes' your users do immediately invlidated the digital signature and since they can't re-sign it, their changes can't really be run.

At the end of the day, hire folks you can trust, and trust the folks you hire.