- It encapsulates the script with a lightweight PowerShell host written in C# and compiles the dynamically generated C# source code in memory to an EXE file. The resulting EXE is an.NET assembly that contains the source script encoded in Base64.
- Feb 16, 2017 What is the best 'free' way to compile PS1 files to EXE. I have read that there's something in the community extensions and also in PowerGUI Pro but I do not want to pay for that if I don't have to.
- Sep 21, 2015 what are the possibilities of compiling a powershell script into an executable so a user can start it without having to go via powershell or powershell ISE and at no point see the console. I'm looking into an alternative that has to be free ( if possible as i'll be using it perhaps only one or 2 times ).
PS2EXE-GUI: 'Convert' PowerShell Scripts to EXE Files with GUI Overworking of the great script of Ingo Karstein with GUI support. The GUI output and input is activated with one switch, real windows executables are generated.
- ' href='https://www.remkoweijnen.nl/blog/'>Home
Recently I stumbled upon an executable that appeared to be a PowerShell script converted into an executable.
I was curious to the actual script so I decided to have a look and see how I could convert the executable back into PowerShell.
Having seen similar techniques to turn vb scripts and java jar’s into executables I first looked if this particular executable was simply carrying the payload in the resource section.
I opened the executable with Resource Hacker and saw 2 resources (note that I am using a simple HelloWorld executable here in the screenshots). The first resource, named 1, is clearly a Unicode string with the title:
Resource Hacker – HelloWorld.exeThe second resource, named 4 is probably carrying the payload and is encrypted or obfuscated:
Resource HackerI saved the resource as a .bin file and inspected it with a hex viewer:
test.binThe code turned out to be AES encrypted and I wrote a tool to decrypt it. As the decrypted code had a comment line Code generated by:Â SAPIEN Technologies, Inc., PowerShell Studio 2016 v5.3.130
I could conclude that it was compiled using Sapien PowerShell Studio.
I asked a few PowerShell people I know to test my decryptor and they came back with positive results. In this testing I noticed that there were some different variants of the code that Sapien uses and so far I have identified 3 different ones which can be decrypted.
One tester noted of a different tool, ISESteroids, that can also convert PowerShell scripts into executables. ISESteroids uses a different technique but the decryptor tool also supports it.
The decryptor has the following commandline arguments:
ExeToPosh usageNote that the tool comes in both 32- and 64 bit versions so you need to use the one that matches your binaries bitness (else you will get a System.BadImageFormatException
).
Here’s an example of using it:
ExeToPosh ExampleExeToPosh0.2.zip (8565 downloads)Share this:
Like this:
LikeLoading...Related
Please consider donating something (even a small amount is ok) to support this site and my work:Filed under: UncategorizedRSS feed for comments on this postTrackBack URI
Good job but the download link doesn’t work! Thanks for sharing 😉
The download works now! 🙂
Everything so nice , so much work done, and here you are not providing source code or anything else that the exe, you sure should work for Microsoft.
I’m not sure what bashing Microsoft adds here. With regards to the source code I have reasons for not publishing it. Goal was enable you to read exe powershell scripts before executing and that has been accomplished…
Not sure why you are responding so harsh, I have good reasons for not publishing the source code… The goal was to be able to view what’s inside PowerShell Executables and that has been accomplished.
Too bad it looks like it has a trojan in it. I was hoping for a real solution, not to get my enterprise owned.
Hi Reggie, I can tell you the alerts is a false positive and I’ve even reported that to several AV vendors but sadly due to the nature of the program (encryption and loading resources from exe) it flags some AV’s.
If you don’t trust me on this, try it in a VM or a sandbox solution such as Sandboxie.
Hi Remko,
When using your tool it say’s “password ????????????>??????????” and the output is still encrypted. Do you know why? Can you tell more about how you found the key and IV?
Cheers,
Squ1zZy
There’s a document online how to decrypt an executable using a newer version of PowerShell Studio:
https://www.thalpius.com
Hey mate, thanks for writing this.
i tried it today and am getting the following
C:Temp>ExeToPosh.exe /i Monitor.exe /o test.ps1
ExeToPosh 0.2 written by Remko Weijnen
Input file: Monitor.exe
Output file: test.ps1
Packer: Sapien (PowerShell Studio) variant 3
Unhandled Exception: System.ArgumentNullException: Value cannot be null.
Parameter name: source
at System.Runtime.InteropServices.Marshal.CopyToManaged(IntPtr source, Object destination, Int32 startIndex, Int32 length)
at ExeToPosh.Program.LoadProperties(Assembly ass)
at ExeToPosh.Program.Main(String[] args)
followed by a crash window.
I am running the x64 version on x64 win 10 1803, under an elevated command prompt.
any suggestions ?
Can you share the exe?
Leave a reply
- Entries (RSS)
- Comments (RSS)
Profile
Top Posts
- Query Active Directory from Excel
- How rdp passwords are encrypted
- RNS 315: Enable the hidden bluetooth carkit
- Default username password HP Storageworks P2000
- Adding a hidden Exchange mailbox to Outlook
- Trick to Export Private Key from Certificate Request
- Enable Developer mode on VW Discover Pro with VCDS
- Update AMD Display Driver under BootCamp
- Citrix Receiver Unknown client error 1110
Recent Comments
Laurent Daudelin on Update AMD Display Driver under BootCampSorin Srbu on Determining if Battery Backed Write Cache is installedBelkin Support on silly issue with DHCP reservation on Netgear WNDR3700 routerMatty Ice on ClickOnce Applications in Enterprise EnvironmentsGiovanni on Google Earth fix for XenApp, RDSH & HorizonFeatured Downloads
Powershell Convert To Exe
Donate
Blogroll
Compile Powershell Script To Exe Windows 10
Categories
Archives
- March 2018 (1)
- January 2018 (4)
- December 2017 (3)
- April 2017 (1)
- March 2017 (5)
- February 2017 (4)
- May 2016 (3)
- March 2016 (1)
- October 2015 (2)
- September 2015 (1)
- January 2015 (1)
- August 2014 (1)
- July 2014 (8)
- May 2014 (1)
- November 2013 (1)
- October 2013 (2)
- September 2013 (3)
- August 2013 (4)
- June 2013 (2)
- May 2013 (3)
- April 2013 (5)
- March 2013 (5)
- February 2013 (1)
- January 2013 (5)
- December 2012 (9)
- November 2012 (3)
- October 2012 (3)
- August 2012 (4)
- July 2012 (2)
- June 2012 (1)
- May 2012 (6)
- March 2012 (13)
- February 2012 (12)
- January 2012 (9)
- December 2011 (9)
- November 2011 (4)
- October 2011 (5)
- September 2011 (10)
- August 2011 (10)
- July 2011 (2)
- June 2011 (8)
- May 2011 (12)
- April 2011 (4)
- March 2011 (14)
- February 2011 (8)
- January 2011 (32)
- December 2010 (23)
- November 2010 (19)
- October 2010 (10)
- September 2010 (6)
- August 2010 (1)
- July 2010 (1)
- June 2010 (6)
- March 2010 (7)
- February 2010 (3)
- December 2009 (3)
- November 2009 (11)
- September 2009 (2)
- July 2009 (1)
- June 2009 (5)
- May 2009 (1)
- April 2009 (2)
- March 2009 (3)
- February 2009 (6)
- January 2009 (3)
- December 2008 (8)
- November 2008 (5)
- October 2008 (3)
- September 2008 (3)
- August 2008 (3)
- June 2008 (6)
- May 2008 (2)
- April 2008 (3)
- March 2008 (5)
- January 2008 (3)
- December 2007 (3)
- November 2007 (13)
- October 2007 (10)
Site Admin |powered by WordPress |Theme
This has been asked for many times. But it's unlikely to get done.
First, even if MS were to do it, it would almost certainly end up compiled as IL (Intermediate Language), like all .NET binaries. These are convertible back to code with tools like reflector. So an execution is not going to be very helpful in terms of 'security'.
My suggestion to you is to NOT obfuscate your code, but to digitally sign it and set the execution policy on the Win7 boxes to run signed code only. That way, any 'fixes' your users do immediately invlidated the digital signature and since they can't re-sign it, their changes can't really be run.
At the end of the day, hire folks you can trust, and trust the folks you hire.