screnc default.htm defaultenc.htm
You can also call a method on the encoder object within scrrun.dll. The
method is called encodescriptfile. Look it up in the object browser for
more info.
Have fun. Look forward to hearing your comments.
Regards
Andrew Clinick
Microsoft Script Progam Manager
http://msdn.microsoft.com/scripting
Andrew Clinick(MS) <and...@microsoft.com> wrote in message news:uNdgg2lH#GA....@uppssnewspub05.moswest.msn.net...
--
Regards
Andrew Clinick
Microsoft Script Progam Manager
http://msdn.microsoft.com/scripting
John T. Spivey <jsp...@purdue.edu> wrote in message
news:u6j04KmH#GA...@uppssnewspub04.moswest.msn.net...
http://msdn.microsoft.com/scripting/
And here is an excerpt from the first entry on the page:
<SNIP>
Headlines
Microsoft Script Encoder Beta 1
Version 5 of Visual Basic Scripting Edition and JScript include the ability
to encode your script, making it difficult for people to view your script
code. The Microsoft Script Encoder is a command line tool that will encode
your script in HTML, ASP, Scriptlets and Windows Script Host files. Download
the x86 or alpha versions of the Microsoft Script Encoder beta to encode
your script.
</SNIP>
The link is kind of hidden but it's in the last sentence.
______
ab/mvp
www.desktop.on.ca
www.swynk.com/friends/bertrand/
Serdar Kilic <ski...@hotmail.com> wrote in message
OmLvZOnH#GA....@uppssnewspub04.moswest.msn.net...
>ppl,
> I couldn't find screnc.exe on the site, where is it exactly ?
>
>regards
>s.k.
>
>
>
______
ab/mvp
www.desktop.on.ca
www.swynk.com/friends/bertrand/
Andrew Clinick(MS)
Serdar Kilic wrote in message ...
Once the scripting engine has compiled it the first time, there's no further
decoding overhead, right?
TIA,
Terry Greenlaw
Worldwide Clinical Trials
tgre...@usa.wctrials.com
Andrew Clinick(MS) wrote in message
<#qfoyTmH#GA....@uppssnewspub05.moswest.msn.net>...
>Have fun. Look forward to hearing your comments.
>
>
--
Regards
Andrew Clinick
Microsoft Script Progam Manager
http://msdn.microsoft.com/scripting
Aaron Bertrand [MVP] <aaronATdesktopDOTonDOTca> wrote in message
news:OfxelhnH#GA....@uppssnewspub05.moswest.msn.net...
> Okay I've already been playing, where do we file bug reports? :)
> Or should I post my experiences (so far) here?
>
> ______
> ab/mvp
>
> www.desktop.on.ca
> www.swynk.com/friends/bertrand/
>
>
>
> Andrew Clinick(MS)
Well, nothing I've tried works, even the example in the help file.
The encoder seems to encrypt the script like it's supposed to, but even
following instructions to the letter, nothing worked.
I tried this simple example:
<script language="jscript">
<!--//
// Code by whoever
//**Start Encode**
alert("Hello");
//-->
</script>
Saved it as c:\1.htm
Then ran this:
screnc c:\1.htm c:\2.htm
And it did create 2.htm, which looked like this:
<script language="JScript.Encode">
<!--//
// Code by whoever
//**Start Encode**#@~^IAAAAA==@#@&ls DD`J_+^sWr#I@#@&z&R a@#@&^#~@</script>
However this page does not produce the alert box like the original file did.
I tried the same procedure with the exact instrunctions from the help file,
no go.
In fact I have yet to hear of anyone able to make this encoder work with any
script.
Is there some trick I'm not aware of?
______
ab/mvp
www.desktop.on.ca
www.swynk.com/friends/bertrand/
Ian Morrish <i...@glazier.co.nz> wrote in message news:Oj2OHgCI#GA....@uppssnewspub05.moswest.msn.net...I have the same problem with WSH files.Even this...'Small test
'**Start Encode**
Wscript.echo "testing"ÂWhich is converted to...'Small test
'**Start Encode**#@~^GgAAAA==@#@& d1DbwYc+14W,JO+kYrUTJ^#~@Âdoesn't do anything.I have the VBScript 5 beta 2 installed.ÂMaybe I need Beta 3 of the scripting engine or WSH v2 :-)
1. At a command prompt, enter "ASSOC .VBE=VBEFile". This is an NT command.
If you are using Win9x, you will have to add the association via REGEDIT.
2. At a command prompt, enter "FTYPE
VBEFile=%SystemRoot%\System32\CScript.exe "%1" %*". This is also an NT
command.
(Note: You can use the .VBS and VBSFile keys in the registry as a guide to
editing these entries manually).
3. Use REGEDIT and edit the HKEY_CLASSES_ROOT\VBEFile key as follows:
3a. Edit the default value for the VBEFile key to "Encoded VBScript Script
File" (this is the text shown in Explorer).
3b. Create a new key under the VBEFile key called "DefaultIcon" and set its
default value to "%SystemRoot%\System32\WScript.exe,2" (this is the icon
used by Explorer)
3c. Create a new key under the VBEFile key called "ScriptEngine" and set its
default value to "VBScript.Encode" (this tells WSH which key to use to
launch the script object)
After doing this I can run encoded VBE files just fine. You might also want
to copy the various extra keys under the Shell key from the VBSFile entry,
but they are not needed.
Note that the setup above associates VBE files with the CSCRIPT host. Change
the setup to WSCRIPT if you want. At present, WSH is not aware of the VBE
file type, so using the CSCRIPT switches to change hosts will only work for
VBS not VBE files.
--
Tim Hill -- Windows NT MVP
(Pursuant to US Code, Title 47, Chapter 5, Subchapter II, 227, any and all
nonsolicited commercial E-mail sent to this address is subject to a download
and archival fee in the amount of $1000 US. E-mailing denotes acceptance of
these terms.)
Ian Morrish wrote in message ...
--
Andrew Clinick
Microsoft Script Program Manager
http://msdn.microsoft.com/scripting
Jeff Kowalczyk wrote in message ...
Ian Morrish wrote in message ...For Windows 98 just run this reg file.Thanks for your tips Tim.ÂÂ
Ian Morrish wrote:
> I have the same problem with WSH files.Even this...'Small test
> '**Start Encode**
> Wscript.echo "testing" Which is converted to...'Small test
> '**Start Encode**#@~^GgAAAA==@#@& d1DbwYc+14W,JO+kYrUTJ^#~@ doesn't do
> anything.I have the VBScript 5 beta 2 installed. Maybe I need Beta 3
> of the scripting engine or WSH v2 :-)
--
*************************************************
* You can send me email at: *
* adw...@bpa.gov *
*************************************************
Or, is that I'm using it on .htm files (like the 'Script Encoder Syntax'
example)
d.
Arthur White wrote in message <366DA35A...@bpa.gov>...
> So, this means it only works w/ IE 5.0 beta, right?
No, once I added the registry extensions that were mentioned in this thread
then it worked. with the new .vbe extension. I had not read all the
messages before I posted.
-Arthur.
I'd be happy to provide more detail if that's not enough.
- Joel Mueller
Andrew Clinick(MS) <and...@microsoft.com> wrote in message
news:#EBaHt8H#GA....@uppssnewspub04.moswest.msn.net...
>I would post them to the newsgroup at the moment. ANy major bugs found so
>far?
>
--
Andrew Clinick
Microsoft Script Program Manager
http://msdn.microsoft.com/scripting
Joel Mueller wrote in message ...
I'm curious wether there will be any capability to encrypt scripts in the
future, using a supplied key. It would be nice for us engineers who might
have to debug scripts out in the field to be able to decrypt (or unencode)
scripts. Of course, if everyone uses the same encoding scheme, anyone could
decode my script.
--Tony Payne
apa...@infonorth.com
Andrew Clinick(MS) wrote in message ...
>The Microsoft Script Encoder has just been posted to the scripting site.
It
>allows you to use the script encoding feature in the V5 engines. Just run
>screnc.exe, pass in an HTML, ASP, JS, VBS or SCT file and provide a new
name
>for the encoded version e.g.:
>
>screnc default.htm defaultenc.htm
>
>You can also call a method on the encoder object within scrrun.dll. The
>method is called encodescriptfile. Look it up in the object browser for
>more info.
>
>Have fun. Look forward to hearing your comments.
>
>
--
Tim Hill -- Windows NT MVP
(Pursuant to US Code, Title 47, Chapter 5, Subchapter II, 227, any and all
nonsolicited commercial E-mail sent to this address is subject to a download
and archival fee in the amount of $1000 US. E-mailing denotes acceptance of
these terms.)
Anthony Payne wrote in message ...
1) 99.9% of the people who run the script will be unable to read it.
2) 99.9% of the people who want to modify the script will be unable to
modify it
3) You have legal recourse if someone violates your intellectual property
rights.
It's like locking your car -- a thief who really wants to steal your car is
going to steal your car. But locking it means that 99.9% of people will be
unable to get into your car, and you can easily prosecute anyone who does
manage to subvert your security.
Suppose, for instance, that you write business logic solutions in script for
a living, and you sell a script to XYZ corporation. You want to ensure that
an employee of XYZ corporation does not show your script source code to your
competitors. You want to ensure that XYZ corporation doesn't change your
work, break it, and then sue you when it fails. And you want to ensure that
if XYZ corporation does decode the obfuscated code, that you can go to court
and say that they had to employ a decryption specialist in order to subvert
your rights.
So to answer your question, no, we have no plans to add a key encryption
system in the future. Secure crypto involves a huge number of technical and
legal complications, particularly when you think about the fact that encoded
scripts have to run on win16 machines. We believe that the current solution
addresses the needs of many script authors, and unless we hear from a lot of
people demanding strong crypto, we're going to stick with the simple system.
Eric
Tim Hill/MVP <tim...@pacbell.net> wrote in message
news:uCl$O9RK#GA....@uppssnewspub04.moswest.msn.net...
1) The script could only be run on the system for which it was intended.
Currently, anyone could steal the encoded script and it would still run
fine, on any machine.
2) Noone would be able to decode it without the key.
3) It's a two way street: we can decode our own files.
Granted, it's worthless for internet applications, but would be very useful
for WSH scripts, kiosk applications, etc.
--Tony Payne
Software Engineer
North Communications, Inc.
apa...@infonorth.com
Eric Lippert (Microsoft Scripting Dev) wrote in message ...
If you really want to prevent a script from running on any machine but a
given machine, then I think you'll have to write code that uses some hard
property of an individual machine -- say, the serial number on the ethernet
card.
The real fundamental problem is that script is source code. At some point,
it has to be decoded back into plaintext source code. It's not like
traditional executables, which are difficult to reverse-compile back into
the source code.
Perhaps I'm not understanding exactly what problem you're trying to solve
here. Do you want to prevent your script from running on an unauthorized
machine? Or running by an unauthorized user? Or are you concerned about
people stealing your source code, or what?
Eric
Anthony Payne <apa...@infonorth.com> wrote in message
news:eJMoKyUK#GA....@uppssnewspub05.moswest.msn.net...
To answer your last question, I'm concerned about all of those issues. We
make kiosk applications, some of which are "products." The product consists
of HTML and javascript. I don't want competitors getting the source code
and I don't want possible clients getting a working copy of the application
without purchasing it.
--Tony
Thanks
--
Tim Hill -- Windows NT MVP
(Pursuant to US Code, Title 47, Chapter 5, Subchapter II, 227, any and all
nonsolicited commercial E-mail sent to this address is subject to a download
and archival fee in the amount of $1000 US. E-mailing denotes acceptance of
these terms.)
L. Edmondson wrote in message <36812157...@westcon.com>...