Skip to content
/ ps2exe Public

A lightweight, native Windows tool that compiles PowerShell scripts into standalone executable files.

7 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kas-sec/ps2exe

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
stub
stub
 
 
README.md
README.md
 
 
main.cpp
main.cpp
 
 
resource.h
resource.h
 
 
resource.rc
resource.rc
 
 

Repository files navigation

PS2EXE

PS2EXE is a tool that converts PowerShell scripts into standalone Windows executables. It includes an option to encrypt your script with AES-256-CBC to prevent trivial extraction of the source code.

What It Does

PS2EXE takes a standard .ps1 script and compiles it inside a C# executable wrapper. When a user runs the resulting file, it extracts the embedded script and executes it directly in memory using the PowerShell automation library. The script is never written to the disk during this process.

You can use the -e flag to enable encryption. This encrypts your script with a randomly generated key and IV before embedding it in the executable. At runtime, the program decrypts the script before executing it. This feature prevents users from easily viewing your code by opening the file in a text or hex editor.

Usage

ps2exe.exe script.ps1 output.exe        # Basic compilation
ps2exe.exe script.ps1 output.exe -e     # Enable encryption
ps2exe.exe script.ps1 output.exe -v     # Verbose mode (shows compiler command)

How It Works

The compiler (main.cpp) performs several steps to build your executable:

  1. Environment Discovery: It locates the latest .NET Framework 4.x installation in C:\Windows\Microsoft.NET\Framework64 to find the C# compiler (csc.exe). It also locates System.Management.Automation.dll in the Global Assembly Cache (GAC), which is required to run PowerShell commands.

  2. Resource Preparation: It reads your script and assigns it a random hex string as a resource name. This prevents predictable naming patterns. It then creates a manifest file that acts as a pointer to the script's location within the executable resources.

  3. Encryption (Optional): If you use the -e flag, the tool generates a 32-byte AES key and a 16-byte IV using the Windows Crypto API. It encrypts the script using AES-256-CBC with PKCS7 padding. The key, IV, and encrypted script are prepared as separate resources.

  4. Compilation: Finally, it calls csc.exe to compile the C# stub code, your script (encrypted or plain), and the manifest into a single executable file.

The Stub

The stub is the C# code responsible for running your script inside the compiled executable. There are two variations:

  • Standard Stub (stub.cs): This version loads the manifest, finds the script resource, creates a PowerShell runspace, and executes the script.

  • Encrypted Stub (stub_encrypted.cs): This version checks the manifest for an encryption marker. If found, it retrieves the key and IV from the resources, decrypts the script using System.Security.Cryptography.Aes, and then executes the decrypted code.

Both versions pass any command-line arguments to your script and return an exit code of 0 for success or 1 for errors.

Encryption Details

When you enable encryption, the final executable contains four specific resources:

  • __ps2exe_manifest__: Contains the marker "ENCRYPTED:" followed by the script's resource name.
  • __ps2exe_key__: The 32-byte AES-256 key.
  • __ps2exe_iv__: The 16-byte initialization vector.
  • [random].ps1: The encrypted script data.

The tool generates a fresh key and IV for every compilation, ensuring that the encrypted data looks different every time you build, even for the same script.

Other Similar Programs

There are plenty of Powershell to Exe programs out there in the wild but this one functions differently, while others will either spawn external powershell processes and pipe the script to that process, or drop the script to disk and then run the script through an external powershell process, ps2exe takes a different and more opsec safe approach. It uses local powershell runspaces within the stub itself using System.Management.Automation, the builder will embed your script (and if -e flag used, embed the key & iv aswell) into the resource of the stub so it can retrieve your script at runtime and execute it within its own powershell runspace.

Limitations

Please note that the encryption provided is a form of obfuscation rather than absolute protection. Because the decryption key is stored within the executable itself, a determined individual with debugging tools could attach to the process and retrieve the decrypted script from memory. This feature is intended to deter casual inspection, not advanced reverse engineering.

Building

You can compile the project using Visual Studio:

rc resource.rc
cl /EHsc /O2 main.cpp shlwapi.lib advapi32.lib /Fe:ps2exe.exe

Or using MinGW:

g++ -O2 main.cpp -o ps2exe.exe -lshlwapi -ladvapi32

Disclaimer

This project is free to use. I am not responsible for any actions taken by users of ps2exe or any other projects found on my profile.

About

A lightweight, native Windows tool that compiles PowerShell scripts into standalone executable files.

Resources

Readme
Activity

Stars

7 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages