Scripting Solutions with WSH and COM: Encoding Your Scripts


Occasionally, you want to give someone a copy of a script without giving away the source code, especially if that script asks for all the input data it requires through dialog boxes or parameters. If the script "does exactly what it says on the tin" (to quote a UK television advertisement), recipients don't need to have the source code.

Sharing scripts without providing the source code lets systems administrators publish encoded scripts rather than text files, hiding the details of the way administrators run their management processes. Protecting the source code is also important to Web developers who have script code in .asp applications that they post on the Internet. Users who copy these applications sometimes even strip the copyright notices and claim the applications as their own. Hiding the source code in such a way that it's not readable protects your intellectual property.

This month, I introduce you to a tool called Microsoft Scripting Encoder 1.0, which lets you modify scripts that you create so that they can run but can't be viewed (or modified) without determined hacking. (Note that encoding is intended to prevent casual viewing of your code. A determined intruder can often crack the algorithm and see what you've done.)

Obtaining the Encoder
Before you can use the techniques that I show you, you must obtain Scripting Encoder and install it on the machine on which you want to encode scripts. You can download the tool from the Microsoft Windows Script Technologies page on the Microsoft Developer Network (MSDN) Web site ( After you've installed the software, a folder called Windows Script Encoder appears on the Start, Program Files menu; this folder contains an icon for the Scripting Encoder documentation. To use Scripting Encoder, you must have version 5.5 or later of the scripting engines for Windows XP, Windows 2000, Windows Me, or Windows 9x. (You can find these engines on the download page.)

An Example
Let's first look at a simple example of what happens when you encode a script. Listing 1 shows QueryPorts.vbs, which is the QueryPorts.wsf script (from "Scripting Solutions with WSH and COM: Use WMI to Query Machines for Relevant Information," December 2000) modified to be a VBScript file. QueryPorts.vbs queries the IRQs and I/O port ranges of the serial ports on a machine. I used Scripting Encoder to encode Query Ports.vbs; Listing 2 contains the result, QueryPorts.vbe. Figure 1 shows the QueryPorts.vbs and QueryPorts.vbe icons side by side in XP. The extensions clearly show that one script is a VBScript Encoded file and the other is a VBScript file. Running the code in either Listing 1 or Listing 2 produces the same results. However, changing the .vbe file can produce a variety of errors, such as the one that Figure 2 shows.

What You Can Encode
Scripting Encoder encodes the parts of a script that you specifically tell it to encode. I told Scripting Encoder to encode the whole QueryPorts.vbs script. However, you can encode scripts at a much more granular level.

If you use Windows Script Files (.wsf) rather than .vbs files, you know that .wsf files use XML-style metatags to place the file into jobs and scripts. This tagging lets you add to the file lines of comments that you don't encode. For example, Listing 3 contains a simple .wsf script that uses the VBScript MsgBox command to print the word Hello. The <SCRIPT>, </SCRIPT>, <JOB>, and </JOB> tags are typical for a .wsf file.

To tell Scripting Encoder what part of the script to encode, you use the commented line

' **Start Encode**

Scripting Encoder doesn't encode code that you place between the <SCRIPT> line and this commented line, but it does encode everything after this comment up to the </SCRIPT> line. Listing 4, page 16, shows the result of encoding Hello.wsf. Note that the language part of the metatag has changed. This change must occur because the file extension remains .wsf. (Scripting Encoder can also encode .html and .asp files, but such encoding is beyond the scope of this article. For details about encoding these files, see the Scripting Encoder Help file.)

Performing the Encoding
To perform the encoding, you must pass certain parameters to the Scripting Encoder application (screnc.exe). By default, the application resides in the C:\program files\windows script encoder directory. You can call the script from the command line as long as you pass the script the parameters it needs.

The mandatory parameters are an input file (i.e., the script you want to encode) and an output file (i.e., the file that will contain the encoded script). For example, to encode QueryPorts.vbs, use the command

srcenc QueryPorts.vbs _ QueryPorts.vbe

if the application, input file, and output file all reside in the same directory and you run the command from there. Otherwise, you must include the correct paths to the application, input file, and output file in your environment. For example, I used the command

"C:\Program Files\Windows _
   Script Encoder\srcenc" _ 
	C:\SCRIPTS\QueryPorts.vbs _

to encode QueryPorts.vbs in my environment. (Note that in this command, the quotation marks are necessary because of the spaces in the string.)

To encode a .wsf file, use a command such as

srcenc /e sct Hello.wsf _ Hello2.wsf

The /e flag tells the encoder that the next parameter dictates the file type to be encoded, no matter what the extension is. In this case, a .wsf file is like Windows Script Components (WSC) in its XML-like structure, so you use the sct flag. The /e flag also accepts the vbs and js flags (among others), which you can use to tell Scripting Encoder that a file with an unusual extension is a VBScript or JScript file, respectively.

In these commands, you can use the /f flag to overwrite the original script in the input file with the encoded script, thus wiping out all the original code. Here's the .wsf example again with the /f flag:

srcenc /f /e sct Hello.wsf

Using the /f flag with a .vbs file is a bit more work:

srcenc /f QueryPorts.vbs
ren QueryPorts.vbs QueryPorts.vbe

Because the encoded script is in a file with a .vbs extension (i.e., QueryPorts.vbs), you need to use the ren command to rename the file to QueryPorts.vbe. Otherwise, you can't run the file as an encoded script.

In addition, you can encode more than one file at a time or encode (and overwrite) all the scripts in a directory. For example, if you want to encode and overwrite all the existing .wsf files in the current directory, you use the

srcenc /f /e sct *.wsf

command. To encode and overwrite all the existing.vbs files, you use the

srcenc /f *.vbs
ren *.vbs *.vbe


You can find more information about the other flags, switches, and methods of encoding in the Help file. In an upcoming article, I'll explore automating faxing within Win2K.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.