Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    New to the CF scene
    Join Date
    May 2005
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    How can I protect my HTA files.

    I have a HTA index file and about 200 accompaning files that are, all together, an application that I'd like to distribute. The HTA file will create or delete html, javascript, and txt files as needed.
    If I distribute the HTA and accompaning files in the form they're in now (just a regular folder), I'll surely get ripped off by the first hacker that checks out the underlying code. I've tried all the ebook compilers and everything else I could find on the net that I thought would package the HTA and accompaning files into a distributable form but still allow the HTA to work properly.
    Any ideas?

  • #2
    Regular Coder
    Join Date
    May 2005
    Posts
    313
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'd say HTA are intended to be more of a tool (or toy) for administrators, than something to seriously deploy, but uh, you can always complie it into a *.dll and run it from a "real application". Someone could still decompile it though... (some of the control panel applets in Win XP are HTA-based).
    Thanks in advance!

  • #3
    New to the CF scene
    Join Date
    May 2005
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Thanks enumerator, any good sites to teach me about DLL's?.

    Sure, HTA is a tool for administrators, but I've been reading all over the net that HTA will be the new cool tool for writing business applications. So I'm still in the same situation, 2 years of work, over 200 files, on the verge of being distributed nation wide, and no protection at all. Do you know of a web site that would teach me how to compile my HTA program and accompaning files into a DLL? Thanks, foggy

  • #4
    gph
    gph is offline
    Regular Coder
    Join Date
    Apr 2005
    Posts
    161
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by foghorn2424
    Sure, HTA is a tool for administrators, but I've been reading all over the net that HTA will be the new cool tool for writing business applications.
    I can't help you with your question but I'd like to reinforce your statement.


    I've written HTAs for 3 companies thus far. The 1st and 2nd are small outfits; the 3rd has 120,000+ employees in almost 200 factories world wide, they are #2 in their industry. All were written to move the companies from paper and/or manual data input.

    HTA Pros
    • IT people can understand them (but not all)
    • Small footprint
    • 1 language fits all both on and off the web
    • Companies are trying to become paperless but in reality there is paper everywhere. In their mind an HTA for every pile of paper is both cost effective and environmentally sound
    • Unbeatable price due to the following:
      • Quick, easy and flexible interface using the IE window and DHTML
      • Easy integration with the clients existing MS Office apps and files. i.e. Create a working demo overnight that turns on Excel and feeds their manual input sheet automatically and before their eyes


    HTA Cons
    • IT people can understand them, a little persuasion required for fso rights on their server
    • A bit of work keeping up with Xbrowser scripting but I use it where I can
    • It's a holiday weekend here and I'm updating an HTA

    As to your question, I wouldn't worry about it. If you sell your HTA to a firm they'll buy it because they don't have the time and/or the ability to write their own. I include a license agreement just like the big boys, these companies have no reason to break that agreement. In fact I find them to be very diligent in respecting software rights. They are no more likely to steal your code than they are to steal MS Office or a piece of machinery.

    Quote Originally Posted by enumerator
    I'd say HTA are intended to be more of a tool (or toy) for administrators, than something to seriously deploy
    Please understand that this is in no way directed at you personally, a year ago I felt the same way.

    There is a common resistance out there among JavaScript programmers towards IE/JScript. For the solid future of JavaScript I'd like to see this change. imo fso wsh etc. can only help JavaScript by its proliferation both on and off the web. At present most HTAs I've seen are written in VBS, I'd like to see that changed.

  • #5
    New to the CF scene
    Join Date
    May 2005
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    You've soothed the savage beast.

    Thanks so much for allaying my fears that I'd be robbed. Now that I see the situation from your eyes, I feel a bit better about distributing my HTA and accompaning files. The Hta & files will be distributed to non-profit institutions in probably 20 US states. That should mean approximately 200 copies of the HTA program. Each copy will be useful only at the particular non-profit agency to which it was sold because of different data inputs, data outputs, and particular needs. I'm considering selling the HTA program on a yearly lease basis as I expect the actual program to evolve and I expect the needs of each non-profit agency will increase and change over years. The HTA program will be used by agencies that each have at least a million dollar a year operating budget. I've spent roughly 2 1/2 years (spare time) writing over 100 thousand lines of code for the HTA program and accompaning files. I've considered leasing each individual copy of the HTA & accompaninig files for $300 per year. Do you think that's a reasonble price? I realize that's a helluva question to ask but any input would be appreciated.
    Thanks,
    foggy

  • #6
    gph
    gph is offline
    Regular Coder
    Join Date
    Apr 2005
    Posts
    161
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Wow, that's alot of code. I had to check the last HTA I wrote and it's 9,382 lines, 484 KB. That includes 2,554 lines common to all my HTAs. I'll admit one of my common files is VBS, gotta have MsgBox.

    As to selling, I have them buy the software then charge for training, per work station, yearly maintenance and version updates (better known as scope creep).

    To the actual price, if the app is plug and play for anyone, look for something similar and charge a little less. If it's custom per user, which yours seems to be, you have to weigh what your time is worth against how many sales you think you'll make. Don't undercut yourself, around here just the programming stage of building an app is $150.00 CND per hour. A good rule of thumb is charge what the market will bear.

    I'd view your $300.00 per year as a cheap maintenance fee. I think judging by the volume of code your price should be much higher.

  • #7
    Regular Coder
    Join Date
    May 2005
    Posts
    313
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well, I didn't mean to undermine anyone's efforts by calling them a toy (but if reverse engineering is one's primary concern, that's just what they are).
    Last edited by enumerator; 05-23-2005 at 10:23 AM. Reason: foo
    Thanks in advance!

  • #8
    New to the CF scene
    Join Date
    May 2005
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Sorry, 10 thousand lines. Not 100 thousand.

    So sorry, typo, the HTA and accompaning files are a bit under 10,000 lines with about half of that 10,000 lines reused in other files. All the files total up to about 2.5 meg, but of sections of code are reused with variable names changed. Thanks for all the help everyone. Greatly appreciated

  • #9
    Regular Coder
    Join Date
    May 2005
    Posts
    313
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by foghorn2424
    Do you know of a web site that would teach me how to compile my HTA program and accompaning files into a DLL?
    Just to answer that, yeah... sort of:
    You can use the Resource Complier (RC.exe), included with the Microsoft Platform SDK (just follow the documentation).

    Once the stuff is compiled, you'll need a way to open the HTA resource.

    That would involve using the res Protocol, which is supported by mshta.exe

    So, for example, the most basic JScript would go something like:

    Code:
    // 1. determine the script file location:
    
    var relativePath = (function(sFn){return sFn.substring(0,sFn.lastIndexOf(WScript.ScriptName));})(WScript.ScriptFullName);
    
    // 2. specify the hta location, relative to the script file:
    
    var resourcePath = "myDLL.dll/myHTA.hta";
    
    // 3. combine the two with a protocol and wrap it in quotes for the command line:
    
    var argumentPath = "\"res://" + relativePath + resourcePath + "\"";
    
    // 4. Use the ShellExecute Method of the IShellDispatch2 Object to run mshta with the argument:
    
    new ActiveXObject("Shell.Application").ShellExecute("mshta.exe",argumentPath);
    That doesn't handle any errors, but generally should work.

    Ideally, these should be given a program folder and shortcut with your HTA program icon, via Windows Installer.

    From your original post, it seemed that some of the data might be modified. If that's the case, it would probably have to be stored/generated externally from the resource; therefore, you may need restructure your program for that.
    Anyway, have fun...
    Last edited by enumerator; 05-23-2005 at 09:27 AM. Reason: links
    Thanks in advance!

  • #10
    Senior Coder
    Join Date
    Feb 2004
    Location
    Edinburgh
    Posts
    1,352
    Thanks
    0
    Thanked 0 Times in 0 Posts
    a much better alternative to HTAs would be JScript.NET and Windows Forms. there's also this, wherein the PHP could be compiled using Zend and therefore much more secure.
    *keep it simple (TM)

  • #11
    Regular Coder
    Join Date
    May 2005
    Posts
    313
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yeah, not to mention that HTA are treated as 'malicious software' by some antivirus detectors (though it would suck to rewrite 10,000 lines...)!
    Thanks in advance!

  • #12
    New to the CF scene
    Join Date
    Jun 2005
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    well..


    Its probably against the rules - but you could rename mshta.exe something else - which would probably clear you of most hta stop style programs.

    After you make your dll, you can then do the old lets rename it and thats sure to confuse everyone trick (and it actually does work, depends on how determined the person is to find out whats inside - and if they are smart enough to just assume its something else other than what it says it is.



    ... and for the person that said to just rebuild it into a compiled jscript.net - not. The difference between making an HTA and compiled jscript is so far apart its not even funny. Someone would be better off downloading the c# express than attempting to work with jscript.net if both are new to them. Yes in jscript its somewhat similiar, but then again, the difference between php, jscript/javascript, and c# are not that great - heck I honestly think there is more differnce between mozilla implementation of javascript and IE implementation of javascript than there is between php and javascript. - Point is - they are all the same - just different - might as well point someone to where they have something to visually help them build (and that there is more than two pieces of documentation on in this world - finding a scrape of compiled jscript info is rare) -

    And I for one hope like hell that sooner or later people will see the light, and realize that HTA's can do anything - just much easier to build. Only problem is that even though they are supposed to run at higher permissions - you still run into security issues, which hopefully microsoft just eliminates once the current climate has changed a bit.


    Anyway - regardless of the fact that everyone "in the know" has said for years that html is not supposed to be used for what its used for on the web - it is, and its going to take over application GUI sooner or later. (ease - and in the end, there absolutely nothing that can not be done with script and html for a GUI that can be done with C++ or anything else - its still just pixels of light shining back at you)

  • #13
    Regular Coder
    Join Date
    May 2005
    Posts
    313
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well, HTA's can't actually "do anything". Active scripting can't do much without automation (unless everything is built into the language), so it all comes back to "real programming". JScript.net and friends can be used to create automation objects...
    Thanks in advance!

  • #14
    Banned
    Join Date
    Sep 2003
    Posts
    3,620
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Somewhat off topic but Mozilla can read/write to local files as well...
    http://www.captain.at/programming/xul/

    Interesting read nonetheless...

    .....Willy

  • #15
    Senior Coder
    Join Date
    Feb 2004
    Location
    Edinburgh
    Posts
    1,352
    Thanks
    0
    Thanked 0 Times in 0 Posts
    cheers for the link, willy
    *keep it simple (TM)


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •