Powershell script executable self destruct?

Question

I am converting a .ps1 script to an exe using PS2EXE. After running the executable, I would like it to delete itself. I have tried to use, "-LiteralPath" and "$PSScriptRoot" but both return null during runtime as an executable.

Any responses are appreciated, thanks.

question from:https://stackoverflow.com/questions/65649938/powershell-script-executable-self-destruct

Answer 1

In your code...

1. On your executable launch, create a scheduled task (to execute remove-item) to launch when an event is logged. Either using an existing event log, or create your own.
2. In your scheduled task, you assign your own code that you will write to the event log.
3. In your code, on complete, you write to the event log.
4. The task should fire when you write to the log.

... or in your code, create a scheduled task (remove-item) as the last action in your code, to execute, say, 1 minute after being created.

Update as per my follow-up comment to you regarding the path issue you seem to be having.

"Can you provide an example for this? The path must be its current location, which may be unknown when it is being executed."

Tested - Example Code that gets converted to an executable usin PS2EXE.

Note: Reports have been circulating that AV solutions are now alerting on this type of conversion ps1 to exe use cases.

Powershell script hello.ps1 converted to exe

# Get executable process path
$ExecutablePath = (Get-Process -ProcessName hello).path

# Check for an existing task
Function Remove-ExecutableTask
{
    Try   
    {
        Get-ScheduledTask -TaskName 'RemoveCurrentExecutable' -ErrorAction Stop
        Unregister-ScheduledTask -TaskName RemoveCurrentExecutable -Confirm:$false
    }  
    Catch {$PSItem.Exception.Message}
}

# Create Scheduled task
Function New-ExecutableTask
{
    $ExecutableAction = $(New-ScheduledTaskAction -Execute 'Powershell.exe' -Argument "-NoProfile -command & {Remove-Item -Path $ExecutablePath}")
    $Trigger          = New-ScheduledTaskTrigger -Once -At $("{0:hhtt}" -f (get-date).AddHours(1))
    Register-ScheduledTask -Action $ExecutableAction -Trigger $Trigger -TaskName 'RemoveCurrentExecutable' -Description 'Remove the target executable.'
}


Remove-ExecutableTask
New-ExecutableTask

'Hello World!'
"Hello World ran from: $ExecutablePath"

# Test run from the PowerShell consolehost and Results
<#
 Try{(Get-ChildItem -Path 'D:emphello.exe' -ErrorAction Stop).FullName;&{D:emphello.exe}}Catch{$PSItem.Exception.Message}
Cannot find path 'D:emphello.exe' because it does not exist.

 Try{Get-ScheduledTask -TaskName 'RemoveCurrentExecutable' -ErrorAction Stop}Catch{$PSItem.Exception.Message}
No MSFT_ScheduledTask objects found with property 'TaskName' equal to 'RemoveCurrentExecutable'.  Verify the value of the property and retry.

 # Convert the script using PS2EXE and execute it

 Try{(Get-ChildItem -Path 'D:emphello.exe' -ErrorAction Stop).FullName;&{D:emphello.exe}}Catch{$PSItem.Exception.Message}
D:emphello.exe

 Try{Get-ScheduledTask -TaskName 'RemoveCurrentExecutable' -ErrorAction Stop}Catch{$PSItem.Exception.Message}

TaskPath                                       TaskName                          State     
--------                                       --------                          -----     
                                              RemoveCurrentExecutable           Ready     

(Get-ChildItem -Path D:Temphello.exe).FullName
D:Temphello.exe

 # Execute the scheduled task

 Start-ScheduledTask -TaskName RemoveCurrentExecutable

 Try{(Get-ChildItem -Path 'D:emphello.exe' -ErrorAction Stop).FullName;&{D:emphello.exe}}Catch{$PSItem.Exception.Message}
Cannot find path 'D:emphello.exe' because it does not exist.
#>

Of course I just manually started the script, but it would execute on the time defined.