Script resides inside of complied program

[rdwray]

Is it possible to remove the script from a compiled program?

[boiler]

Yes, but then you’ll be left with a useless file.

[SOTE]

Is it possible to remove the script from a compiled program?

Depends on how the script is protected (there are several options) and how much of an expert the person trying to extract the source is. So, "yes", it can be possible to do it. But, it's another question of if a particular person is even aware of how, has the skill, or wants to waste the time.

If the heart of your issue is over source code protection, why even use a scripting language (to include JavaScript, Python, Lua, etc...) or an interpreted language (C#, Java, etc...) at all? If you don't know, all those other languages have a similar vulnerability in terms of source. Interestingly, plenty of people using those scripting or interpreted languages manage to get by in life, get work done, have businesses, etc... True, scripting languages are easier and more convenient, but if a person is so worried, then arguably better to go use a compiled language (like C, C++, Pascal, Go, etc...). But, even using a compiled language isn't as secure as people inexperienced with programming seem to think. High level programmers will always be able to figure out how the program works, understand the program's Assembly code equivalent, and eventually circumvent any protections.

Better to just focus on writing whatever it is you need with the language that is easier for you to understand or more convenient to use, because then it has a greater chance of actually getting completed. There is a reason why scripting languages came into existence in the first place. If/when your program does exist, then you can take/figure out reasonable measures to protect it at that time, but understand it's impossible for any method to be 100%. So just deal with it. Fear or paranoia of possibly having something stolen that doesn't exist, isn't helpful. It's like being afraid to go outside to play because you might get hit by lightening or hit by a car.

[boiler]

Fear or paranoia of possibly having something stolen that doesn't exist, isn't helpful. It's like being afraid to go outside to play because you might get hit by lightening or hit by a car.

I wouldn’t make the possibility of protections being broken sound so imaginary or remote. If a piece of software made available to the general public requires payment, you can just about guarantee that someone will try to crack the protection and probably be successful. Depending on the intended customer base, it makes sense to take reasonable measures to prevent the casual user from illegally using the software for free to limit the loss as much as possible. It’s like locking the doors of your house. Sure, people can still break in, but we still lock the door because it is an effective deterrent against crimes of opportunity.

Having said that, the reason I replied the way I did earlier was to make the point that the “compiled” AHK file is basically nothing without the script (other than a generic AHK binary) because it’s not really compiled and the script text must be present in some form. There are ways to hide, encrypt, and obfuscate the script, but you can’t remove it and still have a working executable file.

[SOTE]

I wouldn’t make the possibility of protections being broken sound so imaginary or remote. If a piece of software made available to the general public requires payment, you can just about guarantee that someone will try to crack the protection and probably be successful. Depending on the intended customer base, it makes sense to take reasonable measures to prevent the casual user from illegally using the software...

I agree with you, just adding that I have observed that a lot of people are worrying about a possibility for software they have yet to create. Making something good, that people would really want and some might want to crack, is not so easy. Could take many weeks and months before the software is finally ready, or never. While a creator might have been sure their software would be a huge success, it could turn out not to be. At the point the person really has something, there are many types of protections that could be employed. Not just what's available at the AutoHotkey forums, but 3rd party protections and licensing mechanisms.

I just don't see the point of sitting around worried about some future piece of software that might get cracked, when it may never come into existence. And when/if it does, might not be all the person thought it would be. Instead of being the overly worried kid that won't go outside because it can be possible to get hit by a car, rather tell them to just go outside and play. Of course take reasonable precautions, don't dance in traffic, and don't do obviously foolish things. In the same way with software, just go make whatever it is. Then when there is something, ways to protect it will often come more naturally. The person can then focus specifically on protection, because they actually have a functioning piece of software. In addition, at that future point, the person will likely have more programming knowledge so that coming up with or deciding on protection schemes will be a bit easier.

...that the “compiled” AHK file is basically nothing without the script (other than a generic AHK binary) because it’s not really compiled and the script text must be present in some form. There are ways to hide, encrypt, and obfuscate the script, but you can’t remove it and still have a working executable file.

Also agreed. I kind of interpreted that the OP's wording was a bit off, because of not having experience on the subject or with AHK. So might have meant source code protection versus the script actually not being bound to the interpreter.

[boiler]

Making something good, that people would really want and some might want to crack, is not so easy. Could take many weeks and months before the software is finally ready, or never. While a creator might have been sure their software would be a huge success, it could turn out not to be. At the point the person really has something, there are many types of protections that could be employed. Not just what's available at the AutoHotkey forums, but 3rd party protections and licensing mechanisms.

That’s a good point. The first thing is coming up with something people want, then worry about implementing whatever protection techniques are a good fit for your needs. I did start with a third-party wrapper/licensing approach at first, and with later updates I came up with my own approaches that were just as effective and didn’t require a fee.

[rdwray]

If the program is compiled, then what use is the script to the finished product? If the script is required for the program to run, then it is not a compiled program.

[boiler]

If the script is required for the program to run, then it is not a compiled program.

Correct. AutoHotkey scripts are interpreted, not compiled. “Compiling” the script is actually a misnomer. What it is doing is wrapping the script up with the binary interpreter into a .exe file so that the script can be executed on a machine that doesn’t otherwise have AHK installed. It does not convert the script into machine code or anything like that.

[SOTE]

If the program is compiled, then what use is the script to the finished product? If the script is required for the program to run, then it is not a compiled program.

AutoHotkey is a scripting language, so is in the same category of languages like JavaScript, Python, LUA, etc... The term "compiled" being commonly used, was likely the simplest way to explain the state of having the script bound to the interpreter, so now is (bound to) a .exe. By the way, many such scripting languages now have various ways of creating executables from a script. You can even turn .bat or .cmd files into executables.

Scripting languages should not be considered in any type of lower regard or disparaged. Often they are easier to understand, easier to use (like simply using notepad to write them), take up less space (in terms of files needed), require less lines of code to complete a task, and can be turned into an executable very quickly (as opposed to way more troublesome and longer compiling times from real compiled languages).

97% of users will likely not be able to tell or care that an AutoHotkey .exe is different from a C++ compiled program. Just about always, people care about what it does, not how it was made. As mentioned (or do a search), there are various script/source code protection measures available on the forum and offered by 3rd party companies. Keep in mind that the creator (to include their company, IT department, school, users...) may want their scripts to be viewable or don't care if it is, if they do care/are worried, then they have options to prevent casual inspection. Even if the program is compiled (like with C/C++, Pascal, Go, Rust...) an Assembly language equivalent (and then pseudo C code equivalent) can be made from the executable's machine code. So for high level programmers and anti-malware experts, they will understand exactly what an executable does and how it works. There are no secrets that a compiled program can hide, that can't eventually be found out.