One of the frequent questions authors ask about HTAs (or HTML, for that matter) is how you can run an EXE file or perform some similar action from html code. The standard way to to this is by asking the user to click a link and pointing to the EXE, and then run the EXE.  Assume you have the file sample.exe in your current directory.  Clicking the link resulting from the html code:

a href=sample.exe

brings up a run/save dialog box to run or save sample.exe.

 However, this brings up a dialog box, which can be undesirable. The user may end up canceling the dialog or simply save the EXE file and never run it.

It is desirable to be able to run the EXE directly from HTML. The user has already granted application privileges to run the HTA and there ought to be a simple solution to running other programs.

HtmlApp Studio allows you to perform this useful function by including a small (less than 30 KB) run time http server.  The server exports a shell_show and shell_hide function which run files either normally or hidden.  The latter function is useful for batch files as it allows the batch file to execute without showing on screen.Using our previous example, the html now changes to:

a href=http://localhost:xxxxx/svrcmd/shell_show?file=sample.exe&status=204

Now when the user clicks, the EXE file is run directly.  Indeed, if the URL were accessed via AJAX, it would not be necessary for the user to click and the program could run the EXE directly.  Let me reiterate: this is not a security breach because the user has explictly granted permission for the HTA to run by installing it in the first place and there is no "silent takeover" here.

To investigate further,  download HtmlApp Studio free for 30 days and open the project "running_an_exe".  The illustration on this page is a screenshot from running that project.