# Using procdump from Sysinternals procdump -ma <PID> sapien_memory.dmp
If the script is encrypted or heavily obfuscated within the file on disk, dynamic analysis is required.
If you need to recover your own code:
Use a resource editor like to open the SAPIEN EXE. Navigate to the RCData section. Often, a resource named SCRIPT or PS_SCRIPT contains the base64-encoded or deflated script.
: This is an official paid service ($35.00–$55.00 per incident) where SAPIEN technicians attempt to extract the source code from your executable. It is included for users with a Premium Support Plan Built-in Data Recovery sapien powershell studio decompile exe
To understand how to decompile, one must first understand how SAPIEN PowerShell Studio compiles. Unlike languages such as C# or C++, PowerShell is an interpreted language. It does not compile down to native machine code (assembly) in the traditional sense.
Get-ChildItem -Path "C:\extracted" -Recurse -Include *.ps1, *.ps1xml # Using procdump from Sysinternals procdump -ma <PID>
For heavily protected builds where the script is never written to disk unencrypted (running entirely in memory), memory dumping is the solution.