Shell Protection
Methods
To support different types of executables, ElecKey
Integrator uses various techniques to modify or wrap the executable and create
the protected version. ElecKey Integrator can
automatically determine the applicable method for your executable. However, in
some cases, several methods may be applicable, and you can choose to use one of
the applicable methods.
The following shell protection methods are provided for Win16, Win32,
Win64, and .NET applications:
·
Injection-1
·
Injection-2
·
EXE Scramble
·
.NET Encryption
For DOS applications, the following shell protection methods are
provided:
·
DOS-COM
·
DOS-EXE
|
|
Injection-1
The Injection-1 method encrypts the code section of the executable. It
then injects the shell protection code into the header and stub of the executable,
which functions to detect the Key and decrypt the code section at run time.
This method has an advantage that the protected program remains as a
single executable. However, it may not be compatible with some types of the executable
due to limitations preventing modification to the header and stub of the
executable.
Injection-2
The Injection-2 method uses the same approach as Injection-1. It
encrypts the code section of the executable, but uses different techniques to
inject the shell protection code into the header and stub of the executable. If
it appears that the Injection-1 method does not work with your program, it is
recommended to try to use the Injection-2 method.
EXE Scramble
The EXE Scramble method scrambles and encrypts the executable. It then
creates a separate loader that functions to detect the Key and decrypt the
executable at run time. When using this method, ElecKey
Integrator will create the protected program that consists of two executables:
the loader (e.g. Program.exe) and the encrypted executable (e.g. Program_PKS.exe).
Both files must be included together when deploying the protected program.
Since the EXE Scramble method does not modify the header and stub of
the executable, it is compatible with more types of the executable. For this
same reason, this method is also less likely to get a false positive detection by some
anti-virus software. If it appears that the Injection methods do not work with
your program, it is recommended to use the EXE Scramble method.
.NET Encryption
The .NET Encryption method encrypts the whole managed assembly. It then
creates a native executable that is composed of the encrypted assembly and the
loader, which functions to detect the Key and decrypt the assembly at run time.
When using this method, ElecKey Integrator will
create the protected program that consists of the following executables.
·
Program.exe
is a 32-bit executable that serves as the main program for Program32.exe
and Program64.exe. When started, it determines whether its process is
running on 32-bit Windows or WOW64 (Windows-on-Windows 64-bit) emulator, and
then executes the corresponding version of the encrypted assembly.
·
Program32.exe
is a 32-bit executable that is composed of the Win32 loader and the encrypted
assembly.
·
Program64.exe
is a 64-bit executable that is composed of the Win64 loader and the encrypted
assembly.
It is recommended that you include the above three files together when
deploying the protected program. So, when starting Program.exe, the
program can run on both 32-bit and 64-bit platforms. However, it is also
possible if you want to deploy Program32.exe or Program64.exe
individually.
|
|
DOS-COM
The DOS-COM method encrypts the code section of the executable. It then
injects the shell protection code into the header and stub of the executable,
which functions to detect the Key and decrypt the code section at run time.
This method is designed for the DOS COM executable, which the size does not
exceed the limit of 640 Kbytes.
DOS-EXE
The DOS-EXE method uses the same technique as DOS-COM, but designed for
the DOS EXE and overlaid DOS EXE executable.
See Also