Shell Protection Methods

To support different types of executables, ElecKey Integrator uses various techniques to modify or wrap the executable and create the protected version. ElecKey Integrator can automatically determine the applicable method for your executable. However, in some cases, several methods may be applicable, and you can choose to use one of the applicable methods.

 

The following shell protection methods are provided for Win16, Win32, Win64, and .NET applications:

 

         Injection-1

         Injection-2

         EXE Scramble

         .NET Encryption

 

For DOS applications, the following shell protection methods are provided:

 

         DOS-COM

         DOS-EXE

 

noteNOTE: The shell protection supports a wide range of the most common executable file types for 32/64-bit Windows applications. However, due to limitations of the executable, the shell protection might not support your application. For a guideline to adjust the protection settings and determine if the shell protection can support your application, see Appendix: Shell Protection Limitation.

Injection-1

The Injection-1 method encrypts the code section of the executable. It then injects the shell protection code into the header and stub of the executable, which functions to detect the Key and decrypt the code section at run time.

 

This method has an advantage that the protected program remains as a single executable. However, it may not be compatible with some types of the executable due to limitations preventing modification to the header and stub of the executable.

Injection-2

The Injection-2 method uses the same approach as Injection-1. It encrypts the code section of the executable, but uses different techniques to inject the shell protection code into the header and stub of the executable. If it appears that the Injection-1 method does not work with your program, it is recommended to try to use the Injection-2 method.

EXE Scramble

The EXE Scramble method scrambles and encrypts the executable. It then creates a separate loader that functions to detect the Key and decrypt the executable at run time. When using this method, ElecKey Integrator will create the protected program that consists of two executables: the loader (e.g. Program.exe) and the encrypted executable (e.g. Program_PKS.exe). Both files must be included together when deploying the protected program.

 

Since the EXE Scramble method does not modify the header and stub of the executable, it is compatible with more types of the executable. For this same reason, this method is also less likely to get a false positive detection by some anti-virus software. If it appears that the Injection methods do not work with your program, it is recommended to use the EXE Scramble method.

.NET Encryption

The .NET Encryption method encrypts the whole managed assembly. It then creates a native executable that is composed of the encrypted assembly and the loader, which functions to detect the Key and decrypt the assembly at run time. When using this method, ElecKey Integrator will create the protected program that consists of the following executables.

 

         Program.exe is a 32-bit executable that serves as the main program for Program32.exe and Program64.exe. When started, it determines whether its process is running on 32-bit Windows or WOW64 (Windows-on-Windows 64-bit) emulator, and then executes the corresponding version of the encrypted assembly.

         Program32.exe is a 32-bit executable that is composed of the Win32 loader and the encrypted assembly.

         Program64.exe is a 64-bit executable that is composed of the Win64 loader and the encrypted assembly.

 

It is recommended that you include the above three files together when deploying the protected program. So, when starting Program.exe, the program can run on both 32-bit and 64-bit platforms. However, it is also possible if you want to deploy Program32.exe or Program64.exe individually.

 

noteNOTE: The .NET Encryption method has a limitation that may cause a conflict with some .NET class/object and give run time exception. For more details and resolution, see Appendix: .NET Encryption Limitation.

DOS-COM

The DOS-COM method encrypts the code section of the executable. It then injects the shell protection code into the header and stub of the executable, which functions to detect the Key and decrypt the code section at run time. This method is designed for the DOS COM executable, which the size does not exceed the limit of 640 Kbytes.

DOS-EXE

The DOS-EXE method uses the same technique as DOS-COM, but designed for the DOS EXE and overlaid DOS EXE executable.

See Also

         Tutorials: Machine License

         Tutorials: USB License