Protection Options

Set features and parameters for the protected system.


Protection Method

Select the method you want to protect the application program. The available shell methods are as follows.


         Injection-1. The Injection-1 shell method encrypts the code section of the executable. At the same time, it injects the shell protection code into the header and stub of the executable, which enables it to interface with the Updater and decrypt the code section at run time. This method allows the protected executable to remain as a single entity. However, it may not work with some type of the executables if there is a restriction that does not allow modifying the header and stub.

         Injection-2. The Injection-2 shell method uses the same concept as the Injection-1 method, but with variant techniques. It is recommended to try to use the Injection-2 method if the Injection-1 method does not work with your application.

         EXE Scramble. The EXE Scramble shell method scrambles and encrypts the whole executable. At the same time, it creates a loader that can interface with the Updater and decrypt the executable at run time. The protected executable (e.g., ProtectedProgram.exe) is hence composed of the loader and the scrambled executable. The first time the protected executable is run, the scrambled executable is created as a separate PKS file (e.g., ProtectedProgram_PKS.exe). Then and later, the protected executable ProtectedProgram.exe works as the loader to decrypt ProtectedProgram_PKS.exe at run time. Because this method does not modify the header and stub of the executable, it has no restriction such as found in the Injection methods. It is recommended to try to use the EXE Scramble method if the Injection methods do not work with your application.

         .NET Encryption. The .NET Encryption shell method encrypts the whole managed assembly. At the same time, it creates a loader that can interface with the Updater and decrypt the assembly at run time. Two versions of the encrypted assembly are created in the form of a native executable: ProtectedProgram32.exe (32-bit) composed of the Win32 loader and the encrypted assembly, and ProtectedProgram64.exe (64-bit) composed of the Win64 loader and the encrypted assembly. In addition, this method creates a 32-bit executable (e.g., ProtectedProgram.exe), which works as the main program for both ProtectedProgram32.exe and ProtectedProgram64.exe. When ProtectedProgram.exe is started, it determines whether its process is running on 32-bit Windows or WOW64 (Windows-on-Windows 64-bit) emulator, and then executes the corresponding version of the encrypted assembly. Either ProtectedProgram32.exe or ProtectedProgram64.exe may be deployed individually. However, both files and ProtectedProgram.exe should be included together to ensure that the encrypted assembly can run on both 32-bit and 64-bit platforms.

Code Protection

The shell protection itself includes anti-debugging and anti-tracing schemes. In addition, you can add the following code protection options.


         Enable code section encryption to protect against decompilation.

         Enable self checksum to protect against code modification.


Enable Automatic Software Update

Automatic software update enables the protected program to interface with the Updater that automatically checks for updates on the server.

Auto-Update Conditions

Specify the condition to perform automatic update.


         Always perform auto-update. The protected application always performs automatic update regardless of its license status.

         Perform auto-update if the subscription is valid. Before performing automatic update, the protected application connects to the Activation Server to check its subscription status. It performs automatic update if the subscription is valid.


         Terminate the application before executing the downloaded update. The Updater terminates the protected program before executing the downloaded update.


Block Multiple Processes for Win32 Applications

Enable the protected program to operate as one process (or one task) only. The protected program blocks all additional processes that might be executed.


         Module Name. Assign a unique name for the protected program. This module name is used by the protection system in the process of blocking multiple processes. A unique name is assigned when the Auto detect is checked.

Errors Caused by Protected Program in Background Process

This option allows you to specify how the protected program running in background process handles errors.


         Terminate the protected program without confirmation prompt. The protected program running as a background process is sometimes not connected to a console. For instance, an ActiveX/COM DLL runs on an IIS platform server as a web-based application. The error messages may not be accessed by the end-user. When an error occurs, this option enables the protected program to terminate itself without displaying a confirmation prompt. This option should be enabled when characteristic of the protected program is set to Service or ActiveX/COM DLL.