Shell Protection
The shell
protection provides a fast and easy way to integrate the automatic software
update capability to your application. You do not need to modify or add any
source code, which can save you a lot of time and effort. The UpdateShield Integrator provides the shell protection that
can wrap your application with the update system and enables it to interface
with the Updater. The Integrator wizard style interface can easily guide you
through the steps. As a result, the Integrator creates the protected version of
your application with the added automatic software update capability.
Based on the
core technology of Sciensoft Software Security, the
shell protection also provides code protection that can safeguard your
application against reverse engineering. The shell protection encrypts the code
section of the executable and the whole .NET assembly to protect against decompilation and disassembly; whereas it only decrypts
them just before the run time. In addition, the shell protection itself is
designed with complicated and confused logics to protect against debugging and
tracing. The shell protection also uses checksums of the protected executable
to protect against code modification and virus infection. It can cause the
protected application to cease operation if a modification is found.
Because
characteristics of the executables vary widely, the shell protection uses
various techniques to modify the executable to create the protected version of
the original executable. As a result, the shell protection can wrap most of the
application types, including Win32, Win64, and .NET.
The
following is the provided shell protection methods:
Injection-1
The Injection-1 shell method encrypts
the code section of the executable. At the same time, it injects the shell
protection code into the header and stub of the executable, which enables it to
interface with the Updater and decrypt the code section at run time. This
method allows the protected executable to remain as a single entity. However,
it may not work with some type of the executables if there is a restriction
that does not allow modifying the header and stub.
Injection-2
The Injection-2 shell method uses the
same concept as the Injection-1 method, but with variant techniques. It is
recommended to try to use the Injection-2 method if the Injection-1 method does
not work with your application.
EXE
Scramble
The EXE Scramble shell method scrambles
and encrypts the whole executable. At the same time, it creates a loader that
can interface with the Updater and decrypt the executable at run time. The
protected executable (e.g., ProtectedProgram.exe) is hence composed of
the loader and the scrambled executable. The first time the protected
executable is run, the scrambled executable is created as a separate PKS file
(e.g., ProtectedProgram_PKS.exe). Then and later, the protected
executable ProtectedProgram.exe works as the loader to decrypt ProtectedProgram_PKS.exe
at run time. Because this method does not modify the header and stub of the
executable, it has no restriction such as found in the Injection methods. It is
recommended to try to use the EXE Scramble method if the Injection methods do
not work with your application.
.NET
Encryption
The .NET Encryption shell method
encrypts the whole managed assembly. At the same time, it creates a loader that
can interface with the Updater and decrypt the assembly at run time. Two
versions of the encrypted assembly are created in the form of a native
executable: ProtectedProgram32.exe (32-bit) composed of the Win32 loader
and the encrypted assembly, and ProtectedProgram64.exe (64-bit) composed
of the Win64 loader and the encrypted assembly. In addition, this method
creates a 32-bit executable (e.g., ProtectedProgram.exe), which works as
the main program for both ProtectedProgram32.exe and ProtectedProgram64.exe.
When ProtectedProgram.exe is started, it determines whether its process
is running on 32-bit Windows or WOW64 (Windows-on-Windows 64-bit) emulator, and
then executes the corresponding version of the encrypted assembly. Either ProtectedProgram32.exe
or ProtectedProgram64.exe may be deployed individually. However, both
files and ProtectedProgram.exe should be included together to ensure
that the encrypted assembly can run on both 32-bit and 64-bit platforms.
|
|
