Shell Protection

The shell protection provides a fast and easy way to integrate the automatic software update capability to your application. You do not need to modify or add any source code, which can save you a lot of time and effort. The UpdateShield Integrator provides the shell protection that can wrap your application with the update system and enables it to interface with the Updater. The Integrator wizard style interface can easily guide you through the steps. As a result, the Integrator creates the protected version of your application with the added automatic software update capability.


Based on the core technology of Sciensoft Software Security, the shell protection also provides code protection that can safeguard your application against reverse engineering. The shell protection encrypts the code section of the executable and the whole .NET assembly to protect against decompilation and disassembly; whereas it only decrypts them just before the run time. In addition, the shell protection itself is designed with complicated and confused logics to protect against debugging and tracing. The shell protection also uses checksums of the protected executable to protect against code modification and virus infection. It can cause the protected application to cease operation if a modification is found.


Because characteristics of the executables vary widely, the shell protection uses various techniques to modify the executable to create the protected version of the original executable. As a result, the shell protection can wrap most of the application types, including Win32, Win64, and .NET.


The following is the provided shell protection methods:


The Injection-1 shell method encrypts the code section of the executable. At the same time, it injects the shell protection code into the header and stub of the executable, which enables it to interface with the Updater and decrypt the code section at run time. This method allows the protected executable to remain as a single entity. However, it may not work with some type of the executables if there is a restriction that does not allow modifying the header and stub.


The Injection-2 shell method uses the same concept as the Injection-1 method, but with variant techniques. It is recommended to try to use the Injection-2 method if the Injection-1 method does not work with your application.

EXE Scramble

The EXE Scramble shell method scrambles and encrypts the whole executable. At the same time, it creates a loader that can interface with the Updater and decrypt the executable at run time. The protected executable (e.g., ProtectedProgram.exe) is hence composed of the loader and the scrambled executable. The first time the protected executable is run, the scrambled executable is created as a separate PKS file (e.g., ProtectedProgram_PKS.exe). Then and later, the protected executable ProtectedProgram.exe works as the loader to decrypt ProtectedProgram_PKS.exe at run time. Because this method does not modify the header and stub of the executable, it has no restriction such as found in the Injection methods. It is recommended to try to use the EXE Scramble method if the Injection methods do not work with your application.

.NET Encryption

The .NET Encryption shell method encrypts the whole managed assembly. At the same time, it creates a loader that can interface with the Updater and decrypt the assembly at run time. Two versions of the encrypted assembly are created in the form of a native executable: ProtectedProgram32.exe (32-bit) composed of the Win32 loader and the encrypted assembly, and ProtectedProgram64.exe (64-bit) composed of the Win64 loader and the encrypted assembly. In addition, this method creates a 32-bit executable (e.g., ProtectedProgram.exe), which works as the main program for both ProtectedProgram32.exe and ProtectedProgram64.exe. When ProtectedProgram.exe is started, it determines whether its process is running on 32-bit Windows or WOW64 (Windows-on-Windows 64-bit) emulator, and then executes the corresponding version of the encrypted assembly. Either ProtectedProgram32.exe or ProtectedProgram64.exe may be deployed individually. However, both files and ProtectedProgram.exe should be included together to ensure that the encrypted assembly can run on both 32-bit and 64-bit platforms.


 NOTE: The .NET Encryption shell method supports .NET EXE only. For .NET DLL, you can use the UpdateCheck.NET Class Library to interface with the Updater. Alternatively, you may use Microsoft ILMerge, which is a utility for merging multiple .NET assemblies into a single .NET assembly. When you merge your .NET DLL into the main .NET EXE, then you can use the .NET Encryption shell method to protect your main .NET EXE. ILMerge is available from the following link: