How to Protected your Software

Many developers think that if they simply click “protect” button then protection program will do everything automatically, and there is no need to embed additional protection features. This is completely wrong. Protection System as a very complex service also requires configuration.

Using Virtual Machine

The modern way of protection – virtualization application code. The main purpose of Virtual Machine – translate executable code to own PCODE and then execute it on own virtual processor. Virtualized code is very difficult to reverse, it is good choice to place some unsafe code parts (like verifying registration keys, trial counter etc) inside Virtual Machine. In the Enigma Protector there are 2 ways to virtualize the code:
- using VM Markers, you just around necessary code parts with the VM Markers, and this code will be virtualized while protection

{$I ..\..\..\EnigmaSDK\Delphi\vm_begin.inc}
ShowMessage('This message is shown under virtualized code');
{$I ..\..\..\EnigmaSDK\Delphi\vm_end.inc}

- using Virtual Machine – Functions Selecting feature. Using this feature may require to generate a MAP file, take a look there how to generate map file for different compilers.

Virtual Box

This feature allows to embed the files that your application uses into single protected executable. Embeded files are not extracting to the disk, protection emulates them only in memory, so the files becomes safe. What is advantage of this feature, and how it can help to protect application? Very simple, if cracker want to unpack protection, he will need also extract all embeded files, that could be very difficult!

VM Markers

Except described above VM Markers it is good to use any other kind of markers. For example, Reg_Crypt markers allows to lock code parts to the registration key, i.e. until the application is not registered, the code inside Reg_Crypt markers become encrypted and can’t be decrypted and executed.
Run_Once marker – deletes the code inside it from the memory after first execution, so if cracker will dump process memory, the code inside these markers will be missed

Enigma API

Try to use special functions of protection that allows control many protection parameters, read more there Enigma API
Crackers often use different strings that exist in your application to find a way to crack it. For example, if you perform check of registration key and then show a message like “Invalid Key”, cracker may find a code where this message is shown, then find a code that check registration key and bypass it. To hide such string constants you may use Protected Strings feature and integrate protection with application by using EP_ProtectedStringByID or EP_ProtectedStringByKey Enigma API.