Important Considerations For Password Protected Applications

Special Considerations When Using Password Protected Applications

The following are some things that you need to consider when using password protected applications.

Keep the lockword secret

Your protection will be compromised if you do not keep your lockword secret. This is the lockword that you set in the Set Password Protection Tool.

Because strings are often visible when compiled EXE files are opened in text editors or with dump tools, be sure to seperate the characters in your lockword check string so that they are harder to recognize in a dump file. You should do the same thing when you create the lockword.

For example:
ChkLockword = "A" & "b" & "c" & "d" & "e" & "f" & "g" & "H"

Building up your lockword string and lockword check in this way will make it harder for someone to discover it by opening your compiled EXE file in text editors or dump tools. Be sure to obfuscate your .NET assemblies and encrypt the strings. This is very important. The .NET CRL (Common Runtime Language) is easily decompiled and wholly visible. Even obfuscated, strings will still be visible. Be sure to encrypt them. 

Your protected application and the protection information file

There is a one to one correspondence between the protection information stored in your application and the protection information stored in the protection information file. If multiple protected applications are distributed, each protected application must have its own protection information file. 

Registering and Deleting the ProtectKit System Driver

The ProtectKit3.5 uses a system driver to enable password protection on the PC where the protected application runs. The DdScm.exe, DdScm32.exe, and DdScm64.exe install this system driver and enable the protected application to use the ProtectKit in the runtime environment. Before a protected application will work, the DdScm.exe, DdScm32.exe, and DdScm64.exe must be executed on the PC where the protected application is deployed. For details about the DdScm, see Options for DdScm.

When using the DdScm.exe, make sure that DdScm32.exe and/or DdScm64.exe are present in the same folder as DdScm.exe.

Options for registering and deleting DdScm.exe, DdScm32.exe, and DdScm64.exe service. For details about the DdScm, see Options for DdScm  
     To register DdScm.exe execute - DdScm.exe /a
     To delete DdScm.exe execute - DdScm.exe /r
     To register DdScm32.exe execute - DdScm32.exe /a
     To delete DdScm32.exe execute - DdScm32.exe /r
     To register DdScm64.exe execute - DdScm64.exe /a
     To delete DdScm64.exe execute - DdScm64.exe /r

Registering the DdScm service

When building the installer for your application, before the "Installation Completed" dialog is displayed, be sure to add the install scripts [DdScm.exe /a], [DdScm32.exe /a], and [DdScm64.exe /a]. If not running install scripts to register the DdScm service at the time of installation, then this service should be registered manually directly after installation (Under Administrator Permissions). It is the DdScm.exe that provides the necessary services for running the ProtectKit in the runtime environment so this MUST be done on the PC where your protected application is deployed. (On your development machine where you installed the ProtectKit3.5 (ProtectKit3 and ProtectKit.NET), this service was registered when the ProtectKit3.5 was installed. By default, this service will startup automatically so if Windows is reset or shutdown, the DdScm service will automatically start up when Windows starts up.

Deleting the DdScm service
When your application is uninstalled, be sure to execute the commands to remove the DdScm service [DdScm.exe /r], [DdScm32.exe /r], [DdScm64.exe /r]. Add the scripts to uninstall this service at the beginning of your applications "Uninstall Program". If you are not writing the scripts to remove the DdScm service in your Uninstall Program, then be sure to execute the commands; [DdScm.exe /r], [DdScm32.exe /r], [DdScm64.exe /r], manually under Administrator permissions directly after your Uninstall Program finishes.

When re-deploying your application: There are times when you may need to update your protected application by re-deploying a new EXE. At this time, the protection information is already enabled on the enduser's PC. It is not necessary to deploy a new protection information file with you new EXE. If you deploy a new protection information file with the new EXE, then your application will be locked and must be unlocked with a new password.