Windows (NG Engine) Advanced Protection Parameters
The table below describes the advanced protection parameters available for Windows programs in Sentinel LDK Envelope. Default values are provided where relevant.
Parameter Name |
Description |
Default |
---|---|---|
LOCKING_TYPE |
Determines the type of Sentinel protection key to which the program can be locked. |
HL or SL-AdminMode |
import_protection |
Enables Sentinel LDK Envelope to protect the import of an application or DLL. (You can also choose to protect only the import of system DLLs.) This helps to prevent reconstruction of the protected executable from a memory dump. When this parameter is on, you have the option to exclude specific libraries from import protection. See Imported libraries to exclude below. IMPORTANT:
Only change this parameter if you have encountered specific problems
and Thales Technical Support has advised you to change it. If
this parameter is set to Off,
the level of security for the application or DLL is significantly
reduced.
|
On |
CHECK_SYSTEM_DEBUGGER |
When enabled, the protected program is configured to counter system debugging. Disable this parameter only when the protected program is run in a development environment. |
True |
ADVANCED_DEBUGGER_DETECTION |
When set to True, Envelope adds enhanced debugger detection to protected applications. However, this impacts the application performance during startup. If this impact not acceptable, set the parameter to False. |
False |
SUSPEND_THREADS |
In a multi-thread application, if the Sentinel protection key periodic background check fails to detect a Sentinel protection key, all threads are suspended. When the key is detected again, all threads are resumed. |
True |
BACKGROUND_CHECK_AUTO_RELOGIN |
If the Sentinel protection key periodic background check fails to detect a Sentinel protection key, the program attempts to log in to the key a second time before the user is informed that the key is missing. |
True |
MESSAGE_OUTPUT_MODE |
Enables you to select how run-time user messages are provided. The following options are available: >1 (windows) displays messages in a message box >2 (eventlog) includes events related to running the protected program in the Windows Administration Tools Event Viewer utility >4 (stderr) displays messages to a user running Sentinel LDK Envelope from a command-line |
Only
windows |
INTEGRITY_CHECK |
If set to True, the Envelope runtime module performs an integrity check on its code. This prevents a cracker from modifying the code of the Envelope runtime module in memory. |
True |
ENCODE_RESOURCES |
If set to True, PE32 resources will be encrypted; otherwise, they will be not encrypted. |
True |
KEEP_DEBUG_INFO |
When set to True, debug information for the application will be retained. If the protected application will execute in a production environment, this parameter should be disabled for best security. However, if the application is collecting crash dump information, this parameter should be enabled so that crash dump data can be collected. Note: This function will retain debug information for executables only. Information for DLLs is not retained. |
False |
OBFUSCATE_ENTRYPOINT |
Possible values are: >Level 2 Protection Provides the highest level of protection by fully obfuscating the original application’s entry point. For some applications, setting this level may cause the protected application to fail when executed. This may occur if, for example, the original application’s code is already obfuscated. If the application fails, change the setting for this parameter to one of the other values. >Level 1 Protection Provides moderate protection through partial obfuscation of the original application’s entry point. If this setting causes the application to fail when executed, change the setting for this parameter to Off. >Off The entry point is not obfuscated. NOTE If you can successfully execute the protected application the first time at a given protection level, this indicates that the application is compatible with that level of obfuscation. The application can be expected to execute reliably at that level. |
Win32:
Windows x64: |
REMOVE_EXCEPTIONS |
In PE32+ (Win64), exceptions are organized into Begin/end/handler blocks. This information can be used by hackers to determine the program layout. If you know that the application is not using exceptions, set to True to remove them. |
False |
manage_Exceptions |
If set to True, Sentinel LDK Envelope handles run-time exceptions instead of the operating system. |
False |
INTERNAL_IMP_GATES |
If set to True, Envelope modifies the manner in which function calls are handled in the application. However, if the program code contains non-standard function calls, the application may not work correctly. If this occurs, set the parameter to False. NOTE If you can successfully execute the protected application when this parameter is set to True, you will achieve a higher level of security. |
False |
REMOVE_EXPORTS_FROM_EXE |
|
|
|
Executable files sometimes use export functions. If these export functions are used by some statically-linked DLL (such as Borland Runtime), the application will crash. This can be seen on Borland C compiled applications. If this occurs, set this parameter to True. This causes Envelope to remove exported functions from the executable file. |
False |
PROTECTION_SEED |
If set to 0, Envelope uses a random seed when protecting an application. If set to any other value, Envelope uses the specified value as the seed. This ensures that each time that Envelope protects a given application using the same parameters, the generated binary will be identical. NOTE If you are providing a value for the purpose of generating identical binaries, you must also unselect the following parameters: Disable key for attempted tampering, Program Integrity Protection |
0 |
NO_HOOK_API_ALLOWED |
Whether Envelope code included in a protected application should skip software/hardware breakpoints on system functions so that breakpoints on a system function are not triggered. > When set to True, breakpoints on a system function are not triggered. This helps prevent debugging of the application and thus improves security. However, there are legitimate software products that place hooks into the process of a protected application (for example, anti-virus software). If these breakpoints are skipped, that software might fail in a few cases. > When set to False, breakpoints on a system function are triggered. This eliminates a cause of software failure but reduces security of the application. |
False |
CONFIGURATION_STRING |
If you encounter certain issues while using Envelope to protect your application, Technical Support may be able to help you resolve them by providing special protection attributes. When instructed to do so by Technical Support, you use the CONFIGURATION_STRING parameter to enter these attributes. |
|
Imported libraries to exclude | (Only relevant when the parameter IMPORT_PROTECTION, described above, is not set to Off) Click Select Libraries to select specific libraries whose import should not be protected. Only use this parameter when recommended by Thales Technical Support. | |
If selected: >Envelope displays a field that you can use to specify XML parameters for a custom login scope. >The protected program will only search for a Sentinel protection key according to the custom login scope that you specify. For information on the syntax for login scope parameters, see the topic "Scope Input XML Tags" in Sentinel Licensing API Reference. You can also paste a login scope that was created using Sentinel LDK ToolBox in this field. |