Click here to Skip to main content
8,481,415 members and growing!
Email Password   Lost password?
Search within:



Site map
 » Platforms, Frameworks & Libraries » Win32/64 SDK & OS » General
Licence CPOL
First Posted 25 Nov 2005
Views 53,176
Downloads 1,051
Bookmarked 110 times

Protecting an Application's Unauthorized Copy

By Manish K. Agarwal | 21 Aug 2008
VC7VC7.1Win2KWinXPVS.NET2003DevIntermediate
To protect your application's unauthorized copy by using image integrity functions (Platform SDK's ImageHlp APIs) and to manage certificates in a portable executable (PE) image file.
Print Article
 add
Add to your CodeProject bookmarks
 Discuss
Discuss this article
 24
ArticleBrowse CodeStatsRevisions
5 votes, 13.9%
1		 1 vote, 2.8%
2		 4 votes, 11.1%
3		 11 votes, 30.6%
4		 15 votes, 41.7%
5
3.93/5 - 36 votes
5 removed
μ 3.63, σa 2.43 [?]

Introduction

At the time of installation most software asks for a product key or a serial number; this is to prevent software piracy, but how is this done? In this article, I'll try to cover one basic idea to achieve this.

In each Windows portable executable (PE image file) we can add some certificate (some sort of data) using the image integrity functions (Platform SDK's ImageHlp APIs). The certificate data can be generated using a combination of product keys and some unique IDs for the desktop where the user is installing the software. These unique IDs can be CPU ID, primary volume ID, network card ID etc. To increase the security we can do some encryptions on the certificate data. Writing certificate data in the executable should be done only once, i.e. at the time of installation. At the time of the application startup we can again generate the certificate data using the local machine (where the user is executing the application) unique IDs and compare it with the certificate data which is present in the executable. If there is any mismatch, stop the execution.

In the above approach there is a problem, what if the user changes some hardware component (for e.g. graphics card) and what if that component's unique ID was used to generate the certificate data? Certainly now our application will stop execution because of the mismatch in certificate data. But we do not want this to happen. To avoid this we can use 4-5 unique IDs to generate the certificate data. At application startup, we can make a rule; if any two IDs are matching go ahead otherwise show error for unauthorized copy.

In the demo application, to generate the certificate data, I am using the primary volume ID without any encryption. At the time of application startup, I'll check if there is any certificates present in Sample.dll, if no certificate is present, add a certificate to Sample.dll (actually this task should be done through the installation script) and only the certificate verification code should be present in the executable.

Using the Code

To integrate the certificate manager in your application you need to do the following:

  1. Include "CertificateMgr.h", and imagehlp.lib in your project's additional libraries.
  2. Create an object of CertificateMgr.
  3. Call the Init() method with a portable executable (PE) image file name in which you want to manage the certificate.
  4. Call SignDLL() to add a signed certificate (only inhouse job) so that later at the time of adding an actual client machine certificate it can be verified that we are adding certificate to right DLL. It will be better if you make a command line utility do this. Ofcourse you will not ship this with your actual application.
  5. Call IsValidCopy() to check if the application has a valid certificate or not. 
    CertificateMgr certificateMgr;

// Specify dll or exe where you are adding certificate.

if (!certificateMgr.Init("Sample.dll"))
{
    cout <<"Initilization errors, some files are missing.\n\n";
    MessageBox(NULL, "Initilization errors, 
                  some files are missing", "MyApp", MB_OK);
    return 1;
}
if (!certificateMgr.IsValidCopy())
{
    cout << "Running unauthorized copy :(\n\n";
    MessageBox(NULL, "Running unauthorized copy", 
                                     "MyApp", MB_OK);
    return 1;
}

Certificate Manager Class

In this class, I am using ImageAddCertificate and ImageGetCertificateData Win32 SDK APIs.

GetUniqueData() method generates unique data to be put in the PE certificate. While adding a certificate using AddCertificate(), I am keeping the last modified time, and after adding the certificate, the executable is maintained with the previous modified time to simulate an impression of no changes. For the sake of simplicity, I first check if there is any certificate added, if no certificate is found, add it. From the next execution onwards, verify the PE certificate data with the data returned from GetUniqueData(). In real applications, AddCertificate() should be called at the time of application installation before executing the application.

I could not find any good documentation on image integrity functions (Platform SDK's ImageHlp APIs). If you know about any good URL/book for ImageHlp APIs, please add a comment. Discuss more on this at Activation code.

History

  • 27th November, 2005: Initial revision.
  • 21st August, 2008: Now a simple ImageRemoveCertificate will not break the copy protection, yes one can write something to copy certificate data. Thank you Daienl for pointing this.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

Manish K. Agarwal

Team Leader
Pitney Bowes
India India

Member
 Working with Pitney Bowes Business Insight, Noida (India). Using C/C++, VC++, MFC, STL, C# etc. on various platform like Windows, Unix, Macintosh etc. from last 10 years to convert various type of requirements into running software components. My core expertise is multithreaded desktop product development for Windows.
 
Thats it Smile | :)

Article Top
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
You must Sign In to use this message board. (secure sign-in)
 
Search this forum  
 FAQ
    Noise  Layout  Per page   
  RefreshFirst Prev Next
QuestionAssuming certificate index is always 0 Pinmemberubivetz4:20 7 Apr '09  
AnswerRe: Assuming certificate index is always 0 PinmemberManish K. Agarwal22:35 7 Apr '09  
Generalnice, But it's an simple & hot........ PinmemberMember 423560111:30 18 Feb '09  
Generalif hacker jump out your if statement Pinmembermike101823:26 21 Aug '08  
GeneralRe: if hacker jump out your if statement PinmemberManish K. Agarwal3:18 22 Aug '08  
GeneralGreat and simple idea, but dangerous... PinmemberDaniel Schade4:29 16 Aug '07  
GeneralUnique Information PinmemberJeffrey Walton8:25 24 Jun '07  
GeneralCopy protecting a Video DVD PinmemberGodwin Sam Josh20:54 15 Jul '06  
GeneralRe: Copy protecting a Video DVD PinmemberManish K. Agarwal22:50 16 Jul '06  
GeneralRe: Copy protecting a Video DVD Pinmembervmihalj2:24 18 Sep '06  
GeneralRe: Copy protecting a Video DVD PinmemberGodwin Sam Josh9:19 18 Sep '06  
GeneralRe: Copy protecting a Video DVD Pinmembervmihalj23:11 18 Sep '06  
QuestionConfused??!!?? PinmemberAnorexic Tribble7:36 3 Dec '05  
AnswerRe: Confused??!!?? PinmemberManish K. Agarwal18:04 3 Dec '05  
GeneralGood Idea PinmemberSumit Kapoor19:38 28 Nov '05  
GeneralRe: Good Idea PinmemberManish K. Agarwal1:24 29 Nov '05  
GeneralRe: Good Idea PinmemberLuiz Salamon12:08 1 Dec '05  
GeneralRe: Good Idea PinmemberSumit Kapoor13:50 1 Dec '05  
QuestionMisunderstanding? PinmemberDarren Schroeder11:20 26 Nov '05  
AnswerRe: Misunderstanding? PinmemberNeville Franks12:28 26 Nov '05  
GeneralRe: Misunderstanding? PinmemberManish K. Agarwal16:57 26 Nov '05  
This article shows a basic idea how to protect application's unauthorized copy by using PE certificates.
 
As I already mentioned that the actual use to put PE certificate in main executable and dlls through the application installation. On application startup we can check for a valid certificate. Any way for good hacker its not a tough job to break this. Big Grin | :-D

 
Manish Agarwal
manish.k.agarwal @ gmail DOT com
Sign In·View Thread·Permalink
GeneralDocumentation PinmemberAvis p1:14 26 Nov '05  
GeneralRe: Documentation PinmemberManish K. Agarwal17:20 26 Nov '05  
GeneralRe: Documentation PinmemberThatsAlok3:26 30 Nov '05  
Last Visit: 3:43 12 Feb '12     Last Update: 3:43 12 Feb '12 1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Mobile
Web02 | 2.5.120210.1 | Last Updated 21 Aug 2008
Article Copyright 2005 by Manish K. Agarwal
Everything else Copyright © CodeProject, 1999-2012
Terms of Use
Layout: fixed | fluid

Tamper-proof and Obfuscate your Configuration Files
Developing a USB Storage Device Protection Tool with C#
RSA License Protection
How to Protect your Code from Prying Eyes and Theft
Copy Protection for Windows Applications
Genesis Hybrid Smart Client Framework part IV
Forbidding the Clipboard for the specified process
File downloading with COM and ASP
Securing .NET Release Build
Make ClickOnce Work With ASP.NET Forms Authentication
Hooking the native API and controlling process creation on a system-wide basis
Redirecting to custom 401 page when "Access denied" occures within an ASP.NET application with Windows authentication
Secure your Saas applications with Visual Guard
Securing ASP.NET Applications
Free PHP Encoder Application
Check for Windows 7 Protected Folders
Secure Strings
Genesis Hybrid Smart Client Framework part VI
Genesis Hybrid Smart Client Framework part II
SMO Tutorial 4 of n - Transferring Data and Tracing
The Daily Insider
Daily News: Signup now.