This article synthesizes the core application protection capabilities offered by Software Protection Labs' PC Guard, focusing on its encryption and password protection features. The primary goal of these features is to enhance application security against unauthorized access and malicious modification.

PC Guard employs a robust encryption mechanism that protects an application during distribution and automatically decrypts it in memory upon execution, effectively preventing malicious patching. This encryption is highly configurable, allowing for the targeted encryption of specific application components such as code, data, and resources. An additional security layer is provided through the "Validate modules" option, which performs integrity checks on specified imported modules at runtime to prevent them from being replaced with malicious versions.

For access control, PC Guard offers a straightforward Password Protection feature. When enabled, it prompts the end-user for a password on every application launch, irrespective of the application's licensing status (e.g., demo, locked, or unlocked). This feature provides a persistent barrier to entry and can be combined with any of the software's other protection methods.

Application encryption and integrity

PC Guard's encryption system is a foundational security measure designed to protect the application's binary code from unauthorized analysis and modification. The system ensures the application is encrypted during the protection process and remains in an encrypted state during distribution.

Core encryption mechanism

The protection code integrated into the application handles decryption automatically and transparently once the application is loaded into memory. This in-memory decryption process is crucial for preventing malicious patching of the application file on disk. Even if all user-configurable encryption options are disabled, the documentation states that "some important parts of application are still encrypted."

Configurable encryption targets

Developers can select specific components of the application to be encrypted. The available options include:

A key consideration is that enabling all encryption options may cause compatibility issues with some programs, potentially leading to a "File damaged!" error. The recommended troubleshooting step in such cases is to disable encryption for the data, code, and/or resource sections.

Module integrity validation

The "Validate modules" feature provides an additional layer of security by ensuring the integrity of specific imported modules used by the application.

• Functionality: During the protection process, PC Guard saves information about selected modules. At runtime, the protection code verifies that these modules have not been altered or replaced with different or malicious versions before they are used.
• Intended Use: This feature is designed for a developer's own modules or specific third-party modules, not for standard Windows system modules.
• Implementation Requirements:
  • The modules targeted for validation must be located in the output directory when the protection process is invoked.
  • These same modules must be distributed alongside the protected application to ensure the integrity checks can be performed on the end-user's computer.

Password protection

PC Guard provides a direct method for controlling access to a protected application through a password prompt.

Functionality and behavior

When password protection is enabled, the application will require a password on every execution. This behavior is consistently enforced regardless of the application's licensing status, applying equally to demo, locked, and fully unlocked versions. If an incorrect password is provided, the end-user is prompted to enter it again.

Configuration and security

The setup for this feature involves two primary steps:

1. Enabling the "Password protection" checkbox.
2. Setting the desired password access string.

For enhanced security, an additional option, "Use password string for file encryption," can be selected.

Password requirements and compatibility

The password access string is governed by the following rules:

• It must be a minimum of six characters long.
• It is case-sensitive.

This password protection feature is designed to be fully compatible and can be used in conjunction with any other protection method offered by PC Guard.