This document provides a comprehensive overview of the PC Guard software protection technology, a solution designed to prevent reverse engineering, illegal distribution, and unauthorized use of Windows applications. PC Guard operates as an "out-of-the-box" system, wrapping compiled applications in a secure envelope without requiring source code modification, making it accessible to developers of all skill levels.
The core of the technology is its Standard Protection, which includes application wrapping, encryption, anti-debugging, and anti-decompilation measures. Building upon this foundation, PC Guard offers four distinct protection methods: PLAIN (standard protection only), REMOTE (adds machine locking and activation), NETWORK (adds network licensing), and USB (adds locking to USB devices).
A central feature is Machine Locking, which links software to a specific computer to enforce single-use licenses. This is achieved by generating a unique machine identifier (Site/MID code) based on a selection of seven distinct software and hardware parameters, such as CPU ID, BIOS ID, and Hard Drive ID. The system includes a flexible licensing policy that can manage hardware changes to prevent unnecessary license resets. Activation can be performed securely offline (via phone, email, etc.) or fully automated online using the Activation Center.
The platform offers an extensive feature set covering trial mode limitations, serial number tracking, license management (transfer, removal, extension), network licensing, runtime encryption (RTE), and specific support for applications created with Node.js and Python.
1. The Protection Lifecycle
The PC Guard system integrates into the software distribution process through a defined, automatable workflow. The process consists of six primary stages:
- Develop: The standard application development process.
- Build: The application is compiled into its release version from the source code.
- Protect: The compiled application is processed with PC Guard. This step can be automated via a command-line interface.
- Package: The protected application is digitally signed and packaged into a distribution format (e.g., .exe, .msi, .zip).
- Distribute: The final package is distributed to end-users through any channel, such as the internet, CD, DVD, or USB drive.
- Activate: The end-user activates the protected application with a unique activation code, locking it to their machine.
2. Core Protection Technology
PC Guard's protection is applied directly to compiled applications, making it compatible with a wide range of native Windows, .NET Framework, and .NET Core applications, regardless of the programming language used.
2.1. The Security Envelope and Standard Protection
At the heart of the system is the Security Envelope, a multi-layered wrapper that contains encryption, anti-debugging, and anti-reverse engineering code. During the protection process, the application is encrypted and this security envelope is embedded into it.
Upon launch, the protection code within the envelope gains control. It performs critical checks on license status, demo limitations, and application integrity. It then decrypts the application in memory and passes control to it, crucially without ever dumping the decrypted code to the hard drive.
This process constitutes the Standard Protection, which is universally applied and includes four key components:
- Wrapping: The application is encased in the security envelope.
- Encryption: The application's code is encrypted.
- Anti-Debugging: Specialized code is embedded to prevent runtime analysis and debugging.
- Anti-Decompilation: Measures are implemented to ensure the application cannot be decompiled.
2.2. Protection Methods
Four distinct protection methods are available, each building upon the Standard Protection baseline to offer different licensing models.
| Method | Base Protection | Added Features |
| PLAIN | Standard Protection | None |
| REMOTE | Standard Protection | Machine Locking + Activation |
| NETWORK | Standard Protection | Network Licensing |
| USB | Standard Protection | USB Locking |
3. Machine Locking and Activation
The REMOTE protection method is built around the concepts of machine locking and software activation to prevent unauthorized copy and distribution.
3.1. Machine Locking Mechanism
Machine locking is the process of linking a protected application to a specific computer. This is accomplished by generating unique Site/MID codes for each machine. These codes are derived from two sources:
- Enabled Locking Parameters: A selection of hardware and software identifiers on the target machine.
- Application Signature: A value that uniquely identifies the protected application's project files.
If the application is moved to another computer, it will generate different Site/MID codes and require a new activation.
3.2. Locking Parameters
There are seven different locking parameters that can be used to generate the machine ID. These are divided into software and hardware categories.
| Parameter | Type | Description |
| OS ID | Software | Identifier based on the Operating System installation. |
| HD ID | Software | Identifier based on the Hard Drive (software level). |
| HD ID (HW) | Hardware | Identifier based on the Hard Drive's hardware serial. |
| CD/DVD ID (HW) | Hardware | Identifier based on the CD/DVD drive's hardware. |
| NET ID (HW) | Hardware | Identifier based on the Network Adapter's MAC address. |
| CPU ID (HW) | Hardware | Identifier based on the Central Processing Unit. |
| BIOS ID (HW) | Hardware | Identifier based on the system's BIOS. |
3.3. Flexible Licensing Policy
The system provides robust controls for managing how license status is affected by changes in the host machine's configuration.
- Mandatory Locks: Any lock can be marked as mandatory. If the protection code cannot obtain the value for a mandatory lock on a user's machine, an error is displayed.
- License Reset: By default, any change in a selected locking parameter will cause the license to be erased,
Site/MIDcodes to change, and a new activation to be required. - Changeable Flags: To add flexibility, this default behavior can be customized. A locking parameter can be marked as
Changeable, allowing it to be altered without invalidating the license. - Hardware Change Limits: If multiple hardware locking parameters are marked as
Changeable, the license will not reset as long as the total number of hardware changes remains below a predefined maximum limit. - Machine ID Decoding: A utility is available in the activation panel to decode a
Site/MIDcode and view the value of each locking parameter. This helps diagnose and validate user requests for new activation codes by comparing old and new machine configurations.
3.4. Software Activation Process
Activation is the process of exchanging keys between the software vendor and the end-user to validate a license.
- Workflow: The end-user runs the software, which generates a
Site/MIDcode. They submit this code to the vendor. The vendor uses it to generate a corresponding activation code, which is sent back to the user to unlock the application.
- Offline Activation: By default, an internet connection is not required. The exchange of codes can be handled via phone, fax, or email, ensuring accessibility.
- Automated Activation: The entire process can be fully automated with the Activation Center.
4. Comprehensive Feature Set
Beyond the core protection and licensing models, PC Guard offers a wide array of features to control application usage and distribution.
| Category | Feature | Description |
| Security & Anti-Tampering | Encryption | Protects against reverse engineering and analysis. |
| Runtime Encryption (RTE) | Code remains encrypted even while in memory. | |
| VM Detection | Prevents the application from running on virtual machines. | |
| Remote Access Disabling | Blocks application use over remote connections. | |
| IP Filtering | Restricts access to specific IP addresses or sub-domains. | |
| Folder Lock | Locks the application to its installation directory. | |
| Licensing & Distribution | Trial Mode | Creates demo versions with limits on executions, days, a fixed date, or timers. |
| Serial Numbers | Allows tracking of individual software copies with unique serials. | |
| Network Licensing | Controls the number of concurrent workstations that can access the application. | |
| Updates Policy | Manages user access to application updates based on their license. | |
| Secure Distribution | Enables secure distribution over the internet or physical media. | |
| Royalty-Free | Protect and distribute an unlimited number of applications. | |
| License & User Management | License Removal | Allows clients to securely remove a license from a computer. |
| License Transfer | Enables clients to move a license from one machine to another. | |
| License Extension | Provides a mechanism to update the parameters of an issued license. | |
| User Control | Limits application access based on the type of Windows user account. | |
| Limit Instances | Restricts the number of application instances that can run simultaneously. | |
| Customization & Integration | Custom Dialogs | Allows replacement of default UI dialogs with custom ones. |
| Languages Editor | Facilitates easy management of UI messages for different languages. | |
| Custom Features | Allows for enabling or disabling different application features based on license. | |
| Custom Counters | Provides a secure way to manage and save custom values from within the application. | |
| Node.js & Python Support | Offers special support for apps built with nexe, pkg, Pyinstaller, and Nuitka. |
5. System Compatibility and Implementation
- Operating Systems: Protected applications are compatible with the latest 32-bit and 64-bit desktop and server Windows operating systems.
- Storage Media: Applications can be run from any storage device, including hard drives, USB drives, and read-only media like CDs or DVDs.
- Ease of Use: The solution is designed to be an out-of-the-box system. No additional programming or source code editing is required by default, making the protection process simple and effective for all user levels.