有任何疑问,请联系我们:china@enigmaprotector.com

帮助

使用教程

Fight with Trial Reset Tools

This tutorials commonly is written for developers who are using Trial limitations for your applications. There is written how the Trial could be improved, and how to avoid it's resetting.

It is not a secret trial information can be stored into the registry or the file. What does trial information mean? Trial information is a set of data, for example, number of left executions (to allow protector to count number of expired trial executions), number of left days and the date of the last execution (to check reversing of the system clock). At the start of protected file on the user's pc, program tries to find trial records to calculate trial information, if this is a first execution then program does not find nothing and becomes to think trial period has started, all counters have zero values. Please note, after trial has expired, program does not run anymore and require registration. Many tools are using this vulnerability to reset trial (restore trial period like the program start on the PC first time). Reset trial there means just deleting any trial information program created.

Usually, all protection systems are storing their trial information in the well known places. This could be a registry item and/or just hidden file. All these places are well known by crackers. It would take few seconds to delete trial information to restore trial and start using your program again. Unbelievable, but almost nothing can help you to avoid this. Our goal is to make trial reset more difficult, and commonly - avoid resetting of trial by automatic tools (there already are dozen of such tools).

Let's cheat automatic programs firstly. All such programs simply try to find trial data by the file name, registry parameters and values types, size of trial data and some other parameters. What if we change the usual path of trial storing? Yes, trial reset tool does not find this and does not reset trial.

Since version 1.92 Enigma Protector supports manual defining of trial paths. You may enter any registry or file path where the trial information will be stored. The interface of new feature is quite simple and very effective! See picture below.

Each trial save parameters could be manually adjusted, the system is very flexible.

There you may enter any number of trial and registry paths where trial information will be stored. Note, not only these paths will be used for trial storing, it is just additional for the internal Enigma Protector functionality (that surely already known). So, if cracker (or any automatic reset tool) will delete all trial registry and file items, but will keep at least one - the trial will not be reseted and will keep the same.

Previous advice will help 100% avoid from trial reset tools and many crackers, but will not make your application safe against very advanced crackers.

Let's now try to cheat more advanced crackers. That's appeared a very huge deal, but I think it is possible!

Initially, I will show you a couple of ways how the crackers are finding trial information. Usually they use monitoring tools like RegMon (to view the registry items your application access) and FileMon (to view files access).

After application is run you may see such access in RegMon:

or FileMon:

if cracker find all these places, it will not be difficult to reset trial. So, to hide your application from different monitoring tools we may just disable executing of protected file if RegMon or FileMon is running. How to do this is written in our second tutorial there: Protecting files against file/registry monitors, debuggers, screen capturing tools with Enigma Protector .

Continue talking regarding cheating of advanced crackers. Custom methods of trial checking are also great advice. We may implement own trial counter in the plugins, for example. Plugin will simply load/save trial information from registry and check it. Please note, we will make little secret, that will allow to cheat crackers. Usually, many protection systems check trial at the file start and crackers analyze registry or file monitores log appeared after few seconds since the file start. The secret of our plugin will the delay of file executing and trial checkup. We will load and check trial after a minute since file start and show trial message also after a minute since trial checkup. Below is the Delphi code of such plugin. It will check the number of trial executions (together with standard Enigma trial because plugin also uses Enigma API, do not forget to enable Trial limitation of executions in your project). Plugin should be copied into Plugin folder, and after restart of Enigma you will see it in the plugins list.

library plugin;

uses
  Registry,
  Windows,
  Math;

function Enigma_Plugin_About : PWideChar;
begin
  // Function returns a wide string that will be shown in about column in Enigma Miscellaneous - Plugins
  Enigma_Plugin_About := 'Trial check plugin';
end;

function Enigma_Plugin_Description : PWideChar;
begin
  // Function returns a wide string that will be shown after user clicks on the plugin in Enigma Miscellaneous - Plugins
  // It may contain, for example, usage instructions
  Enigma_Plugin_Description := 'Trial check plugin';
end;

procedure Enigma_Plugin_OnInit;
begin
  // This function is calling when the protected file is being initialized
  // when main program is not initialized yet
end;

var
  t_id : dword;
  te_id : dword;
  EP_TrialExecutionsTotal : function : dword;
  EP_TrialExecutionsLeft : function : dword;

procedure Trial_Expired(hwnd : HWND; uMsg, idEvent, dwTime : dword); stdcall;
begin
  if idEvent <> te_id then Exit;
  // Simply exit
  ExitProcess(0);
end;

procedure Trial_Timer(hwnd : HWND; uMsg, idEvent, dwTime : dword); stdcall;
var
  LeftExecutions : integer;
  found : boolean;
begin
  if idEvent <> t_id then Exit;
  KillTimer(hwnd, t_id);
  // Load trial
  found := false;
  LeftExecutions := EP_TrialExecutionsTotal;
  with TRegistry.Create(KEY_READ) do
  begin
    RootKey := HKEY_CURRENT_USER;
    if OpenKey('SOFTWARE \\MyProgram\\MyData', false) then
    begin
      if ValueExists ('Value') then
      begin
        ReadBinaryData ('Value', LeftExecutions, 4);
        found := true;
      end;
    end;
  end;
  // Decrease trial counter
  if LeftExecutions > 0 then
  begin
    Dec (LeftExecutions);
  end;
  //
  if found and (EP_TrialExecutionsTotal > 0) then
  begin
    LeftExecutions := Min(EP_TrialExecutionsLeft, LeftExecutions);
    if LeftExecutions <= 0 then
    begin
      // Trial has expired...
      // run new timer that will close application
      te_id := SetTimer(0, 1, 60 * 1000, @Trial_Expired);
    end;
  end;
  // Save trial
  with TRegistry.Create(KEY_WRITE) do
  begin
    RootKey := HKEY_CURRENT_USER;
    if OpenKey('SOFTWARE\\MyProgram\\MyData', true) then
    begin
      WriteBinaryData('Value', LeftExecutions, 4);
    end;
  end;
end;

procedure Enigma_Plugin_OnFinal;
begin
  // This function is calling when the protected file is initilized,
  // main program encrypted and ready for execution
  // Initialize Enigma API
  EP_TrialExecutionsTotal := GetProcAddress(GetModuleHandle('enigma_ide.dll'), 'EP_TrialExecutionsTotal');
  EP_TrialExecutionsLeft := GetProcAddress(GetModuleHandle('enigma_ide.dll'), 'EP_TrialExecutionsLeft');
  // Create a timer that will be activated after a minute and will check number of using day
  t_id := SetTimer(0, 1, 60 * 1000, @Trial_Timer);
end;

exports
  Enigma_Plugin_About,
  Enigma_Plugin_Description,
  Enigma_Plugin_OnInit,
  Enigma_Plugin_OnFinal;

begin
end.

Downloads:
plugin.zip - binary and source of above plugin

If you have any suggestions/comments you may post it in out support forum Forum: Fight with Trial Reset Tools
This article is written for educational purposes only. The author does not carry any warranties/liability for using this information.
Author: Vladimir Sukhov
Date: 10 March 2010