Custom Builds 定制结构
If you distribute your programs on the Internet, you might be concerned that any generic crack for SoftwarePassport/Armadillo will put your programs at risk.
如果你在互联网上发布你的程序,你可能关心任何普通的SoftwarePassport/Armadillo破解者将破解你的程序。
Fortunately, this doesn't have to be a problem. Generic strippers and unpackers can only be designed for the public version of SoftwarePassport/Armadillo. They rely on certain information always being stored in the same place in the SoftwarePassport/Armadillo shell code. By simply moving this data, we can break any existing cracking program, so that your program will have to be cracked by hand, by a fairly competent cracker. There are a very limited number of crackers with the necessary skills, so unless your program is very popular, it is unlikely to attract the attention of one of them.
幸运的是,这不是一个问题。普通的脱壳器只是为SoftwarePassport/Armadillo的公共版本设计。他们依赖于在SoftwarePassport/Armadillo壳代码里的总是储存在相同位置的确定信息,通过移动这个数据,我们可以突破任何已经存在的破解程序,因此你的程序将不得不手工破解,由非常有能力的破解者。有必须技能的破解者的数量是非常有限的,因此除非你的程序非常流行,是不太可能注意他的。
We have set up a process whereby each of our customers can get a custom build of SoftwarePassport/Armadillo, with this data stored in different randomly-generated places and all the defensive options enabled. To get one, just use the "Get Custom Build" option on the Help menu of Armadillo itself. You'll need to use it from a copy of SoftwarePassport/Armadillo that has your key installed though, it uses the key for validation.
我们设置了一个过程,由此每个用户可以获得一个定制结构的SoftwarePassport/Armadillo,这个信息储存在不同的随机产生的位置并开启了所有的防御选项。如果要这样做,仅使用在Armadillo的帮助菜单里的 "Get Custom Build"选项即可。你需要从安装了密匙的SoftwarePassport/Armadillo里使用他,因为他需要密匙来确认。
At present, this service is free to anyone who has purchased SoftwarePassport/Armadillo.
目前这个服务对购买了SoftwarePassport/Armadillo的人来说是免费的。
Nanomites 如何翻译???
The option is an additional protection (only available in custom builds), which ensures that your program won't run if a cracker manages to remove the protective Armadillo shell from it. It requires "markers" to show it where to place them. Please see the Nanomites.txt file, distributed with all custom builds, for full information on this option.
Nanomites选项是一个额外的保护(只在定制结构里提供),确保你的程序不能运行,如果一个破解者设法从他去掉Armadillo的保护外壳,他需要"markers"显示他们放在哪里。请看Nanomites.txt文档,随定制结构发布,关于这个选项的完整信息。
The Project 工程
A SoftwarePassport/Armadillo project stores information about a single program's protection.
一个SoftwarePassport/Armadillo工程储存一个单一的程序保护的信息。
Please note: You can change SoftwarePassport/Armadillo's project and certificate settings at any time, but the changes cannot take effect until you re-protect your program and give that re-protected version to the person who will be using it. SoftwarePassport/Armadillo stores your settings in the program file itself when it protects it; the program cannot access the project file after that to see what settings have changed.
请注意:你可以在任何时候改变SoftwarePassport/Armadillo的工程和证书的设置,但是这个改变不能起效直到你重新保护你的程序,并给重新保护的版本到使用者。当保护时,SoftwarePassport/Armadillo在你的程序文件本身储存你的设置信息,保护之后,程序不能访问工程文件来看改变了什么设置。
This section gives information on the various parts of a SoftwarePassport/Armadillo project.
这节给出SoftwarePassport/Armadillo工程的各部分的信息。
The Default Project File 缺省工程文件
The Default Project File, added in Armadillo 3.40, is a filename you can use to save your default settings for new projects. SoftwarePassport/Armadillo looks for this file when you tell it to load a new project, and if it finds it, loads it (otherwise it uses the defaults built into it).
缺省工程文件,在3.40版增加,是你可以用来为新建工程保存缺省设置的文件名。当你新建一个工程时,SoftwarePassport/Armadillo查找这个文件,如果找到就加载他(否则使用缺省built into it).???
The Default Project File is located in the same directory as the SoftwarePassport/Armadillo executable, with a filename that consists of a single exclamation point, followed by the standard .ARM extension: "!.ARM". It never appears in the Recently Used Files list.
缺省工程文件放在SoftwarePassport/Armadillo执行文件的相同目录,文件名由一个感叹号和标准的.ARM扩展名组成。"!.ARM".他不出现在最近使用的文件列表里。
The Project ID 工程ID
The project ID is used to select the locations where, on the user's system, SoftwarePassport/Armadillo stores information about your program. It must be unique, or as close to it as you can get -- don't use a generic name that another developer might also use, or your programs will write over each others' information! We recommend using the name of your company, followed by the name of your program; for example: "Silicon Realms SoftwarePassport/Armadillo".
工程ID用来选择在用户的系统上,SoftwarePassport/Armadillo储存关于你的程序的信息的位置。他必须是唯一的,或者是近乎唯一的―不要使用其他开发者或许也会使用的一般的名, 或者你的程序将覆盖别人的信息。!我们建议使用您公司名,跟您的程序名,例如:"Silicon Realms SoftwarePassport/Armadillo".
Under some circumstances you will want several programs to have the same Project ID, so that they can share the same key information and the user only has to enter it once, but in all other cases you should make this different and unique for every project.
有些情况下你想几个程序拥有相同的项目ID,因此你可以共享相同的密匙信息,用户只需要输入一次,但是在所有其他情况下,你应该使每个项目的ID不同和唯一。
Once you create a project, this field is locked to prevent accidental changes.
一旦你创建了一个项目,这个区域被加锁防止意外的改变。
Data After Program Options (Professional Edition only)
程序后数据 选项(专业版提供)
Some programs (notably those built with FoxPro and most e-books, but there are many other examples of this) store extra information after the main part of the program. These options let you select how SoftwarePassport/Armadillo will protect this data. If your program doesn't include any of this data, then these options will have no effect.
一些程序(特别是那些用FoxPro和大多数e-books创建的,还有很多其他的)在程序的main part后储存额外的信息。这些选项让你选择SoftwarePassport/Armadillo将如何保护这个数据。如果你的程序不包括任何这个数据,那么这些选项将没有用。
• Protect, fake data location and headers. Includes the same data-location faking as the option directly below, but also fakes the original headers of the program file, in case the program stores information in a strange location. Should only be needed for an extremely small fraction of programs.
保护、伪造的数据位置和头文件。包括相同的数据位置伪造,就像下边的选项。,但是同时伪造了程序文件的原始头文件,程序出错信息在一个奇怪的位置,只为一个非常小的程序片断需要。
• Protect and fake original data location. When this option is selected, SoftwarePassport/Armadillo will protect this data (like the option below), but the program will see it as being in its original location instead of at the end of the physical file. This option is not needed for most programs (including SoftwarePassport/Armadillo FoxPro programs), only those which look for their data at a specific offset in the file.
保护和伪造的原始数据位置。当选择这个选项,SoftwarePassport/Armadillo将保护这个数据(就像下边的选项),但是程序可以看见就像是在原来的位置而不是物理文件的末尾。这个选项大多数程序不需要(包括 SoftwarePassport/Armadillo FoxPro 程序),只用于在文件的一个固定偏移寻找他们的数据的程序。
• Protect and leave at end of file. The default option. When selected, SoftwarePassport/Armadillo protects this data by removing, compressing, and encrypting it. Your program will see it at the end of the physical file, as it always did, but it won't actually exist there, and other programs will not be able to see any of it. This option is recommended for FoxPro programs, to protect them from the ReFox decompiler, but either of the above provide protection too.
保护和留在文件末尾。缺省选项。当选择,SoftwarePassport/Armadillo通过移动、压缩和加密来保护这个数据。你的程序将在物理文件的末尾看到他,就像通常那样。,但是实际上不在那里,其他程序看不到他。推荐FoxPro程序使用这个选项,保护他们防止反编译,但是上边提供的也提供保护(防止反编译)。
• Leave completely alone. This option leaves any data after the program untouched. Recommended only if this data must be accessed by other programs as well as your own.
保留独立。这个选项保留任何数据在程序后边。推荐只是如果这个数据就像你的程序一样也必须被其他程序访问时。
Many third-party programs require specific settings on this page. The ones that we know of are listed under How to Protect Specific Kinds of Programs.
许多第三方程序需要在这个页面上特殊设置。我们知道的列在下边,如何保护特殊种类的程序。
Interception Options 中断选项
SoftwarePassport/Armadillo intercepts (redirects) certain Windows API calls, such as GetEnvironmentVariable, to provide some of its features. These functions go through SoftwarePassport/Armadillo's code first, and it takes some action (like seeing if the variable is one that SoftwarePassport/Armadillo is providing, and if so returning its value) before passing the call to the original function. For a very few programs, you may also need to intercept external DLLs or OCXs that your program uses, but be warned that certain DLLs react badly to this on some machines.
SoftwarePassport/Armadillo中断(重定向)某些win API 调用,例如GetEnvironmentVariable,来提供一些功能。这些函数首先遍历SoftwarePassport/Armadillo的代码,并执行一些操作(像查看一个变量是否SoftwarePassport/Armadillo正提供的,是否如此返回他的值)在传递调用给原始函数前。对很少的一些程序,你或许还需要中断你的程序使用的外部DLLs或OCXs,但是注意某些DLLs在一些机器上对此反应很差。
The only time a DLL needs to be intercepted is when that DLL also has to have access to SoftwarePassport/Armadillo's replacement functions. For example, Visual BASIC 6 programs have to have MSVBVM60.DLL intercepted, because the programs themselves don't call any functions, they rely on the DLL to do it for them.
只在当DLL也不得不访问SoftwarePassport/Armadillo的替换函数时,一个Dll需要被中断。例如,VB6程序不得不在MSVBVM60.DLL中断,因为程序自身不调用任何函数,他们依赖于DLL来做。
You generally do not need to make any changes to this setting. The default option, Intercept Selected, automatically intercepts the DLLs needed for various programs (such as Visual BASIC and Visual FoxPro) that are known to be needed.
你通常不需要改变这些设置。默认选项,中断被选择,根据不同的程序所需要的自动中断dlls(例如VB和Visal FoxPro)。
If you wish to specify your own DLLs, press the Select DLLs button. This allows you to create a list of DLL/OCX files that you specifically wish to (or wish not to) intercept. You must enter the filename, including extension, of the DLL/OCX that you wish to include in the list -- wildcard characters are not permitted. You can also select whether to intercept or not intercept any DLL which is not in the list. Including a DLL/OCX in the list which your program does not use does not cause a problem, it will just be ignored.
如果你想指定你自己的Dlls,点击选择Dlls按钮。这个允许你创建一个你明确的想(或者不想)中断的 DLL/OCX列表文件。你必须输入你想包括在列表里的DLL/OCX的文件名,包括扩展名,--不允许使用通配符。你也可以选择中断或者不中断不在列表里的任何DLL。列表里包含一个你的程序不用的DLL/OCX不会发生问题,他将只是被忽略。
Do NOT use Intercept All in release versions of your programs. As mentioned previously, a few DLLs (including some DLLs that are part of Windows on some systems) react badly to being intercepted by SoftwarePassport/Armadillo, and will cause problems.
不要使用终端ALL在你的程序的发行版本里。就像前边提到的,一些DLLs(包括在一些系统上Win自身的一些Dlls)被SoftwarePassport/Armadillo中断时反应很差,并将导致问题。
Protection Options 保护选项
SoftwarePassport/Armadillo offers several forms of protection once your program is running. The "standard protections" are part of SoftwarePassport/Armadillo's design; they cannot be disabled.
SoftwarePassport/Armadillo提供多种保护形式,当你的程序运行时。标准保护是SoftwarePassport/Armadillo'的设计的部分,不能禁用。
The anti-dumping protections (Nanomites, Import Table Elimination, Strategic Code Splicing, and CopyMem-II) are more powerful methods of protection, but some programs don't like some of them (which is why standard protections only is the default setting for new projects); most of them also require a custom build to use. These options make it very difficult for a cracker to extract a working version of your program from the SoftwarePassport/Armadillo shell, even if they can get through the other defenses, but requires more work on your part. (Please note that CopyMem-II and the Nanomites cannot work with DLL or OCX files, only with EXEs and screen savers.)
防转存保护(Nanomites, Import Table Elimination, Strategic Code Splicing, and CopyMem-II)是更强方式的保护,但是一些程序不太喜欢他们(这就是为什么标准保护只是新工程的缺省设置);大多数还需要一个定制结构来使用。这些选项使得一个破解者从SoftwarePassport/Armadillo外壳破解出正常运行的版本非常困难,即使他们能突破其他的防护,但是在每个部分都需要更多的工作。(请注意 CopyMem-II和Nanomites不能与DLL或OCX文件合作,只能和 EXEs 和屏幕保护程序合作)
There are two things to consider when choosing a protection option. One is the running speed of your program: CopyMem-II can slow a running program down drastically, depending on how it jumps around in memory. The Nanomites cause a small delay whenever one of them is hit (it can quickly add up); this is rarely a problem though, since you can control where they're placed. Import Table Elimination has no effect on the speed of your program. Strategic Code Splicing might have a minimal effect, but it's unnoticeable in almost all cases. The standard protections do not affect your program's speed once it's started.
当选择一个保护选项时有两个事情考虑。一个是你的程序的运行速度:CopyMem-II可以显著降低程序运行的速度,依赖于他在内存里如何跳转。Nanomites会导致少许的延迟当one of them is hit (it can quickly add up);可是这不是什么问题,因为你可以控制把他们放在哪里。隐藏输入表对速度没有影响。代码拼接有很小的影响,但是大多数情况下都注意不到。标准保护不影响程序速度一旦启动后。
The other thing to consider is compatibility; some programs simply will not work with some of these options.
需要考虑的其他事情是兼容性;一些简单的程序不适合这些选项中的某些。
To test the speed: Protect your program with the setting you wish to test and run it. For the speed test, select the function that requires the most processing (such as print preview, or some form of recalculation); compare the time it takes when the program isn't protected with the time when it is. If it runs well on both, then the rest of your program should also.
测试速度:使用你想用的设置保护你的程序并测试和运行他。对于速度测试,选择需要大量处理的功能(例如:打印预览,或一些形式的重算),比较当程序没有保护和保护时使用的时间。如果都运行良好,那么其他程序也可以。
To test compatibility: Simply starting up the program is a good indication of compatibility; most of the time, if you use an option that the program won't tolerate, it will crash, hang, or simply vanish within moments of starting, or won't start at all. Once it's running, check to see if all icons appear, and all main functions work properly; if so, your program should have no problem with that setting.
测试兼容性:简单启动程序是兼容性的一个好的指示。大多数时间,如果你使用一个程序不兼容的选项,他将崩溃,挂起或者只是启动后很快消失,或者根本不启动。一旦运行,检查是否所有的图标出现,和所有的主要功能工作正常,如果这样,你的程序使用那些设置应该没有什么问题。
Note: We've found a very few programs that work fine with the Debugger-Blocker or CopyMem-II when running under Windows NT, 2000, or XP, but crash when running under Windows 98 or ME, due to a rare bug in these versions of the operating system. The symptom it shows when this problem happens is an Access Violation at a random address, with the message "tried to read from 0xFFFFFFFF". If you're using the Debugger-Blocker or CopyMem-II, we recommend testing your program under one of these operating systems if possible, or at least watching for reports of errors like this. The only solution at present is NOT to use the Debugger-Blocker or CopyMem-II; the standard protections (the default) are not affected by this problem.
注意:我们发现很少程序当运行在 Windows NT, 2000, or XP,系统时与Debugger-Blocker或CopyMem-II合作良好,但是在Windows 98 or ME下运行会发生崩溃,由于操作系统的这些版本里的一个罕见的bug。症状表现为当这个程序发生时非法访问一个随机地址,信息显示"tried to read from 0xFFFFFFFF".如果你使用Debugger-Blocker or CopyMem-II,我们建议如果可能的话,在这些操作系统下测试你的程序,或者至少察看像这样的错误报告。目前解决的唯一办法就是不使用Debugger-Blocker or CopyMem-II;;标准保护(默认的)不受这个问题影响。
Also note: If your program is extremely small (i.e. if the code section is less than 24KB), then CopyMem-II will do very little to protect it. In practice, this only affects assembly-language programs -- all other compilers that we know of have an overhead that is more than sufficient to push it past this boundary.
注意:如果你的程序非常小(例如,如果代码段小于24KB),那么CopyMem-II 在保护他上作的很少。实践上,这只影响汇编语言程序--所有我们知道的有一个overhead 的其他的编译器
Once you have determined the best setting to use, you probably won't need to test it again for the life of the program.
一旦你确定了你使用的最好的设置,你或许不需要在程序的使用期中再次测试。
The Splash Screens
By default, SoftwarePassport/Armadillo puts up a small "Loading" window while it decrypts and decompresses your program. This lets the user know that the computer is working, especially with larger programs on slower computers. The options in this section let you disable this window, or replace it with your own bitmap(s) for a more professional look.
默认,SoftwarePassport/Armadillo显示一个小的"Loading"窗口,当解密和解压程序时。这使用户知道计算机在工作,特别是大的程序在低速的计算机上。这部分的选项使你可以禁用这个窗口或者用一个你自己的位图代替,看起来更专业。
When you select the User Defined Bitmap, the Bitmap Options are enabled. These include the name of the bitmap file to use, the number of seconds to leave it showing after your program is loaded, and an option to make the window always-on-top.
当你选择一个用户自定义的位图,位图选项被启用。包括使用的位图文件的名字,程序加载后显示的时间秒,和一个使这个窗口总在最上边的选项。
The Test button is enabled any time you've selected a display window. It will bring up the bitmap you've selected (or the default "loading" dialog box) to show you how it will appear on the user's system. We recommend you test every bitmap the first time you use it, to ensure that SoftwarePassport/Armadillo is reading it correctly. Press any key, or click the window, to dismiss it.
当选择一个显示窗口后,Test 按钮任何时候可用。将显示你选择的位图(或者默认的"loading"对话框)来显示他在用户的系统上是如何显示的。我们建议你测试你第一次使用的每一个位图,来确保SoftwarePassport/Armadillo正确的读取。按任何键,或单击窗口,取消显示。
You can also (in the Professional Edition) have separate splash screens depending on the certificate in use.
你也可以(在专业版)有单独的splash screens依赖于使用的证书。
Note: If you use the User-Defined Bitmap option, we strongly recommend that you limit yourself to no more than a 320x240 bitmap, with only 16 or 256 colors. This minimizes the memory and load-time requirements, and will usually look good even on the most limited video hardware. The bars on the main display will show you how much space your bitmap is taking up after compression.
注意:如果你使用用户自定义位图选项,我们强烈建议你显示限制在不超过320x240,只有16或256色。这使得内存和加载需要的时间最小化,通常看起来不错,即使在的多数有限的视频硬件上。主窗口的状态条显示压缩后位图占多大的空间。
Language Editing 语言编辑
SoftwarePassport/Armadillo was designed to use US English for all of its prompts, but you can change this, or simply change the text of any prompt, using the Language Editor.
SoftwarePassport/Armadillo设计使用美国英语作为所有的提示语言,但是你可以改变,或者只是改变提示文本,使用语言编辑器。
To get to the Language Editor, go to the Edit Project screen, and select the Edit button next to Language. In this window you can select any of the messages shown by the SoftwarePassport/Armadillo shell and modify them. You can also define up to 31 other languages, in addition to SoftwarePassport/Armadillo's default US English. Languages are stored globally, so once you have defined a language for one project, you can simply select it for any other project.
要进入语言编辑,在编辑工程屏幕,选择语言选项页的编辑按钮。在这个窗口你可以选择SoftwarePassport/Armadillo外壳显示的任何提示信息并编辑他们。除默认的美国英语外,你可以最多定义31种其他语言,语言储存是全局的,因此一旦你在一个工程中定义了一种语言,你也可以在其它工程里选择他。
After editing a language, you will be prompted to switch the currently-loaded project to the language you last had selected. You can also select it manually on the Edit Project screen.
编辑一种语言后,你将被提示切换当前加载的工程到你最后选择的语言。你也可以手工选择在编辑工程屏幕。
SoftwarePassport/Armadillo also permits you to change the text of all the default messages as well. Simply enter the Language Editor, select US English for the language, and select the message you wish to change.
SoftwarePassport/Armadillo还允许你改变所有默认信息的文本。在语言编辑器里,选择美国英语作为语言,选择你想要改变的信息。
Note that you can now use environment variables in these strings as well.
注意:你也可以使用环境变量在这些字符串里。
Backing up your Languages
备份你的语言
All language text is stored in the file Armadillo.LNG, in the SoftwarePassport/Armadillo installation folder. If you use multiple languages, we recommend adding this file to your normal backup settings.
所有的语言文本储存在SoftwarePassport/Armadillo 安装文件夹的Armadillo.LNG,文件里,如果你使用多种语言,我们建议增加这个文件到你的通常备份的设置里。
Hardware Locking 硬件锁
(For further information, see the hardware locking discussion in the FAQ.)
(更多信息,参考FAQ里的硬件锁讨论)
One source of headaches for program authors is the tendency of people to install a copy of their programs on every computer they use -- when they've only paid for one copy. Hardware locking provides the solution. The Hardware Locking feature allows you to "lock" a registration code (and, by extension, your program) to a specific machine. The code will only work on that machine, or an exact duplicate of it (with respect to the items checked).
程序作者的一个头痛的问题是人们趋向于安装一个程序的副本在他们使用的每台计算机上―当他们只支付了一个副本的费用。硬件锁提供了解决办法。硬件锁功能允许你“锁定”一个注册码(和,通过附加到你的程序)到一个指定的机器。注册码只在那台机器有效,或者他的精确的复制品(选中相同的项目)
Hardware locking works by a machine "fingerprint." This fingerprint is a number that incorporates detailed information about the machine and can uniquely identify it. To make a key for a hardware-locked certificate, you must have the fingerprint of the machine to lock it to; this can be found on the "Register" dialog-box, or retrieved by your program through the FINGERPRINT (or ENHFINGERPRINT) environment variables.
硬件锁通过一个机器“指纹”工作。这个指纹是一个数字,合并关于机器的详细信息并能被唯一识别。为了给一个硬件锁证书制作一个密匙,你必须拥有要锁定的机器的硬件指纹;这个可以在注册对话框上找到,或者通过你的程序的 FINGERPRINT (or ENHFINGERPRINT)环境变量找回。
Because hardware-locking works on the security certificate level, you can make a single program that uses both hardware-locked and non-hardware-locked certificates. We recommend caution if you use both enhanced and standard hardware locking in a single program; although it will work just fine, it forces SoftwarePassport/Armadillo to display both hardware locking codes on the Register window, which can confuse the user.
因为硬件锁工作于安全证书级别,你可以使一个程序同时使用硬件锁和非硬件锁证书。我们建议谨慎如果你在一个程序同时使用增强的和标准硬件锁,尽管他也工作很好,他强制SoftwarePassport/Armadillo在注册窗口显示2个硬件锁代码,使用户搞乱。
You can allow a certain number of items to change (after the key is installed) before breaking the current key. We highly recommending using a "change" value of at least 1, to prevent keys from being broken regularly by innocuous changes to the system; if you're concerned that this might allow piracy, use a custom hardware locking selection and choose at least three or four hardware locking options. See the chart for details on the options available.
在破坏当前密匙之前你可以允许一定数量的项目发生改变(密匙安装后)。我们强烈建议使用一个“改变”值至少为1,防止密匙被系统的无关紧要的改变而规律的破坏;如果你担心这或许允许盗版,使用一个定制的硬件锁选择并选择至少3或4个硬件锁选项。见图表关于可提供选项的详细内容。
The primary controls on the hardware locking page are: "Use defaults", "Use custom settings", and "Use USB Key ("U3 Smart Device")"
硬件锁设置页的主要控制是“使用默认”“使用定制设置”“使用USB密匙”("U3 Smart Device")"
Warning: If the user changes any checked item on the machine (the motherboard, CPU, BIOS [including simply doing a flash-update of the BIOS], hard drive, etc) without first transferring the key to another machine, his key will become invalid and you will have to give him a new one. The same problem happens on some notebook computers -- the hardware fingerprint changes when they're connected to a charger or docking station. The best solution for this is to set the "change" value to at least 1 (as mentioned above), but if you choose not to do this, please document this potential problem for your programs.
警告:如果用户改变机器上任何检查的项目(主板、CPU、BIOS[包括将但的BIOS升级],硬盘等)没有转移密匙到另一台机器,他的密匙将变得无效你将不得不给他一个新的。相同的问题发生在一些笔记本电脑上―硬件指纹改变当被连接到一个充电器或者docking station.最好的解决办法就是设置“改变”值至少为1,(就像上边提到的),但是如果你选择不这么做,请为你的程序声明这个潜在的问题。
USB Hardware Locking USB硬件锁(狗狗?)
Using USB Key Hardware Locking 使用USB硬件锁
You can hardware lock your program to a U3 compatible USB flash drive. This will allow your user to carry a single copy of your program to various machines, but it will only run if the USB device is present.
你可以硬件锁定你的程序到一个U3兼容的USB闪存。这将允许你的用户装载你的程序副本在不同的机器上,但是只有USB设备在的机器上才能运行
Use a 'U3 Smart Device' USB flash drive for hardware locking. You can get more information on U3 Smart Devices, and find a list of the USB flash drives that support the U3 specification, at www.u3.com.
使用'U3 Smart Device'USB硬件设备作为硬件锁。你可以获得更多信息关于U3 Smart Devices,并找到一个支持U3规范的USB闪存的列表,在www.u3.com.
USB Key hardware locking is similar to using a hardware 'dongle' to protect your program. Instead of locking your program to a specific computer, it can run on any computer, but only when the specific USB device is plugged into the computer. This prevents the user from running on more than one computer at a time. The keys created for any certificate that uses USB Key hardware locking, are specific to one, and only one USB device. The correct USB device must be plugged into the computer when the user enters the corresponding key.
USB密匙硬件锁类似使用硬件(软件狗)来保护你的程序。而不是锁定拟定程序到指定的计算机。他可以在任何计算机上运行,但是只有插上特殊的USB设备时才可以。这阻止了用户同时在多个计算机上运行。为使用USB硬件锁的任何证书生成的密匙,指定到唯一的USB设备。当用户输入相应的密匙时必须在计算机上插上正确的USB设备。
Since USB Key hardware locking requires that your protected program access certain information on the USB device, you must supply the U3dapi10.dll file (Device API Library) with your program if this feature is used. (This file is included with Armadillo, and can be found in the 'SoftwarePassport' directory.
因为USB密匙硬件锁需要你的被保护程序访问USB设备上的某些信息,如果是使用这个功能,你必须你的程序一起提供U3dapi10.dll文件。这个文件包含在Armadillo,可以在该目录下找到。
When the DLL is installed, you can insert/remove the USB key while you're in the text Enter Key dialog, and it will display the changes in real-time. The HTML Enter Key dialog cannot do this, the USB key must be inserted before entering that dialog for proper operation.
当该DLL被安装,你可以插入/拔除该USB密匙当你在文本输入密匙对话框,他将实时显示改变。HTML输入密匙对话框不可以这样,在进入那个对话框进行正确的操作之前必须插入USB密匙。
The ENHFINGERPRINT environment variable will be ????-???? whenever the program is set to use a USB key and either the DLL or the USB key are not available.
ENHFINGERPRINT环境变量将是????-????当程序设置使用一个USB密匙和该DLL或者USB密匙不可提供时。
USB-locked keys won't appear in the create-key dialog at all.
USB密匙根本不出现在生成密匙对话框。
To use it: 为了使用这个:
Make sure DLL is available and USB device is plugged in
确定该DLLs被提供和USB设备被插上
Run program normally
正常运行程序
If DLL or device isn't available, program treats USB-locked key as invalid
如果DLL或者设备不可提供,程序认为USB锁密匙无效
The USB-locked key may need to be placed in a read-only INI file on the USB device in order to make it properly portable.
USB锁密匙或许需要放置在USB设备上的一个只读INI文件里,为了使他完全便携。
Note: When this option is selected, you will not be able to create keys for this certificate on your local machine; you'll need to go through Digital River or one of its subsidiaries for that.
注意: 当这个选项被选择,你将不能在你的本地机器上为这个证书创建密匙
Hardware Locking for U3 Smart Drive Applications 你将需要go through Digital River or one of its subsidiaries for that。
The "Require USB Present" option is necessary if your application will be used on a U3 Smart Drive. (See U3.com for information on U3 Smart Drives.) Unlike the other Hardware Locking options, this option applies to ALL certificates in this Armadillo project. If you intend that your program be installed on either a regular PC or a U3 Smart Device. You will need to create separate Armadillo projects (with unique Project ID's), and produce separate executables for these two destinations. (This is not as severe a restriction as it may seem, when the other requirements of producing an application for U3 Smart Drives are considered.)
"Require USB Present"选项是必须的,如果你的程序将使用一个U3 Smart Drive.(见U3.com了解U3 Smart Drives.的更多信息)不像其他的硬件锁选项,这个选项应用到这个arm工程的所有的证书里。如果你打算你的程序被安装在一个普通的PC或者一个U3 Smart Device.你将需要创建单独的arm工程(使用唯一的工程ID),并为这两个目的生成单独的执行文件。(这不像他看起来的那样,这并不是一个严格限制,当生成一个使用U3 Smart Device的应用程序的其他需求被考虑时。
The "Require USB Present" option causes all the protection parameters to be stored on the USB device, rather than on the host computer's hard disk or system registry. This is necessary for the U3 Smart Device application to be portable, and to run on whatever computer the U3 Smart Device is connected to.
"Require USB Present"选项导致所有的保护参数被储存在USB设备里,而不是计算机主机的硬盘或系统注册。这对U3 Smart Device应用程序便携来说是需要的,并运行在连接U3 Smart Device的所有计算机上。
When the "Require USB Present" option is used, the 'Standard hardware locking' option is not available. Each certificate either uses 'Enhanced hardware locking', in which case it is locked to a specific U3 Smart Device, or 'None', which can be run from any U3 Smart Device. Also, a 'Virtual Registry' is required for protected U3 Smart Drive applications. (A Virtual Registry wrapper will be available soon. ;-) )
当"Require USB Present"选项被使用,“标准硬件锁”不可用,每一个证书或者使用“增强硬件锁”,这种情况下他被锁定到一个指定的U3 Smart Device,或者'None',他能被运行从任何U3 Smart Device.同样,一个“虚拟注册”被需要用来保护U3 Smart Drive应用程序。(一个虚拟注册包装将被立即可用。)
Additional features and restrictions may apply if a SoftwarePassport/Armadillo-Capable Registration Service is used. Please see "Using Armadillo U3 protection features with supporting registration services" for details.
更多的功能和限制可提供如果一个oftwarePassport/Armadillo可注册服务被使用,请看“随支持注册服务使用Armadillo U3保护功能”
Transferring or Uninstalling (With Confirmation) A Hardware Locked Key
转移或卸载(带确认)一个硬件锁密匙
Transferring a Hardware Locked Key 转移一个硬件锁密匙
An extension to hardware locking, the Transfer Hardware Lock gives the user the ability to transfer a hardware-locked certificate to another machine (and removing the key from the original). This option also changes the hardware lock for the machine/program, making the original key useless.
作为硬件锁的一个扩展,转移硬件锁给用户转移一个硬件锁证书到另一台机器的能力(并从原来机器移除密匙)。这个选项也改变机器/程序的硬件锁,使得原来的密匙不可用。
Warning: This opens up the possibility of pirating; if it's done properly, someone can transfer the key, reload the program, and have two (or more) working copies. Because of this possibility, this option is disabled by default. It's here if you want it, just be sure you understand the risks.
警告:这打开了盗版的可能性;如果他被正确处理,一些人能转移密匙,重载程序,并拥有两个(或更多)有效副本。因为这个可能性,这个选项默认是禁用的。如果你想用,请确认你理解了该风险。
To use this option, the user will need the hardware fingerprint from the new machine; he then uses the TRANSFER command-line parameter and follows the instructions given. After doing so, he is shown the new key three times, with severe warnings that he must write it down or enter it immediately... since these urgent warnings are often ignored, the new key is (as of version 2.50) also quietly written to the file TRANSFER.TXT, in the root directory of drive C.
为了使用这个选项,用户将需要新机器的硬件指纹;他然后使用TRANSFER命令行参数按照给出的说明。然后,显示新密匙3次,和一些他必须记下来或者立即输入的警告…因为这些紧急警告别经常忽略,新密匙(版本2.50)也被安静写入TRANSFER.TXT文件,在C盘根目录。
Uninstalling a Hardware Locked Key (with Confirmation)
卸载一个硬件锁密匙(使用确认)
This is a feature that can only be used with Hardware Locked keys. You (or your customer) can tell SoftwarePassport/Armadillo to uninstall a hardware-locked key, and it will give you a code to confirm that the key has actually been removed.
这是一个只能用在硬件锁密匙的功能。你(或者你的客户)可以告诉arm卸载一个硬件锁迷失,他将给你一个代码来确认密匙实际上已被移除。
There are two ways you can do this. You can have the user run your protected program with the UNREGISTER command-line option (i.e. "YourProgram.exe UNREGISTER", without the quotes); SoftwarePassport/Armadillo will guide him through the process and give him the uninstall code to pass to you. Or you can do it programmatically, through ArmAccess.DLL's UninstallKey function, and retrieve the uninstall code from the environment variable UNINSTALLCODE. There is also a QUIETUNREGISTER option, but this is only useful in certain circumstances because it does not provide the uninstall code.
你可以通过2种方法来做。你可以让你的用户运行你的被保护程序使用UNREGISTER命令行选项(例如:"YourProgram.exe UNREGISTER",没有双引号);SoftwarePassport/Armadillo将引导他完成这个过程,并给他一个卸载码来传递给你。或者你可以程序实现,通过ArmAccess.DLL's UninstallKey函数,并从环境变量UNINSTALLCODE.找回卸载码。还有一个QUIETUNREGISTER选项,但是这只在因为他不提供卸载码的某些环境下有用。
(You can also UNREGISTER a hardware-locked server key this way as well, by calling it like this: "YourProgram.exe SERVER UNREGISTER" -- the SERVER command must come first.)
(你也可以UNREGISTER一个硬件锁服务器密匙,用这种方式通过像这样调用:"YourProgram.exe SERVER UNREGISTER" -- the SERVER命令必须在第一个)
To confirm the uninstall code, use the Check Key dialog (the Check Key option on the Keys menu in SoftwarePassport/Armadillo). You can also use the CheckUninstallKey function of CodeGen.DLL.
要确认卸载码,使用检查密匙对话框,(arm密匙菜单里的检查密匙选项)。你也可以使用CodeGen.DLL里的CheckUninstallKey函数。
Customizing the Hardware Fingerprint 定制硬件指纹(机器码)
If you choose to, you can customize the items SoftwarePassport/Armadillo checks to build the Standard and/or Enhanced hardware fingerprint for a machine. This section describes the options available, and the advantages and drawbacks to each.
如果你选择硬件锁,你可以定制SoftwarePassport/Armadillo控制创建一台机器的标准或增强的硬件指纹的项目。这部分描述可用的选项,和每个的优势和缺点。
The perfect hardware fingerprint would be unique to a specific machine, identical regardless of the operating system, unchanging when the system is reformatted, and would not rely on any items that can be changed by the user (accidentally or otherwise). In practice, this is impossible to guarantee, but with these options you can select the balance that most suits your specific needs. We cannot make specific recommendations for a particular program; the options you choose will depend on many factors, such as the type of program, the price of the program, the size of the market you're shooting for, and the support resources you can devote to it after the sale.
完美的硬件指纹应该是唯一的对于一台指定的机器来说,而不管操作系统,当操作系统重新格式化也不改变,并应不依赖于任何能被用户改变的项目(偶然的或者其他)。实际上,这是不可能保证的,但是,使用这些选项你能选择最适合你的特殊需要的平衡。我们不能给出一个明确的建议对于一个特定的程序;你选择的选项以来与很多因素,例如程序类型,程序价格,你的目标市场容量,你可以使用的售后支持资源。
The Chart 图表
The following chart summarizes the options available; it is color-coded, with the advantages in green, the drawbacks in red, and cautionary items or items that could be either in yellow.
We recommend using at least three different hardware locking options, for the least chance of having different machines with the same hardware fingerprint.
下边的图表总结了可用的选项;用不同颜色标记,优势用绿色的,缺点用红色的,警戒项目或者两者兼有的用黄色。我们建议使用至少3个不同的硬件锁选项,保证最低的平衡,不同的机器拥有相同的硬件指纹。
The recommendations in the chart are for the following categories:
图表中的建议遵循下边的范畴:
• LA: "Lowest Annoyance." This recommendation is geared toward the most forgiving hardware fingerprint possible while still keeping a decent level of security. With these settings, users can generally reinstall or upgrade the operating system and reinstall the application as much as they wish without affecting their keys, so long as they don't change any hardware or reformat the C drive.
• LA: "Lowest Annoyance."最少烦恼。这个建议用于可能最宽容的硬件指纹而仍然保持一个相当的安全水平。使用这些设置,用户可以通常重新安装或升级操作系统和任意次重装应用程序而不影响他们的密匙,只要他们没有改变任何硬件或重新格式化C盘。
• HO: "Hardware Only." With these settings, the user will only need a new key if he changes or upgrades any hardware, or changes from one operating system "family" to the other.
• HO: "Hardware Only."只有硬件。使用这些选项,用户将只需要一个新的密匙如果他改变或升级硬件,或操作系统从“family”改变到其他。
• MS: "Maximum Security." The most restrictive setting; if the user changes anything at all, he'll have to get a new key from you. Recommended only for those programs that absolutely must have this level of security, or are on machines that are never changed or upgraded.
• MS: "Maximum Security." 最大安全。最有限制的设置,如果用户改变任何一个,他将不得不重新向你获取一个新的密匙。建议只是绝对必须拥有这个安全级别的那些程序,或者在那些不会改变或者升级的机器上。
Also noted in the "recommendations" column are the settings for the default Standard (STD) and Enhanced (ENH) hardware locking, which are set to be relatively forgiving.
注意在“推荐”列是默认的标准和增强硬件锁的设置,设置为相对宽容。
The options and notes are described in detail below the chart.
选项和注意在下边的列表中被详细描述。
(此处省略,请参考帮助文档中的图表)
Notes and Option Details: 注意和选项细节:
CPU Information: This takes the CPU manufacturer, type, version, and other information into account. If used on a serial-number-enabled Pentium III, it will use that as well. There is a potential problem with it though: on certain systems (which are reportedly getting more common) it can change when the system is suspended or put into hibernation, or hooked to some pieces of hardware (such as a docking station or charger); in this case, it will revert back to the original code when the system is rebooted, or when the original hardware configuration is restored. On some such systems, it will change with no apparent rhyme or reason, and may or may not change back. For this reason, we no longer recommend it, or use it in our "standard" default settings. The "enhanced" hardware locking slot still uses CPU as a default.
CPU信息:这个选项使用CPU生产商、类型、版本和其他信息进行计算。如果使用一个有序列号的PIII,也将使用于计算。尽管有一个潜在的问题:在某些系统(据报告是普通的),当系统被挂起或进入睡眠状态他会发生改变,或者hooked to到一些硬件(例如a docking station或者充电器);在这种情况下,当系统被重新启动后他将回复到原始代码,或者当原始硬件参数被恢复。在一些这样的系统上我们不推荐他,或者在我们“标准”默认设置使用他。“增强”硬件锁定仍然使用CPU作为默认。
BIOS Information: This option uses the system's BIOS information. It will be the same between different OS versions in the same family, but not between the Win9x family (Windows 95/98/Millennium) and the Windows NT family (Windows NT, 2000, XP, and future versions). The chance of duplication is low between any two random machines, but very high between groups of machines purchased at the same time from the same vendor. Please note that there is a very slight chance that some systems will use part of the BIOS area as RAM, which would lead to the hardware fingerprint changing each time the system is rebooted if this option is selected. Also note that under Windows 2000 and XP it's possible to set programs to use a "compatibility mode" that will effectively tell the program that it's running on a Win9x system, which will change this item.
BIOS信息:这个选项使用系统的BIOS信息。在相同家族的不同的操作系统版本里他将是相同的,但是在win9x家族(Windows 95/98/Millennium)和win2000家族(Windows NT, 2000, XP, 和未来版本)之间是不同的。在任意两台随机的机器之间复制的机会很低,但是在同一个经销商同一时间成批购买的机器之间非常高。请注意有一个非常小的机会,一些系统将使用部分BIOS作为RAM,这将导致硬件指纹改变,每次系统被重新启动,如果这个选项被选择。也要注意在win2000和XP下,可能设置程序使用“兼容模式”将有效地告诉程序他运行在win9x系统,这将改变这个项目。
NetBIOS Name: The NetBIOS name is the "computer name" that a user chooses when installing Windows, if the computer is networked. It is controlled entirely by the user; the only reason it is included here is that there can only be one machine with a specific name on a specific network. Recommended only for programs that must be used on or with a local-area network, where it is guaranteed to be unique. Some versions of Windows assign a NetBIOS name randomly if the user doesn't override it.
NetBIOS Name::NetBIOS名是一个用户安装win时选择的“计算机名”,如果计算机在网络上。他完全由用户控制,被包括在这里的唯一原因是在一个指定的网络里用一个指定的名只能有一台机器。推荐只有当程序必须在一个局域网上使用时,在那里可以保证是唯一的。一些版本的win随即赋予一个NetBIOS名,如果用户没有覆盖他的话。
DOS HD Serial Number: This uses the DOS serial number of the C drive, which changes (under normal circumstances) only when the drive is reformatted. Used by many simple key systems, but can easily be changed by any user with minimal technical knowledge, using readily available third-party software. Programs like Norton Ghost duplicate the contents of a hard drive, including the DOS serial number.
DOS HD序列号:这是用C盘的DOS序列号,(通常环境下)只有当驱动器被重新格式化时才会改变。被许多简单的密匙系统使用,但是能被任何具有最小技术知识的用户容易改变,使用第三方软件。像Norton Ghost一样的程序复制硬盘驱动器的内容,包括DOS序列号。
Hard Drive Size / Geometry: Under the Windows NT family (Windows NT, 2000, XP, and future versions), this uses the number of cylinders, heads, sectors, and other details of the first physical hard drive, and cannot be changed except by changing the hard drive type in the system's BIOS (which almost always necessitates repartitioning, reformatting, and reinstalling the operating system as well). Under the Win9x family (Windows 95, 98, and Millennium) it is impossible to get this information accurately, so SoftwarePassport/Armadillo simply uses the total size of the hard drive instead, which can be changed by programs like PowerQuest's PartitionMagic, or by repartitioning the drive (which would necessitate reformatting and reinstalling the operating system as well). Also note that, like the BIOS Information item above, under Windows 2000 and XP it's possible to set programs to use a "compatibility mode" that will effectively tell the program that it's running on a Win9x system, which will change this item.
硬盘大小/几何:在winnt家族下(Windows NT, 2000, XP, and future versions),,这个选项使用第一物理硬盘的柱面,磁头,扇区数和其他细节,不能被改变除非在系统BIOS里改变硬盘类型(几乎总是同时需要重新分区、重新格式化、重新安装操作系统)。在win9x家族下(Windows 95, 98, and Millennium)要精确地获得这个信息是不可能的,因此SoftwarePassport/Armadillo只是简单的使用硬盘尺寸的总数,这个可以被改变通过类似PowerQuest's PartitionMagic, 的程序,或者通过重新分区硬盘(也需要出重新格式化和重新安装操作系统)同时注意,像是上边的BIOS信息项目,在win2000和XP下,可能设置程序使用“兼容模式”将有效地告诉程序他运行在win9x系统辖,这将改变这个项目。
S.M.A.R.T. IDE HD Serial Number: IDE hard drives made in the last few years use the S.M.A.R.T. system, and have a guaranteed-unique serial number which cannot be changed. With this option selected, SoftwarePassport/Armadillo will use the serial number of the first physical hard drive (the primary master drive) in the hardware fingerprint. There are a few drawbacks:
S.M.A.R.T. IDE HD序列号:在过去的几年制造的IDE硬盘驱动器使用SMART系统,有一个保证唯一的不能被改变的序列号。使用这个选项,SoftwarePassport/Armadillo将使用第一物理硬盘(主硬盘)的该序列号在硬件指纹里。有一些缺点:
• Many older IDE hard drives (and all SCSI drives) do not support it;
许多旧的IDE硬盘(何所有的SCSI硬盘)不支持;
• It is not available under the original retail version of Windows 95 (it was added in OEM Service Release 2, a.k.a. "Win95B");
在原始零售的win95版本不提供(在OEM SR2 中增加)
• We've had a report that some controllers will block SoftwarePassport/Armadillo from retrieving it; and
我们收到一个报告,一些控制器阻止SoftwarePassport/Armadillo找回IDE HD序列号。
• Some other RAID controllers will report the S.M.A.R.T. serial number, but select one of the drives attached to them randomly each time the serial number is requested. (SoftwarePassport/Armadillo has code that should prevent this in almost all cases.) 一些其他的RAID控制其将报告S.M.A.R.T.序列号,但是每次请求序列号时随机选择一个连接的驱动器。
Please note that the first time a SoftwarePassport/Armadillo-protected program using this option is run under Windows 98 or Millennium, SoftwarePassport/Armadillo will probably need to ask the user to reboot before using your program (Win95B and Win95C load the necessary driver by default; the Windows NT family does not need it).
请注意,使用SoftwarePassport/Armadillo保护的程序使用这个选项时,在win98下第一次运行时,oftwarePassport/Armadillo将可能要求用户重新启动在使用程序之前。(win95b和win95c默认加载必需的驱动,winNT系列不需要)。
Network Card MAC Address: This will attempt to use the MAC address of the first physical network card on the system. The MAC (Media Access Control) address of a physical network card is usually guaranteed to be unique, and cannot be changed under normal circumstances, making it ideal for hardware locking purposes. However, some "virtual network cards" give the user the option to change the MAC addresses. SoftwarePassport/Armadillo will recognize and ignore the most common virtual network cards.
网卡MAC地址:这将尝试使用系统上第一物理网卡的MAC地址。一个物理网卡的MAC地址通常保证是唯一的,在正常情况下不能被改变,用来做硬件锁是理想的。然而,一些“虚拟网卡”给用户改变MAC地址的选项。SoftwarePassport/Armadillo将识别和忽略最通用的虚拟网卡。
Size of Physical Memory: This uses the amount of physical RAM installed in the system, rounded to the nearest power of two. It can't be changed except by physically adding or removing memory, so it's a good indicator, but like the CPU Information, many machines will share the same values.
物理内存的尺寸:这个选项使用安装在系统上的物理RAM的容量,rounded to the nearest power of two.他不可能改变除非物理增加或者移除内存,因此他是一个很好的指示器,但是就像CPU信息,很多机器将共享相同的数值。
Random Number: This simply uses a randomly-generated 32-bit number. Not recommended for general use; this is the mechanism used to change the hardware fingerprint when the user uninstalls or transfers a hardware-locked key.
随即数:这个选项简单的使用一个随机生成的32位数。一般不建议使用;这是用于改变硬件指纹的机构,当用户卸载或者转移一个硬件锁密匙时。
Troubleshooting Changing Hardware Fingerprints 改变硬件指纹产生的故障(麻烦)
Hardware locking is very important for some programs, but in the past, when something went wrong with it, you had to rely on the user to tell you what happened. Oftentimes the user was honest, and there was a real problem, but sometimes he was just trying to get a key for a different computer, and there simply wasn't enough information to determine which case was which.
硬件锁对一些程序来说是非常重要的,但是在过去,当关于他发生一些问题,你不得不易来用户告诉你发生了什么。时常地用户是诚实的,有一个真实的问题,但是有时他只是尝试为一台不同的电脑获得一个密匙,而没有足够的信息来确定是发生了那种情况。
As of Armadillo 3.05, that has changed. SoftwarePassport/Armadillo can now provide you with a change-log to tell you exactly what has changed in the hardware fingerprint, and when.
作为Armadillo 3.05,情况改变了。当改变时,SoftwarePassport/Armadillo现在可以提供给你一个改变日志来确切地告诉你在硬件指纹里什么改变了,
Getting the Change-Log 获取改变日志
There are several ways to get the change-log for a particular computer. One is to call ArmAccess.DLL's WriteHardwareChangeLog() function from within your protected program on the affected machine. If you don't have that capability already built into your program, you can ask the user to run your program with the HWCHANGELOG command-line option. Or, if he has access to either the Enter Key or Invalid Key dialogs, you can ask him to get to that dialog, then hold down the SHIFT key while pressing the on-screen Cancel button. In the first case, you provide it with a filename and location to write the file; in the others, it will prompt the user for one, defaulting to your program's path and filename with the extension AHCL (Armadillo Hardware Change Log). In all cases, you then need to have the user send you that file.
对一个具体的计算机来说有几种方法来获得改变日志。一个是在受影响的机器上从你的被保护程序里调用ArmAccess.DLL's WriteHardwareChangeLog()函数。如果你的程序没有内建这个能力,你可以要求用户使用命令行选项HWCHANGELOG运行你的程序。或者,如果他有权使用输入密匙或者无效密匙对话框,你可以要求他打开那个对话框,然后按下SHIFT和时点击屏幕上的Cancel取消按钮。第一种情况,你提供给他一个文件名和位置来写入那个文件(改变日志)。;其他情况下,将提示给你的用户一个默认的到你的程序的路径和扩展名为AHCL (Armadillo Hardware Change Log)文件名,所有情况下,你需要用户发送那个文件给你。
Interpreting the Change-Log 解释改变日志
However you get the file, you need to interpret it, using the "Show Hardware Change Log..." item under the File menu.
尽管你获得了那个文件,你需要解释他,使用文件菜单下的"Show Hardware Change Log..."项目。
If the hardware fingerprint has changed since the user first reported it to you, you can look at this information and see which components have changed, and the date they changed on. If nothing has changed between the date the user first reported it to you and now, then he has either uninstalled/transferred the program (that won't show up in the log, but will change the hardware fingerprint), or is trying to get a key for a different system.
自从用户第一次报告给你以后如果硬件指纹发生改变,你可以查看这个信息并看是那个组成部分发生改变,和改变的日期。如果在用户第一次报告给何现在之间没有发生改变,那么他卸载或者转移(转让)了程序(这些不在日志里显示,但是将改变 硬件指纹),或者尝试为一个不同的系统获取密匙。
The change-log does not, and cannot, tell you the actual hardware fingerprint for the system. That varies depending on the settings for a particular program. It also won't tell you the random-number portion, since that is also program-specific. But it will tell you, in general terms, about the hardware itself -- the value of each separate item when the program (protected with Armadillo 3.05 or later) was first installed, what has changed since then, and the date that it changed on. The change-log is shared between all SoftwarePassport/Armadillo-protected programs, so it might reflect information from before your program was installed.
改变日志不也不能告诉你系统的实际硬件指纹。那些改变依赖于一个特地的程序的设置。他也不告诉你随机数的部分,应为那个也是程序特有的。但是他将告诉你,概括地,关于硬件自己―每个单独项目的值当程序(用arm3.05或以后的保护)被第一次安装时,从那以后什么发生了改变,和改变的日期。改变日志在所有SoftwarePassport/Armadillo保护的程序之间共享,因此他能反映你的程序安装之前的信息。
Stolen Codes Database 被盗注册码数据库(公开的注册码数据库)
Sometimes even the best registration systems miss. You have provided someone with a permanent registration code, then find out that they were using a stolen credit card; someone gets a registration and posts it on the Internet; etc. The Stolen Codes database provides a means of protecting yourself from these mishaps; a stolen registration code does not have to mean all your work is lost. By entering it in the database (under the Protection menu), these codes can be selectively invalidated, without affecting your legitimate users.
有时即使是最好的注册系统也会失误。你提供给一些人一个永久的注册码,然后发现他们使用一个偷来的信用卡;一些人获得一个注册码并把他放在网络上;等等。被盗注册码数据库提供了一个方法保护你防止这些灾祸;一个被盗注册码数据库不意味着你的所有工作失败。通过输入他到数据库(在保护菜单下),这些注册码能被选择为无效,不影响你的合法用户。
To enter a code into the database, just list it with a comment. Anyone currently using it will find that it's invalid in all future versions, and future cracker-wannabes using the code will discover that it fails to work.
输入一个注册码到数据库,只是用一个注释列出他。当前使用他的任何人将发现在所有未来的版本里他(该注册码)是无效的。并且后来的喜欢破解的人使用该注册码将发现是无效的。
Note that the code you enter must be exactly the same as the one issued. Since SoftwarePassport/Armadillo will not generate the same code on a different day; you should use the Key Log to find the code that you wish to invalidate, if you do not already know it.
注意:你输入的那个注册码必须和那个发布的完全一样。因为SoftwarePassport/Armadillo在不同的日期不会生成同样的注册码;如果你还不知道这个问题话,你应该使用密匙日志找到那个你想使无效的那个注册码。
Security Certificates 安全认证
A SoftwarePassport/Armadillo security certificate is like a door into your program. If most programs can be likened to an unlocked building where anyone can just walk in and help themselves, then a SoftwarePassport/Armadillo-protected program is more like an exclusive private club, where all the doors are locked and guarded, and non-members -- if they're allowed in at all -- are forced to use the public entrance where the staff can keep an eye on them and make sure they don't over-stay their welcome. (A more complete discussion of keys and certificates can be found in the FAQ.)
一个arm安全认证就像进入你的程序的一个大门。如果大多数程序可以比喻成一个没有锁的建筑,任何人可以进入并做其想做,那么一个SoftwarePassport/Armadillo保护的程序更像一个高级的私人俱乐部,所有的门被锁定和被看守,没有人-- 如果他们被允许-- 被强迫使用公共入口,在那里职员能密切注视着他们确保他们不能逗留太久。(在FAQ里可以找到一个更完整的关于密匙和证书讨论。
Like a physical door, these entrances to your program can let certain people (the ones with the right key) enter. Unlike physical keys, SoftwarePassport/Armadillo keys can be set to expire by your choice of criteria (date, days after first use, number of uses, etc). Only those who pay for your work get the Gold Key: the unlimited, unrestricted pass to the private members-only entrance.
就像是一个生活中的门,这些进入你的程序的入口可以让确定的人(拥有正确的密匙)进入。不像生活中的钥匙,SoftwarePassport/Armadillo密匙可以设置终止通过你选择的标准(确定的某个日期,第一次开始使用的天数,使用的次数等)。只有那些购买了你的程序的人可以得到金钥匙:无限制的、自由的进入到该私人会所―只是进入。
Encryption Template 加密模板
The encryption template is a word or phrase of your choice which will be used to protect this certificate.
加密模板是你选择的一个单词或者短语将被用来保护这个证书。
This is a very important field. The encryption template is a word or phrase you choose which will be used to protect this certificate. It should be something that no one else could guess, but that you can easily remember (or keep written down in a secure place) in case you ever need to re-create the project. It is locked once you create a certificate, to prevent accidental changes.
这是一个非常重要的区域。加密模板是你选择的将被用来保护这个证书的一个单词或者短语。他应该是别人猜不到的,但又是你容易记住的(或者写在一个安全的地方)在你任何时候需要重建工程的时候。一旦你创建了一个证书他将被锁定,防止意外的改变。
The encryption template must be kept secret! If anyone gets or guesses the word or phrase you enter here, they can create as many keys as they want for your program. Without this information, it would be much harder to crack your program; something like the difference between opening a lock with the key and opening it in the dark with a flashlight and a hairpin.
加密模板必须保持保密!如果任何人获得或猜出你在这里输入的单词或者短语,他们可以为你的程序创建任意多的密匙。没有这个信息,破解你的程序将是非常困难的;就像是用钥匙打开一把锁和黑暗中使用一个手电筒和发卡打开锁的区别。
We recommend that you use a phrase rather than a word, and include numbers or symbols as well as letters to make it more difficult to guess. Spaces will be ignored, and upper- or lower-case doesn't matter. Each character you include will add approximately six bits to the brute-force attack difficulty, so we recommend using a minimum of twenty characters (you can use up to 255 characters).
我们建议你是使用一个短语胜于一个单词,并包括数字和符号和字母使他更难于猜测。空格将被忽略,不考虑大小写字母。你包括的每个字符将使暴力破解增加近似6位数的难度,因此我们建议使用最少20位字符(你最多可以使用255个字符)。
Although SoftwarePassport/Armadillo can handle any characters that Windows can, certain characters (such as the quotation mark, the percent symbol, and various "international" characters) can cause problems with certain third-party registration systems. If you use such a system, or ever intend to, we recommend you stick to standard ASCII characters to avoid these potential problems.
尽管SoftwarePassport/Armadillo能处理Windows的任何字符,某些字符(例如引号、百分号和各种各样的国际符号)会导致问题在某些第三方注册系统。如果你使用这样的系统,或者打算用,我们建议你使用标准ASCII字符避免这些潜在的问题。
Note that you cannot use the same encryption template for more than one certificate in the same project, and that the template "DEFAULT" is reserved for the default certificate.
注意:你不能在相同的工程里为多于一个证书使用相同的加密模板,模板"DEFAULT"保留为默认证书。
For more information, see the Encryption Template Overview and the Default Certificate.
更多信息,看加密模板概述和默认证书。
Environment Strings 环境字符串
The additional strings you specify here will let you pass additional information to your program about the security certificate in use. These strings are passed to your program by way of the system environment variables, so your program should be able to access them easily no matter what programming language you use. For more information, see Using the Environment Strings Feature.
你在这里指定的额外的字符串将使你传递额外的信息到你的程序关于使用的安全证书。这个字符串被传递到你的程序通过系统环境变量,因此你的程序应该能够容易地访问他们不管你使用什么程序语言。更多信息,见使用环境字符串功能。
Secured Sections 安全段
For a long time, shareware developers have considered it safest to distribute "demo" versions of their programs, and ship separate, "full" versions when customers purchased. When programs were distributed only on disk, by mail, this made sense; there was no point in shipping the full version when someone could "crack" it and steal the program. Now the Internet has changed all that -- customers want to have the full version instantly, and they don't want to spend the time downloading another copy of your program when it's almost the same as the demo version they already have.
长期以来,共享软件开发者考虑他是最安全的,即发布他们的程序的demo版,并当用户购买后单独传送完整版。当程序只通过光盘、邮件发布时,这是有意义的。没有point在传送完整版本党某些人能破解他和盗取该程序。现在因特网改变了所有这些―用户想立刻获得完整版,他们不想浪费时间下载你的程序的另一个副本,当他几乎和他们已经拥有的demo版本一样时。
With the Secured Sections feature of SoftwarePassport/Armadillo, you can now have the security of a separate demo version, and still provide your customers with instant access to the features of the full version! The Secured Sections are encrypted separately, each with its own unique encryption key. Even if someone manages to strip the SoftwarePassport/Armadillo shell off of the program, your Secured Sections won't be included without a key that permits access to them.
使用SoftwarePassport/Armadillo的安全段功能,你现在可以有一个单独的demo版本的安全,并仍然提供给用户立即有权使用完整版本的功能。安全段被单独加密,每个用他自己的唯一的加密匙。即使如果某些人设法脱去程序的SoftwarePassport/Armadillo外壳,你的安全段不会包括如果没有一个允许访问他们的密匙。
Note: At present, Secured Sections will only work with Microsoft Visual C/C++, Borland C/C++, Borland C++ Builder, Delphi, and Visual BASIC 6. Other versions of C/C++ compilers should also work, but may require some alterations to the SecuredSections.h header file. Other versions of Visual BASIC may work, but we cannot guarantee it. Other development systems can be supported, if they give you some way to embed assembly code or raw bytes in your program; please contact us for further information.
注意:目前,安全段只工作在Microsoft Visual C/C++, Borland C/C++, Borland C++ Builder, Delphi, and Visual BASIC 6.其它版本的C/C++编译器也可以工作,但是可能需要对SecuredSections.h头文件进行一些改造。其他版本的Visual BASIC可能工作,但是我们不能保证。其他开发系统能被支持,如果他们给你一些方式来内嵌 汇编代码或者raw字节 到你的程序,请联系我们获取更多信息。
Also note: This is an advanced feature of SoftwarePassport/Armadillo, and should only be attempted by fairly knowledgeable program authors. We can provide only limited help if this feature doesn't work as you intend; complete help could require (in order of increasing difficulty) your program's SoftwarePassport/Armadillo project file (the *.ARM file), your unprotected program, the source code for your program, and possibly access to the same version of compiler as you're using.
同样注意 :这是SoftwarePassport/Armadillo的一个高级功能,并应该只被有相当知识的程序作者尝试使用。我们可以提供有限的帮助如果这个功能并不像你想要的那样工作时。完整的帮助可能需要(为了增加难度)你的程序的SoftwarePassport/Armadillo工程文件(the *.ARM file),你的未保护程序,你的程序源代码,和可能有权使用的相同版本的编译器像你正使用的。
Using Secured Sections: The Basics 使用安全段:基本
To use a Secured Section in your program, you simply add "markers" around the sections you want to secure, and then tell SoftwarePassport/Armadillo which certificates have access to those sections. The markers are different for every language; please see below for the descriptions for C/C++, Delphi, and Visual BASIC. We recommend you at least glance at all of the examples, even the ones for languages you don't use; each one shows different aspects of Secured Sections.
要在你的程序里使用安全段,你只是在你想保护的段周围增加"markers",然后告诉SoftwarePassport/Armadillo那个证书有权使用这些段。每种语言的标记是不同的;请看下边的相应C/C++, Delphi, and Visual BASIC的描述.我们建议你至少浏览所有的例子,即使你不使用的那个语言的例子;每个显示安全段的不同的样子。
It is best to mark either single statements or entire logical groups, i.e. sections separated by beginning and ending braces ('{' and '}') in C, or Begin/End statements in Delphi. There are no limitations to the kind or size of section you can use, except that a secured section cannot be nested within another; SoftwarePassport/Armadillo will complain of unmatched section markers if you try it.
最好是标记或者单个申明或者整个逻辑groups,等等,段通过开始和结束花括号分离在C里,或者Begin/End申明在Delphi里。你可以使用的段的种类和尺寸没有限制,除了一个安全段不能嵌套在另一个内;SoftwarePassport/Armadillo将抗议不匹配的段标志,如果你尝试的话。
Jumping into (or out of) a secured section is safe; the code is actually replaced with the assembly-language "no operation" instruction (NOP), so jumping into it when it's not there will simply cause the program to continue after the SECUREEND marker. It is also safe to use these sections if your program isn't yet protected (for testing, etcetera); the marker code is designed to be transparent to the program, it will simply appear as if all the secured sections are available.
跳入或者跳出一个安全段是安全的;代码实际上被汇编语言的NOP指令替换,因此当他不在那里而跳入他时将只是使程序在SECUREEND标记后继续。如果你的程序还没有保护使用这些段也是安全的(为了测试等);标记代码的设计对程序来说是透明的,他将是可见的好像所有的安全段可用。
SoftwarePassport/Armadillo permits up to twelve different groups of Secured Sections (not twelve sections; you can have as many sections as you like). Most people will only have need of a single group, unless you're designing a program that will have multiple versions.
SoftwarePassport/Armadillo最多允许12组不同的安全段(不是12个段,你可以设置任意数量的段)。多数人将只需要一个组,除非你在设计一个将有多个版本的程序。
Once the sections are marked, you simply tell SoftwarePassport/Armadillo which certificates have access to those sections. To do this, call up the Edit Certificate window for a certificate; on it, you will see a page marked Secured Sections Permitted. Simply place a check in the boxes corresponding to the groups you want to allow access. If the user has a key that doesn't allow access to a group, all the sections marked with that group simply won't exist for him.
一旦段被标记,你只要告诉SoftwarePassport/Armadillo那个证书可以访问这些段。要这样做,打开一个证书的编辑证书窗口;在上边,你将看到一个页标记为安全段允许。只要在你想要访问的相应的组的框中勾选。如果用户有一个密匙不允许访问一个组,那个组的所有的段标记对他来说是不存在的。
Note: If you use ArmAccess.DLL's functions to let your user enter a key, then the user must exit and restart the program before the Secured Sections will become available.
注意:如果你使用ArmAccess.DLL的函数来让你的用户输入一个密匙,然后用户必须退出并重新启动程序,在安全段变得可用之前。
The following suggestion is based on information contributed by Michael Pederson (thanks, Michael!):
下边的建议给予Michael Pederson提供的信息(感谢Michale)
If you use Secured Sections, you may have problems with optimizations. The compiler doesn't know about the Secured Sections, so it will try to optimize the code, and will probably end up causing problems.
如果你使用安全段,你或许会有一些优化上的问题。编译器不知道安全段,因此他将尝试优化该代码,并将或许导致问题。
There are a couple ways around this problem. The first is to turn off optimizations, either completely or selectively (if possible; a description of how to do this is far beyond the scope of this file, please see your compiler's documentation). The second is to use the "meaningless if statement."
有2个方法可以绕过这个问题。第一个是关闭优化,完全地或者有选择地(如果可能;如何做的描述超出本文范围,请参考你的编译器文档)。第二个是使用“无意义的if申明”。
Effectively, you just need to make an 'if' statement around the stuff you're securing. That will tell the compiler that the section may be skipped (which is what it does, after all), and so not to put any code in there that is required by the rest of the program.
有效地,你只需要做一个if声明在你要保护的素材周围。那将告诉编译器该段可以跳过(这就是他要做的,毕竟),并且因此不要放置程序其余部分需要的任何代码在那里。
There are only a couple tricks to using this. The first one is to find a test that will always be true, but that the compiler won't know is always true -- otherwise it may optimize the if statement right out of the code. If you're using C++, comparing a 'this' pointer to NULL will do it -- it's never true in operation, but it can't be optimized away because the compiler doesn't know that. In other languages, you might use an address that can only be valid or NULL, and compare it to something like 0xFFFFFFFF (technically a valid address, but in practice it's not used).
使用这个只有2个窍门。第一个是找到一个总是true的测试,但是编译器不知道他总是true―否则可能优化if申明而被优化出代码。如果你使用C++,比较一个‘this’指针和NULL将实现-- 在操作上他决不为true,但是他不能被优化掉,因为编译器不知道。在其他语言,你可能使用一个只能是有效或空的地址,并同某些类似0xFFFFFFFF的东西相比较(技术上是一个有效地址,实际上没有被使用)。
The second trick is to put the SECUREBEGIN/SECUREEND statements within the 'if' statement. For example:
第二个窍门是放置SECUREBEGIN/SECUREEND申明在if声明内,例如:
if (buffer!=(const char *)(0xFFFFFFFF)) {
SECUREBEGIN;
/* Do secured stuff here */
SECUREEND;
};
This ensures that the compiler understands what parts of the code can be skipped. If you place the SECUREBEGIN/SECUREEND statements outside the if, the compiler might still arrange things in such a way that some statements are in the Secured Section that shouldn't be. Please note, very simple code (such as incrementing a local variable) might still be rearranged out of the Secured Section by the compiler (thanks and apologies to Mario Lavallière for letting us know about this).
这确保编译器了解哪部分代码能被跳过。如果你放置SECUREBEGIN/SECUREEND申明在if外,编译器或许仍然以一些声明应该是在安全段里的这样一种方式来处理事情。
More on Secured Sections 更多内容
In the following sections, you can learn about applying Secured Sections using various programming languages:
在下边的部分你可以学习使用各种程序语言应用安全段:
• C or C++
• Delphi
• Visual BASIC
• PowerBasic
Using Secured Section Markers With C or C++
在C或C++里使用安全段标记
C (and by extension C++) was designed for low-level access, making it very easy to "mark" a section. Simply copy the SecuredSections.h file (provided with SoftwarePassport/Armadillo, in the SecuredSections\C directory under the main SoftwarePassport/Armadillo directory) to your "include" directory (or your program directory, if you wish), include it, and use the macros that it defines (SECUREBEGIN and SECUREEND) around the sections of code that you want to mark. For example, in the following console-mode program, the first and last lines will always be printed, but the middle ones will only appear if the appropriate SECUREBEGIN group is enabled:
C或C++ 设计为低级别的访问,使其非常容易标记一个段。简单的复制SecuredSections.h文件(由SoftwarePassport/Armadillo提供,在主SoftwarePassport/Armadillo 目录下的SecuredSections\C 目录)
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "SecuredSections.h"
void main(void) {
printf("This is a test program.\n");
SECUREBEGIN;
printf("This line will only be printed if the SECUREBEGIN group is active.\n");
SECUREEND;
SECUREBEGIN_A;
printf("This line is only active when the SECUREBEGIN_A group is.\n");
SECUREEND;
SECUREBEGIN;
printf("Notice that you can have multiple secured sections in each group!\n");
SECUREEND;
printf("End of test!\n");
};
You can also use SECUREBEGIN_A, SECUREBEGIN_B, or SECUREBEGIN_C in place of SECUREBEGIN. These mark the different "groups" of sections. You can use SECUREEND on any and all of these, although we define SECUREEND_A etcetera as well.
你也可用使用SECUREBEGIN_A, SECUREBEGIN_B, or SECUREBEGIN_C代替SECUREBEGIN.这些标记段的不同的组。你可以使用SECUREEND在任何或所有这些,尽管我们也定义SECUREEND_A等等。
Using Secured Section Markers With Delphi
Dephi里使用安全段标记
Delphi wasn't designed for low-level access, but it permits it if necessary. To mark a Secured Section in Delphi, you use the *.inc files included with SoftwarePassport/Armadillo (in the SecuredSections\Delphi directory, under the main SoftwarePassport/Armadillo directory). To use them, you need to include them in the program with the $I construct, for example:
Dephi不是设计为低级别的访问,但是他是允许的如果需要的话。要在Dephi里标记一个安全段,使用包括在SoftwarePassport/Armadillo里的*.inc文件(在主SoftwarePassport/Armadillo目录下的SecuredSections\Delphi目录)。要使用它们,你需要用$I结构把它们包括在程序里,例如:
{$I SecureBegin.inc}
{ insert secured code here }
{$I SecureEnd.inc}
You may have to supply a path as well as the filename. We have provided files for each of the SecureBegin/SecureEnd markers. As with the equivalents in the other languages, SecureEnd.inc can be used with any and all of the SecureBegin* files, although we have provided SecureEnd_A.inc etcetera as well.
你可能不得不提供一个路径,就像是文件名一样。我们已经为每个SecureBegin/SecureEnd标记提供了文件。作为和其他语言里相同的,SecureEnd.inc能和任何或所有SecureBegin*文件使用,尽管我们也提供了SecureEnd_A.inc等。
ZHU ZHILIN reports that you can use optimizations in your program, but disable them around functions that use Secured Sections, by putting {$O-} and {$O+} around the function. This may remove the need for the "meaningless if" statement mentioned previously.
ZHU ZHILIN报告说:你能在你的程序里使用优化,但是对使用安全段的周围的函数禁用优化,通过在函数周围放置{$O-} and {$O+}。这或许移除前边提到的“无意义if”申明的需要。
Using Secured Section Markers With Visual BASIC
VB里使用安全段标记
Visual BASIC is not designed for low-level access, and has no language constructs that allow it. Fortunately, it does permit calls to a DLL; that is the method that we've chosen to use for SoftwarePassport/Armadillo, as the easiest one for your use.
VB不是设计为低级别的访问,没有语言结构允许他。幸运的是,他允许调用DLL;这就是我们选择的用来使用SoftwarePassport/Armadillo的方式,也是你使用的最简单的。
To mark a Secured Section in Visual BASIC, you must first include the following lines in one of your program's Module files, exactly as shown:
要在VB里标记一个安全段,你必须首先包括下边的行在你的程序的模块文件里,像下边的这样:
Declare Sub SECUREBEGIN Lib "ArmAccess.DLL" ()
Declare Sub SECUREBEGIN_A Lib "ArmAccess.DLL" ()
Declare Sub SECUREBEGIN_B Lib "ArmAccess.DLL" ()
Declare Sub SECUREBEGIN_C Lib "ArmAccess.DLL" ()
Declare Sub SECUREBEGIN_D Lib "ArmAccess.DLL" ()
Declare Sub SECUREBEGIN_E Lib "ArmAccess.DLL" ()
Declare Sub SECUREBEGIN_F Lib "ArmAccess.DLL" ()
Declare Sub SECUREBEGIN_G Lib "ArmAccess.DLL" ()
Declare Sub SECUREBEGIN_H Lib "ArmAccess.DLL" ()
Declare Sub SECUREBEGIN_I Lib "ArmAccess.DLL" ()
Declare Sub SECUREBEGIN_J Lib "ArmAccess.DLL" ()
Declare Sub SECUREBEGIN_K Lib "ArmAccess.DLL" ()
Declare Sub SECUREEND Lib "ArmAccess.DLL" ()
Declare Sub SECUREEND_A Lib "ArmAccess.DLL" ()
Declare Sub SECUREEND_B Lib "ArmAccess.DLL" ()
Declare Sub SECUREEND_C Lib "ArmAccess.DLL" ()
Declare Sub SECUREEND_D Lib "ArmAccess.DLL" ()
Declare Sub SECUREEND_E Lib "ArmAccess.DLL" ()
Declare Sub SECUREEND_F Lib "ArmAccess.DLL" ()
Declare Sub SECUREEND_G Lib "ArmAccess.DLL" ()
Declare Sub SECUREEND_H Lib "ArmAccess.DLL" ()
Declare Sub SECUREEND_I Lib "ArmAccess.DLL" ()
Declare Sub SECUREEND_J Lib "ArmAccess.DLL" ()
Declare Sub SECUREEND_K Lib "ArmAccess.DLL" ()
This defines the functions so that your program can use them. Once you've done this, it's simply a matter of "calling" the functions to mark the area(s) that you want to mark, as shown in the following program fragment:
这定义了函数,因此你的程序能使用他们。一旦你完成这些,调用函数来标记你想要标记的区域是简单的,就像下边的程序片断显示的:
'The instructions between SECUREBEGIN and SECUREEND
'will only be executed when that section is available.
Dim PaidFor as Boolean
PaidFor = False
SECUREBEGIN
PaidFor = True
'Do some registered-user only stuff here
SECUREEND
If PaidFor = False Then
MsgBox "Sorry, this function is only available to registered users."
End If
As with the other languages, you can also use SECUREBEGIN_A, SECUREBEGIN_B, or any of the others in place of SECUREBEGIN to mark the different "groups" of sections. You can use SECUREEND on any and all of these, although we define SECUREEND_A etcetera as well.
同其他语言一样,你也可用使用SECUREBEGIN_A, SECUREBEGIN_B任何其他代替SECUREBEGIN.这些标记段的不同的组。你可以使用SECUREEND在任何或所有这些,尽管我们也定义SECUREEND_A等等。
Note: As reported by Francis James, using Secured Sections in Visual BASIC may require you to turn off the Code Optimization (which is on by default). To do this, start up Visual BASIC and load your project. Select the Project menu. At or near the bottom of this menu, there should be a choice for "<project> Properties" (where <project> is the name of your project); select it. On the Project Properties dialog that appears, select the Compile tab, then select "No Optimization". This shouldn't be necessary if you use the "meaningless if" statement mentioned here.
注意:Francis James报告,在VB里使用安全段可能需要你关闭代码优化(默认为打开)。要这样做,启动VB并加载你的工程。选择工程菜单,在菜单底部附近,应该有一个选择"<project> Properties" (<project>是你的工程的名字);选择他。在显示出来的工程属性对话框上,选择编译器tab,然后选择"No Optimization".如果你使用这里提到的“无意义的if”声明,这应该是不需要的。
Note: The functions listed do exist in ArmAccess.DLL, although they are not needed once your program is protected, and they do nothing. This means that you can test your program with Secured Sections before protecting it; it will just act like all of the sections are enabled. Once your program is protected, these functions are NOT used; if you don't call any other functions from ArmAccess.DLL, you don't need to include it with your distribution.
注意:列出的函数存在于ArmAccess.DLL,尽管他们不需要一旦你的程序被保护,他们什么也不做。这意味着你可以在保护之前使用安全段测试你的程序,就像所有可用的段。一旦你的程序被保护,这些函数不能使用;如果你不从ArmAccess.DLL调用任何其他函数,你不需要把他包括在你的发布版本里。
Using Secured Section Markers with PowerBasic
PowerBasic里使用安全段标记
PowerBasic (see http://www.powerbasic.com) permits inline assembly code, so it works well with SoftwarePassport/Armadillo's Secured Sections. All you need to do is include the following in a header file:
PowerBasic (see http://www.powerbasic.com)允许inline汇编代码,因此他和SoftwarePassport/Armadillo的安全段工作很好。所有你需要做的就是包括下边的内容到一个头文件:
Macro SECUREBEGIN = !DB &hEB,&h03,&hD6,&hD6,&h00
Macro SECUREEND = !DB &hEB,&h03,&hD6,&hD6,&hFF
Macro SECUREBEGIN_A = !DB &hEB,&h03,&hD6,&hD6,&h01
Macro SECUREEND_A = !DB &hEB,&h03,&hD6,&hD6,&hFF
Macro SECUREBEGIN_B = !DB &hEB,&h03,&hD6,&hD6,&h02
Macro SECUREEND_B = !DB &hEB,&h03,&hD6,&hD6,&hFF
Macro SECUREBEGIN_C = !DB &hEB,&h03,&hD6,&hD6,&h03
Macro SECUREEND_C = !DB &hEB,&h03,&hD6,&hD6,&hFF
Macro SECUREBEGIN_D = !DB &hEB,&h03,&hD6,&hD6,&h04
Macro SECUREEND_D = !DB &hEB,&h03,&hD6,&hD6,&hFF
Macro SECUREBEGIN_E = !DB &hEB,&h03,&hD6,&hD6,&h05
Macro SECUREEND_E = !DB &hEB,&h03,&hD6,&hD6,&hFF
Macro SECUREBEGIN_F = !DB &hEB,&h03,&hD6,&hD6,&h06
Macro SECUREEND_F = !DB &hEB,&h03,&hD6,&hD6,&hFF
Macro SECUREBEGIN_G = !DB &hEB,&h03,&hD6,&hD6,&h07
Macro SECUREEND_G = !DB &hEB,&h03,&hD6,&hD6,&hFF
Macro SECUREBEGIN_H = !DB &hEB,&h03,&hD6,&hD6,&h08
Macro SECUREEND_H = !DB &hEB,&h03,&hD6,&hD6,&hFF
Macro SECUREBEGIN_I = !DB &hEB,&h03,&hD6,&hD6,&h09
Macro SECUREEND_I = !DB &hEB,&h03,&hD6,&hD6,&hFF
Macro SECUREBEGIN_J = !DB &hEB,&h03,&hD6,&hD6,&h0A
Macro SECUREEND_J = !DB &hEB,&h03,&hD6,&hD6,&hFF
Macro SECUREBEGIN_K = !DB &hEB,&h03,&hD6,&hD6,&h0B
Macro SECUREEND_K = !DB &hEB,&h03,&hD6,&hD6,&hFF
That, and other PowerBasic information, can be found in the Armadillo .inc file (provided by Andrew McKay), which is in the SecuredSections\PowerBasic7 folder under your SoftwarePassport/Armadillo installation directory.
那个和其他PowerBasic信息可以在Armadillo .inc文件里找到(provided by Andrew McKay),在你的SoftwarePassport/Armadillo安装目录的SecuredSections\PowerBasic7文件夹里。
These macros are known to work with PowerBasic 7.0 for Windows.
这些宏与PowerBasic 7.0合作是为win所知的。
Once you've defined these macros, just use them like you would under Visual BASIC (example here.)
一旦你定义了这些宏,使用他们就像你在VB下。
The Default Certificate 默认证书
The default certificate (there can be only one per project) is a special security certificate that uses a fixed encryption template ("DEFAULT"). It is the "public entrance" to your program, where anyone can get in, even without a key -- at least for a little while. This is often used for shareware or demo versions of software, set to expire after a reasonable evaluation period. The default certificate is optional. If you don't create one, then everyone must have a key to use your program.
默认证书(每个工程只能有一个)是一个特殊的证书,使用一个固定的加密模板("DEFAULT").他是你的程序的“公共入口”,任何人可以进入,即使没有密匙-- 至少是一会儿。这经常用于共享或demo版软件,设置终止在一个合理的评估期之后。默认证书是可选的。如果你没有创建一个,那么每个人必须有一个密匙才能使用你的程序。
For a more complete discussion of certificates and keys, please see the FAQ.
证书和密匙的更完整的讨论请看FAQ。
The Expiration Options 终止选项
You can set a security certificate to expire by any one of the following criteria:
你可以设置一个安全证书终止通过下边标准的任何一种:
• Expire a certain number of days after installation (for default certificates, this is counted from the day that the program was first run; for everything else, it's the day that the key was first installed by the user);
安装后一个确定的天数后终止(对于默认证书,这从程序第一次运行那天开始计算;对于其他的,从密匙第一次被用户安装的那天开始计算);
• Expire on a set date;
在一个设定的日期终止
• Expire after a certain number of uses, either counted automatically at program start, or (in the Pro edition only) using the ArmAccess.DLL function IncrementCounter;
使用一个确定的次数后终止,或者在程序启动是自动计数,或者(只在Pro版本)使用ArmAccess.DLL函数IncrementCounter;
• Expire after a certain version;
在一个确定的版本后终止
• Expire after a certain number of days OR a certain number of uses (a combination of the expire-by-days and expire-by-uses (auto-counted) options).
在一个确定的天数或者一个确定的使用次数后终止(一个按天数终止合按次数终止选项的组合)
You can also choose to put the expiration information for certain certificates in the key itself (in the Pro edition).
你也可以选择为确定的证书放置终止信息在密匙里(在pro版本里)。
Note: If you use an expire-by-uses certificate, or store the expiration information in the key, you cannot also put the number of copies to allow in an unsigned key. The key isn't large enough to hold both values. Signed keys are variable-length, and can hold any or all of these values.
注意:如果你使用一个按使用次数终止的证书,或者储存终止信息在密匙里,你不能也放置允许的副本的数量在一个无符号密匙里。密匙不够大以容下放置。有符号密匙是可变长度的,可以容下任何或所有这些值。
The Network Licensing Option 网络许可选项
Please see the FAQ for an in-depth discussion of the capabilities and limitations of this option, both for Peer-to-Peer and Client/Server.
请看FAQ 里关于这个选项的能力和限制的更深层的讨论,在对等网络和客户端/服务器端网络。
Keys 密匙(注册码)
A SoftwarePassport/Armadillo "key" is a string of letters and numbers, sixteen digits or more, divided into groups of four or six digits to make it easier to deal with. A key unlocks a single security certificate, and is inextricably bound to the name of the person it is assigned to (if you provide one). The date it was created is coded into it also, as well as any other info you choose to add.
一个SoftwarePassport/Armadillo "key"是一个字母和数字的字符串,16位或更多,按每4或6位数字分成一组使他更容易处理。一个密匙解锁一个单独的安全认证,并邦定到被赋予的人的名字(如果你提供一个)。他被创建的日期也被编码进去,和你选择增加的任何其他信息一样。
If a key is bound to its owner's name, any key being passed around can immediately be identified, both by you and by the people to whom it is passed. If desired, you can take steps (such as using the Stolen Codes database) to make such keys invalid. A key-checking function is included in SoftwarePassport/Armadillo to let you see all the information encoded into the key, and a key log automatically keeps track of the keys SoftwarePassport/Armadillo generates.
如果一个密匙绑定到他的拥有者的名字,任何密匙被到处传播能被立刻识别出来,被你或者被传递的人。如果想要,你可以执行步骤(例如使用被盗密匙数据库)使这些密匙失效。一个密匙检查函数包括在SoftwarePassport/Armadillo使你查看编码在密匙里的所有信息,并且一个密匙日志自动保持对SoftwarePassport/Armadillo生成的密匙的跟踪。
In the Professional Edition it's possible to make additional keys that simply modify the expiration date, number of copies, or "extra information" in a user's existing key. For information about these Modification Keys, please see here.
在专业版里制作附加的密匙是可能的,只是编辑终止日期、副本数量或者用户的已存在的密匙里的“额外信息”。关于这些编辑密匙的信息请看这里。
Signed versus Unsigned Keys 有符号相对无符号密匙
SoftwarePassport/Armadillo can use a mathematical formula, based on the same concept as public-key encryption, to make bogus "key generators" for your program very difficult to create (please see Designing Your Program's Defenses for more information on common attacks against your program). These "signed keys" are longer than the unsigned keys which were the only ones available in older versions of Armadillo, but they have some drawbacks as well, as shown here:
SoftwarePassport/Armadillo可以使用一个数学公式,基于一些概念像公共密匙加密,使你的程序的"key generators"非常难于创建。(请看设计你的程序防护更多信息关于普通攻击相对你的程序)。这些有符号密匙比无符号密匙长,只在旧版本的Armadillo里提供,但是他们也有一些缺点,如下:
Signed Keys有符号密匙
Variable length, twenty-four digits minimum at Level 1
可变长度,在Level 1最小24位。
Can contain any or all pieces of information in the key (expiration data, number of copies, and extra info)
可以包含任何或者所有信息到密匙里(终止数据、副本数量和额外信息)
Cannot be TRANSFERred without the assistance of the author
不能转移如果没有作者的帮助
Security is based on both the secret key and a mathematical construct, making such keys difficult to impossible to forge; the information used to create the construct CANNOT be learned from anything but the encryption template you select, or a brute-force attack
安全基于加密匙和数学结构,使得这样的密匙难于伪造;用于创建结构的信息不能从任何事情被学习除了你选择的加密模板,或者一个暴力破解。
Unsigned Keys无符号密匙
Fixed length, sixteen digits 固定长度,16位。
Can only contain one piece of information in the key: expiration data, number of copies, or extra info
只能包含一片信息在密匙里:终止数据、副本数量或者额外数据。
Used with hardware locking, can be TRANSFERred to another computer by the user without any contact with the author (if the author permits)
使用硬件锁,不能被用户转移到另一台计算机,如果没有与作者的联系(如果作者允许)。
Security based solely on a secret key, which can be learned from a valid key for that certificate
安全单独基于一个加密匙,可以从那个证书的一个有效密匙学习。
Key Signature Levels 密匙签名级别
At Signature Level 1, SoftwarePassport/Armadillo creates keys that are at least twenty-four digits long, or four groups of six digits each. Every additional level adds more digits, and makes "cracking" the key (finding the information to allow the cracker to create false keys that SoftwarePassport/Armadillo cannot detect) harder.
在签名级别1,SoftwarePassport/Armadillo创建密匙最少24位长度,4组,每组6位。每个增加的级别增加更多的位,并使破解密匙(找到信息允许破解者创建错误的SoftwarePassport/Armadillo不能检测的密匙)更难。
Version 2 keys were limited to a maximum signature levels of 4; v3 keys can be up to level 9. We recommend using the ShortV3 key system, which supports "nameless" key and can go up to level 10 -- at level 10, it is proof against almost any attack (the lower levels, and the earlier key systems, can be attacked by someone with enough cryptographic knowledge and a purchased or stolen key for your program, though this is still very difficult).
版本2密匙被限制到最大签名级别4 ,v3密匙能到支持到级别9 。我们建议使用ShortV3密匙系统,他支持无名密匙并能支持到级别10―在级别10,他被证明可以防止几乎任何攻击(低级别的和早期的密匙系统能被某些具有足够密码学知识和一个购买或偷来的你的程序的密匙的人破解,尽管这仍然非常难。