Deployment when using the Instant Protection PLUS 3 DLL

Protected applications are typically deployed using an installer, which is typically created by a third-party tool. If you have any questions about how to implement the necessary deployment steps outlined below in your application's installer, refer to the manual for the installer software you are using, or contact the vendor responsible for it.

Dependency Files

When using the Instant Protection PLUS 3 DLL, there are certain files which must be distributed with your application:

Deploying the Instant Protection PLUS 3 DLLs

After installing Instant Protection PLUS 3 on your computer, you will find the Instant Protection PLUS 3 DLL files (IP2Lib32.DLL and IP2Lib64.DLL) in the Instant PLUS installation directory. Your application's installer (which is typically created by a third-party tool) will need to be configured to include these files from this location and install them to the appropriate locations on the target computer.

Deploying the DLLs to the Application Directory

Installing the IP2Lib32.DLL and IP2Lib64.DLL files in your application's installation directory is strongly recommended, as it is the most effective way to prevent potential version conflicts. If you allow installation of your application to user-specific locations or portable storage locations, then this has the added benefit of working with those types of installations.  If you are protecting a DLL or a plug-in/add-in, then the Instant Protection PLUS 3 DLLs would either need to be installed in the directory where the application that loads your DLL or plug-in/add-in is located, or they would need to installed to the system directories.

Deploying the DLLs to the System Directories

When you are protecting a DLL, or a plug-in/add-in for another application (such as an AutoCAD plug-in, a Microsoft Office add-in, or a Microsoft Office document such as an Access database or an Excel spread sheet), then it is typically best to install the Instant Protection PLUS 3 DLLs to the appropriate system folders. Most tools used to create installers will automatically pick the correct paths for you.

On 32 bit versions of Windows, simply deploy the IP2Lib32.DLL file to the System32 folder (usually C:\Windows\System32).

On 64 bit versions of Windows, IP2Lib32.DLL should be deployed to the SysWOW64 folder (usually C:\Windows\SysWOW64), and the IP2Lib64.DLL file should be installed to the System32 folder (usually C:\Windows\System32). If you find the names of the system folders confusing, refer to Microsoft's documentation for additional details on the role each folder plays on 64 bit versions of Windows.

Deploying Renamed DLLs

Whether you deploy the DLLs to the application directory or the system directories, another step you can take to prevent potential version conflicts is to rename the IP2Lib32.DLL and IP2Lib64.DLL files. This has the following effects:

Deploying the XML configuration file

The XML configuration file is saved on your computer to a location you specify (as shown in the Instant Protection PLUS 3 DLL Overview). You can deploy the XML file wherever you wish, you must simply specify the correct path in your source code.

We recommend your application's installer is configured to copy this file in the same directory in which your application is installed, and then have your application's source code look for the file in that application directory (as shown in our samples).

If you are licensing an add-in, the application directory will not be your add-in's directory, but the directory of the application that loads your add-in. A recommended location for the XML file in this case would be a public folder such as the Public Documents folder on Vista and later versions of Windows. The %ALLUSERPROFILE%\Documents folder is recommended for Windows XP.

Deploying Additional Files

Your protected application may use additional files such as the following:

These files are typically installed to the same directory as the IP2Lib32.DLL and IP2Lib64.DLL files (which is usually in the same directory where your application is installed). However, there are a couple of exceptions to this:

  1. As described above in the "Deploying Renamed DLLs" section, renaming these DLLs will cause any additional files to be loaded from the path containing the application which loaded the DLL. (So for example, if your application is a Microsoft Access add-in or database, it will look for these files in the same folder where MSACCESS.EXE is installed.)
  2. A second scenario where this path can change is when you specify the FLAGS_USE_XML_PATH (4) flags when calling the CallIp or CallIpEx functions. In this scenario, all of these files are loaded from the directory containing the XML file. One scenario where this may be ideal is for add-ins, where you may wish to load these files from your own installation path (e.g. your own folder under Program Files) rather than putting this files in the directory where the program loading your add-in resides.

If the product logo image is in the correct location, but not displaying, try re-saving it with MSPaint to eliminate a possible .bmp format issue.

Deploying for LabVIEW

If unfamiliar with distributing additional files with LabVIEW, the LabVIEW IP2Lib DLL sample contains two entries under the project's Build Specifications which may provide an example of how this is accomplished. The sample is found in [Instant Protection PLUS 3 installation folder]\samples\IP2Lib DLL\Samples\LabVIEW\IPSample. Open the IP2Startup.lvproj project in LabVIEW then open the Build Specifications section in the project tree. The "IP2DLL Sample" entry will create an executable with the required support files. The "IP2DLL Sample Installer" Build Specification entry demonstrates building the installer with the needed additional files.

Obfuscate .NET Applications

Important

When your .NET application is compiled, it is compiled to what is called Microsoft Intermediate Language (MSIL - pronounced like "missile") code. There are tools that can be used to translate and reverse engineer MSIL code, so it is imperative that you select and use an obfuscation tool to further protect your application and your investments in it. Microsoft offers a good summary of this subject.

Installation Requirements

Important

Using the /OPENLF command line switch can be used to avoid permissions issues that will result in Error 42 on Windows Vista and later.

Important

Microsoft Office applications (such as Word, Excel, Access, etc...) may run in a ClickToRun environment.  This environment has known limitations that make it problematic for licensed Office add-ins and macros to use global locations. Consequently, licensed add-ins and macros that target these environments should only use user-specific locations for licenses and aliases. See this knowledge-base article for more details.

Windows Vista and later includes a "User Access Control" (UAC) security feature which limits privileges users have, even when a user part of the Administrators group. Unless you have selected "Auto-create in the current user registry" for your license file location, protected applications need to be called with the /OPENLF command line switch while running with elevated privileges to change the permissions of all License Files and Aliases to give standard users full read/write access. This is typically done from within your installer since elevated/administrator privileges are usually required for installers. However, there are some cases where this approach is impractical, such as when you are protecting a DLL, an add-in or plug-in for a third-party application, or a Microsoft Office document (such as an Access database) and therefore don't have an application to call with the /OPENLF command line switch. For these scenarios, there are alternative approaches you can take (see "Using helper.exe" below).

Read this whitepaper on Using Instant Protection PLUS 3 with Windows Vista and higher for more information.

Important

As of Instant Protection PLUS 3 3.2.0.4 and later, /OPENLF automatically initializes 32 bit and 64 bit license files and aliases, regardless of whether or not the protected application is 32 bit or 64 bit. Therefore, it is no longer necessary to initialize the 32 bit and 64 bit locations separately.

Using helper.exe

Since most installers require elevated privileges, the easiest way to initialize the required license file permissions is to run a wrapped copy of helper.exe as part of your installation process. The helper.exe application is merely a stub application that does nothing, but it can be wrapped with the same licensing settings as your product so that it can handle the /OPENLF call. To complete this process:

  1. First open the existing Instant Protection PLUS 3 Project (.ipp file) that you used to generate the secure XML configuration file.
  2. On the Integration Method step of the wizard change the option from "Use the Instant Protection PLUS 3 DLL" to "Use the Instant Protection PLUS 3 wrapper" and click Next.
  3. Set the File to Wrap to the helper.exe file in the Instant PLUS installation directory and choose an appropriate Output Folder.
  4. Click Next to wrap the helper.exe with the licensing startup logic. You must then update your installer to copy over the wrapped helper.exe to the target system and immediately call it with the /OPENLF command- line switch to set these permissions and exit. Refer to your specific installer documentation on how to run an application during installation and how to pass it command-line switches/arguments/parameters. A number of installers refer to these as Custom Actions.

Using your own application

Using helper.exe is generally necessary when protecting add-ins (such as Microsoft Office add-ins, VBA scripts, etc...). However, when protecting your own applications/exe's, you might not need to use helper.exe. When calling the CallIp or CallIpEx functions, the Instant Protection PLUS 3 DLL will automatically detect the presence of the /OPENLF switch if present. As long as your application's design and code permits (meaning it does not show any user interface or cause any problems when called with the /OPENLF switch), this means you can simply run your protected application with the /OPENLF switch during the installation process.