API Protection Filter Technology is a sophisticated protection mechanism designed to make cracking your programs extremely difficult.  

Your programs will rely on numerous system, third party and in-house external modules (usually these are DLL's).  Normally, a cracker can use this information to his benefit in a variety of ways to attack your programs.  

The information about which functions you import from various external modules is often held (depending on the link) in a structure in all Win32 executables called an Import Address Table (IAT).

The API Protection Filter Technology virtualizes access to these API's from your IronWrapped programs to ensure that the functionality is only accessible when the IronWrapper is in place.  If somehow the wrapper were removed, the imports would fail to be linked and definitely would not function correctly.

IAT Protection Method

The IronWrap API Protection Filter Technology allows you to use any of three different protection methods to protect various elements in the filter.  These methods are:

1. Bypass - this method does not specially handle the IAT for that element (module/function etc).  Note that even if you use bypass, the IAT itself is still protected, just the method is directly handed off to the external module in the regular manner.  (This method is the fastest and the least secure).

2. Redirect - In this method, the API from the target module or function is redirected to the IronWrap internal engine and may call the original API target later. (This method is slower, but more secure).

3. Call-Trap - In this method, the API calls are set to memory traps. The details of how memory traps operate is an IronWrap secret, however suffice it to say that they are extremely secure.  (This method is the slowest, and the most secure).

Filters

A filter itself is a list of modules and functions with an associated IAT Protection method. The IronWrap API Protection Filter Technology allows you to select from any number of pre-defined filters that ship with the product or define your own.

A filter has a root protection method.  A filter may contain zero to many modules, each module with its own protection method.  Each module may contain zero to many explicitly specified functions, each function with its own protection method.  The protection method used to protect any individual imported API (function call) is determined by recursively searching the Filter for a match from the lowest layers up.  

More Information

For more information on actually defining and editing API Filters, see: IronWrap API Filters

For more information on setting a License Project to use a specific filter you have defined, see: IronWrap Protection Tab