You should already be familiar with our Anti-Hacker Guide. If not please read it before reading this section.

Resist RegMon is an option that you can set in your licenses that specifically causes the ClientProtector, during the scope of many of its function calls, to attempt to detect if the SysInternals® tool "RegMon" that monitors registry activity in real-time is running on the users system. This is a protection mechanism that resists attempts to watch your programs (and the ClientProtectors) access to the registry with RegMon. This is often an attack by a cracker.

If detected, the entire process is immediately terminated with a non-orderly shutdown. The function call from your program that indirectly caused a successful detection of RegMon will never return.

Before setting this option, you should consider whether your user will typically be a software developer that has a legitimate need for attempting to monitor the registry in real-time. If you enable detection of RegMon, then your license will prevent your application from running when a RegMon is running.

Generally, most users have no need for using RegMon, so you are fairly safe enabling this option.

However, if you use RegMon yourself, be sure that during development, you keep this flag turned off since you will probably be unable to debug your own software. If it is on, when the ClientProtector detects RegMon as a running process, it will immediately cause the entire process to simply shut-down.

If you choose to use this option, simply make sure that the very last thing you do before distributing the license is to turn it on, re-compile and test.

More Information

For help on how to make your program more secure, see the Anti-Hacker Guide in the Developing Applications Using The SoftwareShield System Reference.

For help on actually setting the Resist RegMon option, see License Behaviour Tab in the SoftwareShield License Manager Reference.