Using and Testing Protected Applications Overview

As with any task, it is important to ensure you have the right set of tools to help ensure the task is completed well and efficiently. Here are some types of tools that we can recommend for your consideration.

Virtualization Software

Although this is not required, using virtualization software to run virtual machines is very helpful for a wide variety of reasons.

It is possible for you to establish different virtual machines for testing different operating systems and versions thereof. For example, you could have separate virtual machines configured for testing Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, etc... Even amongst these, you could have separate virtual machines for the 32 bit and 64 bit builds of each applicable version of Windows.
Most virtualization programs support saving "snapshots" of each virtual machine guest, which allow you to restore the virtual machine guest to the exact state it was in when the snapshot was taken. For example, if you tested installing an application on a system for the first time ever, you can revert to the snapshot when done if you need to run the test again. So if you had an issue with performing a fresh installation of your application that could not be reproduced when re-installing it, you could reproduce the problem by simply reverting back to the snapshot and starting over.
The virtual machine guests and snapshots can be configured in a variety of different ways to cover different testing scenarios. For example, if you sell an application that also has related developer components that must be activated separately, you could test installation and usage with and without the relevant developer tools and dependencies to ensure the smoothest experience possible for all of your users.

Keep in mind that if your licensing requirements call for the detection of virtual machine guest environments to alter the way your licensing logic behaves (or even to prevent the application from running in these environments entirely), you may need to make additional considerations and adjustments for your testing procedures. These adjustments can include creating special test builds which are never publicly released, and could include testing on physical computers in place of or in addition to testing in virtual machine guests.

Helpful Information

Microsoft provides for free many Windows versions installed for many different virtual machine players/hosts. These virtual machines are setup with a 90 day evaluation of Windows.

Build and Test Automation Scripts

There are many free and commercial tools available for automating your build and testing processes. Some free tools include, but are not limited to, Power Shell scripts or batch files, shell scripts, home-grown scripts and applications you might already have in place. Having scripts related to building and testing helps avoid missing crucial steps to building applications properly, and also helps automate any mundane building and testing tasks. Additionally, unit testing can also help identify potential issues during development, and is a particularly convenient way of testing all possible execution paths in your code. Most integrated development environments (IDEs) have built-in features for assisting with unit testing, and many also have various code analysis features that can also help identify areas of code that could be problematic or be adjusted to follow best practices.

Establish a Testing Checklist

Since every application is different, each will have a different set of tests that should be run before releasing a new build to customers and prospects. Below is a list designed to help you get started on a checklist for testing the licensing features (and potentially other features) in your applications.

Verify your Installer

Installing

Is the application, all of its dependencies, and any required files and permissions installed correctly? See the wrapping deployment or Instant Protection PLUS 3 DLL deployment section for details on deploying protected applications.
If your application should be activated once for each computer/device, does the installer prompt to obtain elevated privileges? This is required to install licenses shared with all users on a single computer, and is required to avoid problems with User Account Control (UAC) features on Windows Vista and later. This is also described in the wrapping deployment or Instant Protection PLUS 3 DLL deployment sections or our Using Instant Protection PLUS 3 on Windows Vista and later article.
If your application should be activated once for every user on a computer/device, did you select the "Auto create in the current user registry" for the License File Location? If Windows displays a prompt asking to confirm if the application installed correctly, this might indicate that the installer attempted to use global locations instead (which could indicate potential for UAC related issues).
After installation, does the application start in the expected state? For example, if it should be a 30 day trial, does it start as such? Does it display the Instant Protection PLUS 3 activation dialog if it is supposed to?

Upgrades

Does the application, its dependencies, and required files get updated as appropriate?
If the upgrade or update is free for customers who have already purchased, downloaded, installed, and activated, confirm that reactivation is not required after upgrading.
If the upgrade is not free for customers who have already purchased, downloaded, installed, and activated, confirm that a new activation is required by your application after upgrading.
After installing the upgrade, does the application start in the expected state? This can vary based on whether the upgrade is free or not, as described above.

Uninstalling

Make sure the uninstaller removes the application, its dependencies, and files, as appropriate.
If you are using alias files, make sure the aliases remain on the system after uninstalling. This is important so that uninstalling and reinstalling a trial does not afford users a fresh trial period, for example.

Activation and Electronic License Management

When testing activation and Electronic License Management (ELM) features in your application, it is important to test each possible means of performing the tasks that users are allowed/able to perform.

Using SOLO Server

You should perform the tests below with a test system that has a direct Internet connection if you allow activating online. If you allow activation through another system's Internet connection, make sure you test with manual request files while the test system lacks Internet connectivity. Furthermore, if your application supports several different types of licenses (such as full/non-expiring, time-limited, etc...), make sure you also run the tests below for each type of license.

Try activating with a bad License ID and Password and make sure it fails, and make sure you receive a result code of 5008 from SOLO Server.
Try activating with a License ID for a different product, and make sure you receive a result code of 5010 from SOLO Server.
Activate with a valid License ID and Password for the correct product. Make sure it goes through successfully.
Deactivate the license from your application (if allowed).
Reactivate the license using the same License ID and password. If SOLO Server is configured to allow reactivation on the same computer (Issue Installation ID must also be enabled), you should receive the same Installation ID. Otherwise, you should receive a new Installation ID, or a result code of 5013 if no activations are remaining.
Use the SOLO Server management interface to revoke/ban the Installation ID, and refresh the license to ensure your application revokes its license properly.
Reactivate the license using the same License ID and password, use the SOLO Server management interface to revoke/ban the Installation ID, and deactivate the license from your application (if allowed) again. SOLO Server should return result code 5016, and your application should typically revoke its license in this circumstance as well.

Using Trigger Codes

Activation is also possible using a manual numeric challenge-response mechanism called Trigger Codes. Trigger Codes afford your customers the convenience of being able to activate systems which lack Internet connectivity (especially systems in remote locations) by manually exchanging numeric codes with you or your customer service representatives via phone or fax.

Important

Manual activation using Trigger Codes should only be used when absolutely necessary!

Like any other challenge/response scheme, allowing activation via Trigger Codes introduces the potential to be exploited by hackers to make key generators (which are programs that issue unauthorized activations for your application) available. If the customer is able to activate online through another computer, that is a more robust and secure approach for activating disconnected devices or systems.

By definition, a Trigger Code is essentially just an encrypted value which gets decoded to a numeric value between 1 and 50 (which is the Trigger Code number). When processing the activation codes, the resulting Trigger Code number is used to then identify which actions should be taken in your program to alter the state of the application's license. Instant Protection PLUS 3 can process these Trigger Codes. Make sure you test activations with each Trigger Code number supported by your application. Check that the application activates without issue, and make sure the license is altered as intended.

Copy Protection

Your application can identify a system which has been activated to ensure its license is only used on the system on which it was activated. You can use the Enhanced Computer ID Algorithms or the Legacy Algorithms, and here is a generalized test for you to consider:

Install the application on two systems. Activate on one system, copy the activated license file to a second system. Make sure the application does not run. For applications designed for home or non-business use, this is generally a sufficient test. However, if your application is designed to be installed in large corporate environments, academic institutions, etc..., you may want to consider testing on separate computers which share very similar hardware.

Time-Limited/Periodic Licenses

If your application uses time-limited licenses (which are licenses that are only valid for a limited amount of time), then you should test your application's behavior thoroughly.

Important

The safest approach for testing time-limited licenses is to utilize virtualization software. If virtualization software is not an option, then using another computer that is dedicated to testing is recommended. The reasons for this include:

Changing your system's clock can impact other software running on your computer. For example, other licensed software, including virus scanners, could get disabled after manipulating your system's clock.
If your system is attached to a domain, you might not be able to disable network time synchronization.
You could inadvertently dismiss important reminders intended for the future, which may be shown after pushing your clock forward.

If your application supports multiple types of time-limited licenses (such as an evaluation and an activated, lease or subscription style license), run the tests for each type of license. Before you begin your testing, make sure your test system is not configured to synchronize with network/Internet time. In Windows, you can change this setting in the Internet Time tab located in the same dialog where you can adjust your system's date/time.

Start the application, and activate it if and as appropriate (activation is often not required for evaluations).
If your application attempts to check its status or refresh its license with SOLO Server, push the test system's date forward to the date when you expect it to start the attempts. It should fail with a result code of 5022, as the system clock will have a differ from SOLO Server's clock by more than 24 hours. Try unplugging/disconnecting the system's network adapter on the test system , and start the application again. If the refresh is not required, the second attempt should fail silently.
If your application requires checking its status or refreshing its license with SOLO Server, push the test system's date forward to the date when you expect the requirement to be effective. Make sure the application does not run.
Leave the network adapter disconnected, and back-date the system's clock to the correct date/time. Without Internet connectivity, alias validation should fail and your application should treat the license as being invalid or expired. Reconnect the network adapter, and test to ensure refreshing the license online (which should occur automatically) restores the license to a functioning state.

Internet Connectivity

If your application requires validating its status with SOLO Server, you will need to make sure you test this functionality with and without Internet connectivity. Here are some tests you can run:

If your application has an option, menu, or button that can cause a status check or license refresh to occur, start the application and test this functionality with and without Internet connectivity.
If your application is configured to begin checking or refreshing its license after a period of time, push the test system's clock ahead to the date you expect checking to begin, and make sure SOLO Server returns 5022 (which will indicate the fact that SOLO Server's clock differs from the test system's clock by more than 24 hours). Also test with no Internet connectivity, and make sure the application continues without showing any errors regarding the failed attempt.
If your application is configured to require validation after a period of time, push the test system's clock ahead to the date you expect checking to begin. Otherwise, if your application always requires validation, you should not need to later the test system's clock. Make sure SOLO Server returns 5022 (which will indicate the fact that SOLO Server's clock differs from the test system's clock by more than 24 hours). Also test with no Internet connectivity, and make sure the application shows an error and does not run.

Build Configurations

Sometimes it is necessary to use multiple build configurations of an application to produce different builds or releases for various reasons. Reasons could include things like branding changes, using separate builds to omit certain features that are not easily enforced through licensing alone if you are not wrapping (i.e. an evaluation build is sometimes necessary to omit unprotected content), etc... All tests should ideally be performed against all possible build configurations, especially when code is conditionally compiled for different build configurations (typically done via preprocessor directives).

Supported Environments

All tests should be repeated for each platform supported. So for example, if your application is supported on Windows 7 and later, you would typically test your application on the 32 bit and 64 bit versions of Windows 7, Windows Server 2008 R2, Windows 8, and Windows 8 Server.

Additionally, if your application supports multiple languages, all tests should be repeated with the typical regional settings expected with each language supported.

Load Testing

Many standard desktop applications exhibit their load on systems during normal use and testing. However, if your application is expected to be run in an environment using terminal services or Citrix, or if your application includes a web application, service, or any multithreaded functionality, it is very important to test your applications performance under heavy use. For example, if your application were to be used by hundreds or thousands of users on a single machine via terminal services or Citrix, frequent license validation (especially validation with SOLO Server) could congest system and network resources.

Regression Testing

As you apply changes, updates, and fixes through its lifecycle, it is important to perform regression tests to ensure that recent changes do not introduce new issues. Although it may not be practical to test everything each time a new build is created, it is best to automate as many tests as possible (often done via unit tests) to help prevent the introduction of new issues.

Resetting the Local License Files

While testing, it is often necessary to create a "clean" installation of your application. By resetting or deleting all license and alias files in the registry, windows folder, and system folder, the licensing will function as if the protected application was run on a computer for the first time. Normally, the license files remain even if you uninstall or delete the application itself, so they must be specifically reset or deleted.

You can revert to a previous snapshot when using a virtual machine, but if you are not using a virtual machine for testing, the following methods allow you to reset the local license files on your development computer or on any computer.

Computer with Instant Protection PLUS 3 Installed

The easiest way to reset licenses is by having Instant Protection PLUS 3 installed on the same machine.

First, close the licensed application you are wanting to reset. Next, in Instant Protection PLUS 3, open your project file from the File / Open menu then use one of the following options:

Menu Option

From the menu, select Product / Reset Product Licenses.

You will be prompted that the licenses have been reset on this computer.

If you are using the Pre-create license file in the application folder option (not recommended) in the wizard, a file browser dialog will open allowing you to select the license file to reset. This file will not be deleted, but all the settings will be returned to an unused state.

You may now run your application and it will be as if it run for the first time.

Automatic Option

There is a similar option that will automatically reset licenses when wrapping an application or saving an XML for use with the Instant Protection PLUS 3 DLL interface.

From the menu, select Tools / Options

In the General tab, enable Reset licenses when injecting/wrapping or saving XML

Uncheck this option to leave any local licenses for the current product as they are when wrapping and saving an XML file.

Any Computer (Instant Protection PLUS 3 does not need to be installed)

To reset the local license files on any computer, you can process an activation that uses Trigger Code 49.

If your license is invalid or expired, the activation dialog will be shown at start-up. If the activation dialog is not displaying, just hold down the shift key when you launch your application. This will show the following dialog allowing the licensing dialog to be displayed.

If you have launched with the shift key down, click the Yes button and continue to the licensing dialog.

Manual Activation

If you allow manual activations, you can process the manual activation using Instant Protection PLUS 3 and Trigger Code 49.

Online Activation

If using SOLO Server, you can create a Product Option that uses Trigger Code 49. When a License ID is created from that Option, activating with it will reset the local license files.

Creating a Reset License Product Option

Log into your SOLO Server account
Go to the menu Configure / Products
Use the dropdown Actions / Add Product Wizard
How do you want to begin?: Define a new Option starting from a copy of all settings from an existing Option
Option to Copy: choose the Option that you synced to in the SOLO Server Product List step
Type of Product: Licensed Software/Application
Option Name: "Reset License" or a similar name
Select the licensing client you use: Instant Protection PLUS 3
Type of license: 49 - Reset license file and aliases
Click Continue three times (the Price per Unit just needs to be a non-$0 value)
Check/enable Hide this option from the storefront and customer license portal (may still be used)
Confirm settings and click the Save button

Adding a Reset License

For testing purposes, you can add a Test License for this Option.

In the SOLO Server menu select Customers / Add a Test License.

A list will be shown with all the products available for adding a license.

Select the Reset License Option you just created from the above steps.
Click the Add New Test License button.
Click OK on the informational pop-up.

With this license, we now have the License ID and Activation Password we need to activate our protected application in order to reset the licenses.

Activating with a Reset License

Choose to Activate Online, and enter the License ID and Activation Password for the Reset License. You should get a confirmation that the activation was successful, and once the application is closed and restarted, the licensing will be as if it was run for the first time.

Testing Licensed Applications