Abstract: A first process operating on a computer comprises code to be executed in connection therewith, where the code includes at least one triggering device. A digital license corresponds to the first process and sets forth terms and conditions for operating the first process. A second process operating on the computer proxy-executes code corresponding to each triggering device of the first process on behalf of such first process. The second process includes a selection of options to thwart reverse engineering by a debugger if a debugger is detected. The options include execution by a proxy engine of a re-routed call, crashing the first process, detection ad elimination of a debugger related interrupt a call to an arbitrary function.

Abstract: A security flag stored in a trusted store is utilized to determine if the trusted store has been subjected to tampering. The security flag is indicative of a globally unique identifier (GUID), the version of the trusted store, and a counter. The security flag is created when the trusted store is created. Each time a critical event occurs, the security flag is updated to indicate the occurrence thereof. The security flag also is stored in a write-once portion of the system registry. At appropriate times, the security flag stored in the trusted store is compared with the corresponding security flag stored in the write-once registry. If the security flags match within a predetermined tolerance, it is determined that the trusted store has not been subjected to tampering. If the security flags do not match, or if a security flag is missing, it is determined that the trusted store has been subjected to tampering.

Abstract: A state store having state information therein is stored on a computing device. Information at least nearly unique to the computing device is obtained, and a number of locations at which at least a portion of the state store is to be stored at is determined. Pseudo-random file names and corresponding paths are generated based at least in part on the obtained information, whereby the generated file names and corresponding paths are likewise at least nearly unique to the computing device, and the generated file names and path are paired to form the locations. Thereafter, the state store is stored according to the generated locations.