Environment Verification

Manifests are used primarily to protect your AD RMS–enabled applications from viruses which typically propagate by attaching to files running in memory. The manifest lists required, optional, and prohibited files. By using a manifest, you can specify what is loaded into the process space and what is allowed to access protected content. This increases security by helping to prevent other applications (viruses) from running in the same space as your application and preventing an attacker from surreptitiously replacing libraries.

You provide the manifest as input to only one function, DRMInitEnvironment, which loads the lockbox and returns a handle to a secure environment object. The following functions require the environment handle, and many other functions indirectly require a secure environment:

• DRMCheckSecurity
• DRMCreateBoundLicense
• DRMCreateEnablingPrincipal
• DRMCreateLicenseStorageSession
• DRMGetEnvironmentInfo
• DRMGetSignedIssuanceLicense
• DRMGetTime
• DRMLoadLibrary
• DRMRegisterProtectedWindow
• DRMRegisterRevocationList

See Also

Creating the Application Manifest

Send comments about this topic to Microsoft

Build date: 3/13/2008