To sell electronically distributed goods you should enable EGoods module in the admin zone (through Modules in the Administration menu). If this module is enabled, 'ESD distribution' input line appears after the product name in the 'Product details' dialog when you modify a product. This line should be used to enter the path to the downloadable file (if the file is located on the same server as the online store) or the file URL (if the file is located on another server; not recommended).
Picture 1: ESD distribution.
In order to upload distributions to your site you should use Files item of the Inventory menu. When a customer orders an electronically distributed product, his order is processed and he receives a letter with a download key. If you are using manual processing the letter is sent to the customer when you set his order status to "Processed" (P).
The download key is an URL which is used by the customer to download the file that he purchased. It looks something like 'http://www.yoursite.com/xcart_directory/customer/download.php?id=920e98f7d889eb7781a'.
Download keys are generated automatically and are valid for a limited period of time. You can specify the time of key expiration by editing the field 'Download key TTL' in General settings -> General options.
Note on ESD files. When you upload ESD files via Inventory menu -> Files they are placed inside 'files' directory (in X-Cart Pro version the files are placed in 'files/provider_login' directory where the provider's login is the login of the provider who owns this ESD product). If the size of your ESD files is very large, it may be impossible to upload them via Files menu item (most web servers have 8Mb upload limitation), you can upload your files directly to 'files' directory (or to the appropriate provider's directory).
Security note. You should use web server functionality to disable direct download from the 'files' directory, otherwise any person will be able to get access to ESD files without purchasing them. If you are using Apache web server you can use .htaccess file with "Deny from all" directive in it. If you are using IIS, you should open 'Access permissions' dialog and disable reading from the 'files' directory.