I did a lot of work in trusted computing in a hostile environment a few years ago. So long as the person running the code can alter the code you can not prevent this, period. Of course you can make it more difficult, but never prevent it. Try compressing the executable with one of the tools available. Also make sure you strip the executable before sending it out. Anything more will probably involve OS specific alterations.
In addition to Shawn's suggestion, why not embed core pieces of your app, the parts the user wants your app for, in an encrypted code block. Inside the encrypted code block, verify the code sig with a SHA (or whatever) and sprinkle this *inline* code into the algorithm, effectively scrambling the real code with crypt code (don't just cache the sha, make it volatile). When the user performs an operation, he would have to hack the results of the decrypt each time, not just once. Possible to automate, but much harder.
HTH.
michael
