Hi Pete,
A while back, I pondered all of these questions and more, though my application
ended
up using a different copy protection method, I can give some advice with regard
to the
basic copy protection design:
- Use the HKEY_LOCAL_MACHINE key when putting data in the registry. Most
applications are bought on a per machine basis, with the logic being that no
matter how
many users the machine has, only one of them can use it at any one time.
- Do not just store your timeout information in a .INI file. Rather store it in
both the .INI
and in the registry. This gives you two points to compare. (I.e. To check if
someone is
trying to extend their timeout period)
Copy Protection Check
- Check registry for "FirstRun" flag
- If the flag is not found, create the .INI, and set additional
registry keys
(e.g. timeout)
- If the flag is found, check if the .INI exists
- If the INI exists, compare the timeout value in the INI to the
timeout value in the registry:
- If they are equal, exit check
- If they are not equal, set the timeout to zero
(Disable app)
- If the INI does not exist, merely recreate it (using the
timeout from
the registry. Or, you may choose to disable the app here too.
- When done, update the timeout.
(I.e. Lower the value if enough time has passed)
I went a bit further with the above strategy, using two points in the registry
which are
encrypted using different Keys. If anything doesn't match up, the application
is
immediately disabled. It's up to you as to balance how secure you want it with
how
much time you wish to spend on it.
Good luck.
Regards,
Cadyn Bridgman
On 2 Jun 2005 at 19:39, petesouthwest wrote:
> Hi
>
> Firstly please excuse the disgusting length of this post, and thanks
> to those that read it all!!
>
> I read with interest everyone who has replied to my earlier posts,
> so thanks everyone!
>
> I must admit however to being confused over some issues,
> particularly register keys, possibly as the conflicting information
> regards different OSs and environments?
>
> Can I just clarify some issues?
>
> The app I am working on is intended to be installed by Network
> Support staff in colleges and used by teachers. The app is a `try
> before you buy' that functions for 21 days before requiring a
> code to license it. When the app is first run, if no key is present,
> it generates a code that will expire in 21 days, that code is then
> saved in the newly created registry key. We can then use the OnGuard
> components to generate a code that uses the school name as a
> modifier, that maybe used to `unlock' the trial version by a
> user.This may not be hacker proof but is a deterrent for most
> colleges, at least the ones I've worked in!
>
> The users rarely have anything except basic privileges and would
> certainly NOT be admin. The networks maybe anything from win98
> onwards. I was assuming that the easiest way for network staff to
> install my app would be as a package and assigning it to groups of
> users if the OS had ASD. This I believe would result in the app
> being installed locally when it was used by the teachers. I have yet
> to consider other OSs.
>
> In this scenario what register keys could my app use? Would it be
> able to use anything in HKEY_CURRENT_USER and/or HKEY_LOCAL_MACHINE?
>
> It has also occurred to me that if the app is installed locally and
> I store the release key in the registry that it would require
> licensing by each person using the software or on each machine that
> it is used on (depending on registry key?).
>
> I would prefer that my app could be licensed by anyone using it for
> the entire site. However, I'm unsure of how to write my code to
> achieve this.
>
> The above assumption and associated problem has made me consider
> suggesting that the software is installed on a shared drive, with
> shortcuts being placed on the users desktops. Rather than storing
> the release code in the registry, it could be stored in an ini file
> in the apps folder. This however makes it really easy for people to
> delete the ini file that would result in my app thinking it was
> being run for the first time and giving another 21 days trial.
>
> So how about this:
>
> look for a registry key
> if the reg key is not there then
> // the app hasn't been run on this machine before
> begin
> create the reg key
> if the ini file exists then
> read and use code
> else
> begin
> generate a release code that will expire in 21 days from now
> create ini file
> store code in ini file
> end
> else // the key is in the registry so the app has run before
> begin
> try to read and use the code stored in the ini file,
> end
>
> The incoreect code or a missing code would then result in the trial
> ending.
>
> Hmmm my heads spinning but that seems to be sound in my mind.
>
> Any comments appreciated.
>
> Thanks for reading down to here! ;)
>
> Pete
>
>
>
>
>
>
>
> -----------------------------------------------------
> Home page: http://groups.yahoo.com/group/delphi-en/
> To unsubscribe: [EMAIL PROTECTED]
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.322 / Virus Database: 267.5.0 - Release Date: 2005/06/02
>
----------
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.322 / Virus Database: 267.5.0 - Release Date: 2005/06/02
[Non-text portions of this message have been removed]
-----------------------------------------------------
Home page: http://groups.yahoo.com/group/delphi-en/
To unsubscribe: [EMAIL PROTECTED]
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/delphi-en/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
