One rather complex but quite effective technique is to have a separate registration programme create two unique GUID's with the API CoCreateGUID called the first time the registration program runs on a particular machine which pops up a dialog in which the user must enter personal details, credit card numbers, etc. The separate registration program must not run in non-administrative mode. Check this using the Jedi code IsAdministrator routine.
Insert one of the GUID's in the HKEY_CLASSES_ROOT as a key, and a hash of the GUID inserted as data under the key. Insert both hashed data and the key into fields of the user's record, encrypt the record with AES, convert the result to MIME so that it can be attached to an e-mail, and require that the user sends this back to you when the registration process finishes, or spawn the default mail program from the registration program and send the MIME in the mail body. On receipt, convert the MIME back to ASCII, decrypt this record, and with an installation program which can run a DLL, check for the presence of the key and the correct hash of the data when installing. Use both, appropriately encrypted and converted to hex as the unlocking key for the program, and write a suitable unlocking GUID elsewhere with the DLL. The first key can now be erased so that distributing a backup of the system state plus the unlocking key will not work on another system. One can think up numerous variations on this scheme. Note that as described above, this will not defeat an installation monitor which also monitors registry changes and file changes before and after installation unless one creates a large number of spurious GUID's as keys in the Registry each with hashed GUID's as data to make it hard for the user of the installation monitor to know which one actually contains the real key and data. It's also possible to link some of the GUID keys and data to point to false goals. It's a good idea to search for cracks from time to time by doing a Google search as standard (non-administrative) user on your program's name. Don't open any crack site to look for more information, since some may somehow install a trojan on your system even if you are not an administrator. Without going into more detail, all the above must obey the security rules if the installation is to succeed under Vista. Irwin Scollar _______________________________________________ Delphi mailing list -> [email protected] http://www.elists.org/mailman/listinfo/delphi
