[Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 466
  • Last Modified:

Keeping a serial number in the registry

I'm thinking of keeping my application serial number in the registry, but there is a problem:
How can I nake sure that nobody tries to change or see where and how I keep the serial number?
or even worse: delete it?
suppose you provide an evaluation version of your program. You'd have to ensure that once the evaluation period ends, the user won't be able to install the program again.
but if he deletes the program's registry - you won't have a way to know it already existed on his computer... :/
2 Solutions
evilrixSenior Software Engineer (Avast)Commented:
Have you considered encrypting it using Windows DPAPI?
If you can't find the registrykey, you can just throw an error and ask the user to reinstall.

It is unrealistic to think people wont be able to see what registrykey you write because of the multitude of utilities that can monitor actions like that. A common practice is to create a key based on your serial number and specific characteristics of the machine the program is installed on (serial number of the harddisk for instance). Write these (encrypted) to the registry  and check it aginst the current configuration at startup.

Another way is online activation. You can store a computer id on your server DB + email adress of the user.
This also help to prevent multiple installations.
Just be sure to decrement the usage key upon uninstallation.

Some user monitor software installation, for a start it might be a good idea to write the serial number into the registry a couple of minutes after the user runs the program.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

UltraDogAuthor Commented:
Thanks, maybe I'll use it but I don't think tha's what I was looking for.
I do scramble the serial key in a simple way before i put it in the registry but I don't want people to be able to erase it or even know where it is.

But then, the user won't be able to install the program at all, because I'll throw an error in the first installation.

I don't have a web-site, or a server, so I can't use it yet :)

You can completely hide registry keys from users by prefixing thir names with a binary zero and accessing them via the native NT API functions - neither the regular Windows API nor regedit.exe (which relies on them) can see them. See http://www.codeproject.com/KB/system/NtRegistry.aspx ("Registry Manipulation Using NT Native APIs") and in particular the section "Hidden Registry Keys, you say?". This article comes with full source code.
I assumed you would use some sort of installer to check the licensekey and write the registry on success. If your program doesnt have its own installer you can't throw an error, but maybe disable / limit functionality untill the user registers.

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now