Keeping a serial number in the registry

Posted on 2011-05-10
Last Modified: 2012-05-11
I'm thinking of keeping my application serial number in the registry, but there is a problem:
How can I nake sure that nobody tries to change or see where and how I keep the serial number?
or even worse: delete it?
suppose you provide an evaluation version of your program. You'd have to ensure that once the evaluation period ends, the user won't be able to install the program again.
but if he deletes the program's registry - you won't have a way to know it already existed on his computer... :/
Question by:UltraDog
    LVL 39

    Assisted Solution

    Have you considered encrypting it using Windows DPAPI?
    LVL 7

    Expert Comment

    If you can't find the registrykey, you can just throw an error and ask the user to reinstall.

    It is unrealistic to think people wont be able to see what registrykey you write because of the multitude of utilities that can monitor actions like that. A common practice is to create a key based on your serial number and specific characteristics of the machine the program is installed on (serial number of the harddisk for instance). Write these (encrypted) to the registry  and check it aginst the current configuration at startup.

    LVL 27

    Expert Comment

    Another way is online activation. You can store a computer id on your server DB + email adress of the user.
    This also help to prevent multiple installations.
    Just be sure to decrement the usage key upon uninstallation.

    Some user monitor software installation, for a start it might be a good idea to write the serial number into the registry a couple of minutes after the user runs the program.
    LVL 1

    Author Comment

    Thanks, maybe I'll use it but I don't think tha's what I was looking for.
    I do scramble the serial key in a simple way before i put it in the registry but I don't want people to be able to erase it or even know where it is.

    But then, the user won't be able to install the program at all, because I'll throw an error in the first installation.

    I don't have a web-site, or a server, so I can't use it yet :)

    LVL 86

    Accepted Solution

    You can completely hide registry keys from users by prefixing thir names with a binary zero and accessing them via the native NT API functions - neither the regular Windows API nor regedit.exe (which relies on them) can see them. See ("Registry Manipulation Using NT Native APIs") and in particular the section "Hidden Registry Keys, you say?". This article comes with full source code.
    LVL 7

    Expert Comment

    I assumed you would use some sort of installer to check the licensekey and write the registry on success. If your program doesnt have its own installer you can't throw an error, but maybe disable / limit functionality untill the user registers.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
    The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now