I am currently developing a program that I would like to protect from unauthorized users (copy protection). The software itself is free but I want my users to register before they can use it. Because the software is free, I can’t really use a third-party solution such as eSellerate because they take payment as a percentage of sales (which is zero).

I have played around with several ideas but the one that keeps sticking is using the hard drive serial number as a basis for protection. I’m not a big fan of this idea because I have been the victim of such schemes in the past. For example, I have a removable hard drive and every time I insert the drive a particular piece of software goes crazy and I have to reenter the activation code. Another problem with this software is I have a hybrid SATA and PATA system. For some reason the software (or maybe Windows) sees the PATA drives as primary when in reality a SATA drive is the boot drive.

Has anyone had experience in a similar situation and have any suggestions? Also does anyone have any example code for reliably retrieving the hard drive serial? I went over to Code Project (http://www.codeproject.com/csharp/hard_disk_serialno.asp) and found a nice article about finding the serial number. The big problem with this code is it sees my Zip drive as the first device and you may understand that this could be a problem. Any help or suggestions are welcome.

Has the computer to be on the Internet network in order the software to be used ? Or has it to be able to work even when disconnected from the network ?

What about logging the software into a Sql database. Once that software gets registerd it is logged on OS Processor type and IP address.

That's what I was thinking. However, this needs the computer to be on the public network, a standalone machine will not be able to connect to the Sql database.

hmm true. Unless you wrote into the application aswell once it was registered the info and have it encrypted so it couldnt be used on another machience

And, precisely, the very first question was : which info has to be written and encrypted ? This info has to be related to the hardware on which it is installed.

Why don't use CPUID instruction for getting the CPU serial number, stepping, ID string...? I guess there is a way for implementing such instruction in VB, or some activex control or dll..., well there must be a way.

Thank you for your great suggestions. The purpose of the application is to query remote Internet resources so in short it will be on the Internet at all times. I don’t think that using the IP address would be much good because the IP can change at any time. I used to have a DSL line that changed everyday. As for the CPU ID, it is also not a hard and fast rule. If you remember a few years ago Intel had a big controversy over enabling the ID on Pentium 4 chips. From that point on I think that Intel has disabled the ID.

I suppose the SQL database would be the best way to go but I have absolutely no experience with SQL and I would rather not go down that path, at least not yet.

Great response so far.

You could simply give each guy a serial associated to it's name and mail.
Then, your program can ask your computer if this serial/name/mail correct. if it's in your file, your computer says "OK" (it could simple be "grep password |grep name |grep serial |wc -l").
If your computer says OK, the program is activated. (for instance receiving a necessary myfile.dll.
If your computer says "NO", the fake dll file is not replaced by the correct one, and the program says "please ask a new registration from tansqrx.com

you could always try to use a ethernet controller MAC address. i used that for a program once and it worked ok, till someone wants to take out their lan card. but topday most lan cards are part of the motherboard so that isn't as much of an issue - till they take out the motherbaord!