time limited trial ware's weakest link is always the information stored at install time/first run time: if you remove that, you can re-install whenever you want. you have a couple of options:
- hide it in the windows\system32 folder, in some file. For example you install a file and you don't uninstall that file. The filedate of the file can be used to check if the install was done previously
- hide it in the registry
- hide it somewhere else in a file.
Now, the windows\system32 folder is pretty weak, as it can be made read-only before the installer is ran and you can then check which files are installed.
In the registry is better, but you have to be sure that what you're storing is absolutely masked as something else. The thing is that you can run registry monitors during installation and during program startup which track which keys are created/read. So if someone uses such a tool, he gets a lot of output, most of it looks the same. Use that knowledge to your advantage. Though it's still not failproof of course.
decompilers will be used to see where what is done, so be sure a decompiler can't track your time checker code nor your code which writes to the registry.
The last point: wizards of oz who move back the time on their system. You can detect that by comparing file dates of files / registry keys you set, for example.
At the end of the day, your application will be cracked, you can be sure of that. The thing is that you should make that much effort to keep the average geek at the office puzzled how it's done. The people who know what they're doing will crack the protection so it's not worth your time.
I spend a lot of time to protect it, because I found it interesting. Though I also know someday someone will be able to crack it. As long as the programmer who gives it a shot during lunch isn't succeeding, it's enough IMHO.
