EXE Expiration

[GalacTekM]

I have an install that i have setup so that it expires 5 days after the first time it has been run. I read in the help file that is stores the first date run in the registry. My question is where in the registry is this information stored? Thanks

[jassing]

Quote:

Originally Posted by GalacTekM

I have an install that i have setup so that it expires 5 days after the first time it has been run. I read in the help file that is stores the first date run in the registry. My question is where in the registry is this information stored? Thanks

I could tell you but then the eval you have would be extended.... ;-)

[GalacTekM]

Not sure what you mean. I have a registered copy of Setup Factory, not an evaluation.

This is for a setup that i created for our clients. The purpose of it is to use a command line to bypass licensing on our medical billing software for a period of 5 days while they are having the licensing device (sentinel) serviced. If by chance it takes more than 5 days to service the device, i would like to be able to modify the registry entry to extend them by a few days.

[jassing]

The SUF "expire install" security is for the INSTALLER only, not your application.

besides, the installer processes the security stuff before it hands off to "On Startup" so passing a parameter to it won't do you any good; the installer would never "see" your parameter.

[GalacTekM]

But it's not a "installer".

All my EXE does is start our program with a command line switch, nothing gets installed. So instead of going into the customers existing shortcut and adding the command line, all i did was create an EXE that runs our software with a command line so that our clients cannot right click on a shortcut and find our command line switch to bypass licensing.

So inessence i basically created a wrapper to run our EXE to hide our command line switch.

[jassing]

the SUF exe's SECURITY (aka: 5 days) would process any command line switches if it's internal security passes...

also; it's so trivial to use readily available tools to determine a command line switch, the security itself is pretty low...

Just send them a new "wrapper" exe that has a different key...
if you tell them where the registry entry is; then all they have to do is instlal it on other machines & zap the registery every day...

So to recap: passing a command line switch to SUF won't help once SUF is expired; as suf will never "GET" the switch (to disable it)
I think you're best approach from an appearance of security would be to send them a new wrapper with a new GUID for the "Unique Product Identifier"

[pww]

if I correctly understand, you have a dongle protected software which can be started with a command line switch that makes possible to bypass the dongle protection. Is it so?
If yes, this looks quite insecure for me.
I would remove the option to bypass the dongle. As users know the software can be used without a dongle, they will quickly find how to do that. Probably in less than a day. Let them wait for the dongle, maybe offer an express delivery at extra cost.

As for finding where in the registry expiration data is stored, that's easy. Stop all running apps, make a registry snapshot, immediately afterwards run the time limited installer, and immediately afterwards make a second snapshot. Then compare both snapshots and you'll see what has changed. There are plenty of tools you can use for this

[jassing]

You're right; having a way to easily bypass the security is senseless. The idea of sending out a new "5 day use" shell would at least make the users feel like they were actually getting what they paid for...

But, since we're dishing out the info on how to find it....

one is HKCU\software\microsoft windows\currentversion\GUID

There's a couple of others depending on what type of security you picked...

Next -- how to find out the comamnd line -- go to sysinternals.com and grab cmdline.exe or ProcessExplorer.

For cmdline.exe
Wait until the "protected" application is runing -- then, from a dos box:
cmdline >cmd.txt
notepad cmd.txt

now search cmd.txt to find the apps executable -- it will show the command line parameters.

For Proccess Explorer (ProcExp)
Wait until your "protected" application is running; launch ProcExp
Drag the "Target" icon over to your application.
The application is now highlighted in the task lists; double click on it.
select "Image" tab
Note the "Command Line" box -- there you have the parameters to bypass the dongle security indefinately.

Getting around "screen door" type security is always trivial.

[GalacTekM]

Our client base is not tecnically inclined. It consists of doctors and office staff, most of which have limited computer skills.

You guys are digging way too deep into this. I know its not the most secure way in the world to go about it but it gets the job done. All i asked is if anyone knew what the registry key was.

As for having a way to bypass the security being senseless. How would you feel if you purchased some software with a dongle and for some reason the dongle failed and you were down until a new dongle was sent. This bypass was put into place so that clients can continue to run their practices while the dongle is being serviced. The command line we use gets changed frequently, all i am trying to achieve is hiding it. If someone wants to take the time to try and crack it, fine. It'll be changed within a month or two anyway.

Thanks for the assistance you provided, i sent a support ticket to Indigo Rose who supplied me with where in the registry it is set.

Cheers

[jassing]

I thought I gave you where the key is --

look -- get your "Unique product identifer" from the security tab.
Now search the registry on a system you've installed it on.
Presto -- there is the registry key.

Not very difficult; especially when you knwo the key ahead of time.

[GalacTekM]

I apologize. I have not used this feature in SF before so i was not clearly understanding what you meant by the "Unique Product Identifier".

Thanks again

[jassing]

But you have it now?

[GalacTekM]

Yes i have.