The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

Make Trial Version

HI Guys,

me again, same topic.

If i want to make my app into a 30 Day trial.
what information should I store to verify dates?

just  the installation date?
is it better to set the date in registery? in a file on drive? both? and have one verify the other if one missing?

should i store the date using the installation program? or the first time my program runs?  probably installation ha?

but have app check to see if regkey is tempered with?  maybe an encrypted  hash verify?

Please.. help any tips or working expamples of tracking  days and usage count for the trial.

I already have a licensing system working where i will send the user a licnese file to store in the app directory..

I wonder how easy it would be for someone to reverse engeer and find and remove the licensing scheme?..   

does  Dotfuscator come with  VS.2005 Standard?    I cant find it.. where do I find it to obfuscate my program before release?

THanx..
sorry for the long post..  3:20am..  going right to bed.  will be dreaming of lots of replies to this post by morning :)
TrialLicense
Sunday, September 03, 2006
 
 
If you want to make your app into a 30 day trial, here are some suggestions:

1) Don't make the software quit after 30 days.  Programs that quit are easy to crack.  Programs that continue to function but don't give so many features are harder to crack.

2) Don't worry about anyone cracking your software.  If anyone has the intelligence to crack it they will put in their own lock and sell that, they are not going to make the crack freely available.  So even if your software is cracked it is not going to be spread widely.  Your objective in putting a lock is to prevent casual copying and giving the customer an incentive to buy the key.

3) Instead of depending on dates give the software with much reduced functionality, that will give full functionality once the key is given.

4) Sprinkle your code with asm int 3; and turn off optimizations (or the compiler will remove them).  These will make the debugger stop at each of these places and make decompiling harder. Make the software check itself for integrity so that it will work with reduced functionality if it is tampered with.
shankar Send private email
Sunday, September 03, 2006
 
 
"just  the installation date?"

Use the date of first program start. It is not uncommon for users to download and install at some point, and then due to unforeseen circumstances not needing to play with it well after that, maybe even 30 days later or longer. You don't want to upset these prospective customers.
Philipp Schumann Send private email
Sunday, September 03, 2006
 
 
"Don't worry about anyone cracking your software.  If anyone has the intelligence to crack it they will put in their own lock and sell that, they are not going to make the crack freely available.  So even if your software is cracked it is not going to be spread widely."

Are you serious?
Philipp Schumann Send private email
Sunday, September 03, 2006
 
 
You can't make absolutely crack-safe application. There is always be hackers that can break your code. Believe me, I have some experience in this area. It is much better to concentrate on following:

Write your code so it will be absolutely unavailable to create KEYGEN. Psychology of hacker is that your application is new barrier for hacker. He will analyze your code, cut your binary part where you are validating code and probably he get algorithm of creating valid keys. If hacker can create KEYGEN he wins the battle. But if hacker can only create a patch, or can buy one license of your software and spread this information around, then YOU WIN. Because as soon as you  find patch or publicly known license key for YourProgram v.2.4.5 then you can rebuild your product with some minor changes, block this bad license key and this patch or key will stop working.
It means that hacker needs to crack your application again and again for every new minor release.

What about storing time of first launch? I'm storing this information in registry in plain DWORD value. I'm starting to show annoying Nag Screen only after 5 day of unregistered usage. My thoughts are following: If user is smart enough to find my key in registry, start regedit, change/midfy my value, then he need to do it every 5 days. If he want to use product without nag screen, he must do registry trick every 5th day or he can buy a license key.

Just my 2 cents.
Pavel Vasilevich Send private email
Sunday, September 03, 2006
 
 
First of all I object to the abuse of the word "hacker" in this forum.  Please read what is a hacker here:

 http://www.catb.org/~esr/faqs/hacker-howto.html

The persons who crack a lock are called crackers and hackers want nothing to do with them.

Some more suggestions:

5) Make your program multi-threaded.  Multi-threaded programs are a royal pain to single step into even if the source code is available because each thread will be running at the same time even when single stepping.

6) Write your program in unmanaged code.  Unmanaged code like C and C++ are harder to convert back into english, the best that can be done is to translate them back into english assembly language.

See http://www.tbc.net/~clive/vcomwinp.html

Whereas managed code like VB, .NET, C#, pcode can be converted back into english that pretty much resembles your original source code complete with variable names though the variable names may not match.
shankar Send private email
Sunday, September 03, 2006
 
 
I use a license file and stamp the start date into the license file.  Of course the file is checksummed, etc such that it is quite hard to tamper with.  An enterprising user could just keep copying a new file in, but they'll have to keep doing it.  If the file is such that I can't update it (ie read-only, etc) then the file is totally ignored.
Doug Send private email
Sunday, September 03, 2006
 
 
>> 4) Sprinkle your code with asm int 3; and turn off optimizations (or the compiler will remove them).  These will make the debugger stop at each of these places and make decompiling harder. Make the software check itself for integrity so that it will work with reduced functionality if it is tampered with.

Huh??  No sane compiler will remove any inline assembly code.  And asm int 3 won't only make the debugger stop at each these places, but will also cause the app to CRASH at each of these places when running outside the debugger.  And it's trivial once the debugger stops at these places to replace them with NOPs.
SomeBody Send private email
Monday, September 04, 2006
 
 
try this

void somefunc()
{
try{
 asm int 3;
}
catch(...){
// your actual function code goes here
...
}
}

Compile this in VC++ 6.0 as release version and the compiler will remove the inline assembly as being unnecessary and then it will remove the try catch as unnecessary and your program code will never get called, it will be flagged as "unreachable code" if you use -W4.

And for your information the program will never crash as it the catch will catch all errors.

Infact my program has never been known to crash.  It will keep working even in the face of software bugs.  You should know how to use exception handling if you want to make your programs crash proof.
shankar Send private email
Monday, September 04, 2006
 
 
As for replacing the int 3s with nops I assume your program does some kind of self checksumming which will dedect tampering...???
shankar Send private email
Monday, September 04, 2006
 
 
Also note in the above function, if the int3 is noped the catch handler and hence your real function will never execute and will result in a demo version...... ok?  So it is not as trivial as it seems...
shankar Send private email
Monday, September 04, 2006
 
 
Oops... Actually you should use __try __except instead of try catch...

void somefunc()
{
__try{
  __asm int 3;
}
__except(1){
// your actual function code that checks lickey goes here
...
}
}

Even while single stepping, the actual function code is never called because the debugger will trap the int 3 and the except handler will never be executed which will result in a demo version...

Actually I tried just now, with optimizations on and the asm int 3 was not removed.. weird... Previously it was removed!! maybe it was removed when I used try catch...instead of try except ...???
shankar Send private email
Monday, September 04, 2006
 
 
"Infact my program has never been known to crash.  It will keep working even in the face of software bugs."

You are writing games, not something which uses a database and complicated structured user data, for which data integrity is important?
 
"Actually I tried just now, with optimizations on and the asm int 3 was not removed.. weird... Previously it was removed!! maybe it was removed when I used try catch...instead of try except ...???"

Ahh, I see, you know what you are doing. Fine. Could you please give me the names of your programs, so I can avoid them? Thanks.

Oops, there is a link behind your name. Very good. Accounting Software? YIKES!!!11!!one!!
Secure
Monday, September 04, 2006
 
 
"YIKES!!!11!!one!!""

I don't understand what you are trying to say.  At least I am trying to be helpful and I have the guts to be non-anonymous.

As for the try catch I found out that try catch (c++ exception handling) will not capture int3, it will catch every other error.  Whereas try except (windows exception handling) will catch all errors even int3.

As far as data integrity is concerned, my databases can repair themselves.  They can backup themselves and restore themselves.  If one harddisk goes bad the data will be automatically loaded from other harddisks, other servers and other physical branches in turn.

And yes my programs never crash.  You can avoid them if you want, the program is called "shankar software".  My programs never even corrupt the data, so data integrity is always maintained and my program will automatically repair the data in case of external corruption.
shankar Send private email
Tuesday, September 05, 2006
 
 
"And yes my programs never crash."
"My programs never even corrupt the data,"

Can you give a mathematical (or any other kind of scientific) proof for these assertions? Or are they assumptions of an over-self-confident programmer, only backed by anecdotal evidence in the kind of "It never failed so far, therefor it must be absolutely free of failure."
Secure
Tuesday, September 05, 2006
 
 
Secure wrote:
""And yes my programs never crash."
"My programs never even corrupt the data,"

Can you give a mathematical (or any other kind of scientific) proof for these assertions? Or are they assumptions of an over-self-confident programmer, only backed by anecdotal evidence in the kind of "It never failed so far, therefor it must be absolutely free of failure."

When I make the assertion that my programs never crash and my programs never even corrupt the data, I am depending on the design of my software to never crash my software and to never corrupt my data.

Let me explain:

For preventing my software from crashing ever, I have taken the following steps.  And I am telling you just the basics, a lot more thought and work is involved.

Q: When does a program crash?
A: A program crashes when it does something

Q: When does it do something?
A: 1) When some one asks the program to do something
  2) When some other program asks the program to do something.

Q on A1: How does someone ask the program to do something?
  A: When they click something or when the press some key.
  So to preven the program from crashing on A1 you surround your mouse processing function and your key board processing function with exception handling.
Example:
void  ActualMouseOp( HWND hwnd, int op, x, y )
{
// do what ever the mouse move/click/double click is supposed to do
}

void ProtectedMouseOp( HWND hwnd, int op, x, y )
{
__try{
 ActualMouseOp( hwnd, op, x, y );
}
__except(1){
}
}

Now your user can never crash the program using a mouse click because the program will always recover and continue from the _except handler of ProtectedMouseOp.  Guranteed!  Provided you never call ActualMouseOp directly.

Similarly surround your key handling functions with exception handling.

void ActualKeyFunk( HWND hwnd, UINT key )
{
// do whatever
}

void ProtectedKeyFunk( HWND hwnd, UINT key )
{
__try{
  ActualKeyFunk( hwnd, key );
}
__except(1){
}
}

Now no matter what keys the user may press your program can never be crashed by user keystrokes. Guranteed! provided you always route keys through protectedkeyfunk.  This is because the program will always continue to function after recovering at _except handler protectedkeyfunk.

Similarly, surround your paint function:
void  ActualPaintFung( HWND hwnd )
{
// do some painting
}

void  ProtectedPaintFung( HWND hwnd )
{
__try{
  ActualPaintFung( hwnd );
}
__except(1){
}
}

Similarly whereever some other program can ask you to do something you protect it:

void  ActualWndProc( HWND hwnd, UINT iMsg, WPARAM wparam, LPARAM lparam )
{
}

void ProtectedWndProc( HWND hwnd, UINT iMsg, WPARAM wparam, LPARAM lparam )
{
__try{
  ActualWndProc( hwnd, iMsg, wparam, lparam );
}
__except(1){
}
}

See no windows message can crash your program because it will always recover provided you set your windows procedure to protectedwndproc.  Guaranteed!!!

I am getting tired typing so much so I will end by saying you can even prevent data corruption by using a lot of asserts and raise exceptions and catching them in crash proof functions which will recover without corrupting the data.

Is that mathematical enough for you? or can you think of any event that can crash my program that I can't recover using exception handling?  Even software bugs will not crash the program because ALL errors will be caught by exception handling.

This is how you write crash proof, data corruption proof programs.

Next time don't make fun of people who may know more than you or you may not learn much.  I am not claiming to know more but then I never make fun of others even when they are badgering me.
shankar Send private email
Tuesday, September 05, 2006
 
 
To give a fair judging, I finally tried your software with the given example company. Thanks to VMware, without any permanent damages.

Personal opinion: The user interface is sheer horror, missing anything that could be called "style guide". But I won't judge this, I'm not your typical customer. As long as it works, fine.

So I tried the example company with chosing the Restaurant. After simply installing it and running it for the first time, the logs showed this:

client\system\lastlog1.txt:
1:Integer Divide By Zero
1:Integer Divide By Zero
1:Integer Divide By Zero

server\system\lastlog1.txt:
1:Integer Divide By Zero
3:Integer Divide By Zero
3:Integer Divide By Zero
32:Note 32:Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Translated: The process can't access the file, because it is used by another process.
This message is repeated a lot of times while the database (or whatever) is generated with the percentage counter.

The asserted crash-freeness and data-corruption-freeness aside, would you not agree that it would be a much better idea to find and eliminate the sources of these bugs, instead of effectively hiding the symptoms away by a perfect exception system?

I mean, it was the default install, I didn't change anything, and it was logged. The zero-divisions are the very first entries of the logs. But you simply ignored them. Now tell me one single reason why I should TRUST your assertions?
Secure
Tuesday, September 05, 2006
 
 
"client\system\lastlog1.txt:
1:Integer Divide By Zero
1:Integer Divide By Zero
1:Integer Divide By Zero

server\system\lastlog1.txt:
1:Integer Divide By Zero
3:Integer Divide By Zero
3:Integer Divide By Zero
32:Note 32:Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird"

As I said the try catch c++ exception does not catch int3 so I worked around that by using divide by zero. What you are actually seeing here is that the software is calling the self integrity checking functions by the convoluted method of executing divide by zero and even that has not crashed the program.

As for the "The process can't access the file, because it is used by another process" it means that the file (or more probably the registry) is not accessible probably because the server is being made to run under a user account that denies it the access of that file or registry key.

No you don't have to trust my assertions, I didn't ask you to.

Thank you for trying out my software, and for giving your opinion about my program's user interface.  Now if you can give me any feedback (on my site or here) on how to improve it I would welcome it.

Thank you.
shankar Send private email
Tuesday, September 05, 2006
 
 
"Thank you for trying out my software, and for giving your opinion about my program's user interface.  Now if you can give me any feedback (on my site or here) on how to improve it I would welcome it."

There is only one serious solution for this: Completely burn it down and rebuild from scratch. Give it the look and feel of any other Windows application. Separate the long flows of help texts from the input boxes and the buttons mixed into them. Anything, but not these nested tabs with this confusionized interiour you have to scroll on smaller display sizes.
Secure
Tuesday, September 05, 2006
 
 
Thank you for your feedback but I can't do that because it is something that you should never do ie "rebuild from scratch".

Please read "Things You Should Never Do, Part I"
By Joel Spolsky:

 http://www.joelonsoftware.com/articles/fog0000000069.html

Thank you for your constructive criticism.
shankar Send private email
Tuesday, September 05, 2006
 
 
shankar, you are advocating security through obscurity.  It's not difficult to patch your executable to remove the breakpoints and skip the integrity check, at which point your code is putty in a hacker's hands -- all the more so if you've compiled without optimisations, since that means that everything it does will be done in a more obvious way with less clever use of registers etc.

By the way, how do I uninstall your software?  It appears to have installed a service on my computer (without asking for my permission first), and it appears not to have registered an uninstaller of any sort.  This is really rather rude behaviour in an _evaluation_ version, which by definition should be easy to remove if one decides not to purchase the software.
Iago
Tuesday, September 05, 2006
 
 
"Thank you for your feedback but I can't do that because it is something that you should never do ie "rebuild from scratch"."

I'm talking about the user interface only, of course. Or did you interlock the business logic with the UI layout and logic in such a convoluted way that there is no way of changing anything?
Secure
Tuesday, September 05, 2006
 
 
The uninstall program will be available in the "Add/remove programs" in the control panel. Under the name of the configuration that you chose.  If you can't find that you can open a command prompt and go to the "program files\shankar27_3_0\client directory and type shankar /u.

Thank you for trying out my software and sorry for your trouble.

Thank you.
shankar Send private email
Tuesday, September 05, 2006
 
 
By the way, this is my last post on this forum or any other forum.

I am done with trying to help people.

Does anyone even thank me for trying to help?  Even TrialLicense?

Does anyone here appreciate me (let alone say it's brilliant) for pointing out a way to make your programs crash proof?

Maybe I am thin skinned but it has really hurt me that my suggestions have no value and is even considered dumb.  Even my software is considered dumb and worthless.  I am going back into my cave and if you have any further issues you will have to visit my website and send me email to contact me.

And did I ask anyone here to download my software?  Did anyone ask my permission to download my software?

Don't think that I will give up programming my software even if you think it is dumb.  I have been working on my software for the past twelve years from feb 1994.  And I will be working on it for atleast the next twenty years because I love programming it and I love the interface that I have created and my users love it too or I would have changed it.  I read up constantly on programming and user interfaces and I will continue to do so and improve my dumb software.

Though I am done with participating in forums for ever.  Anyway I am too busy programming to visit forums.  This was my first programming forum and my last.  I participated because I loved all the Joel's essays and I read the complete archive.  It took me 4 days of non-stop reading.

Good bye for ever.
shankar Send private email
Tuesday, September 05, 2006
 
 
"And did I ask anyone here to download my software?  Did anyone ask my permission to download my software?"

What exactly did you expect when providing your software for a free, uncontrolled download on the Internet? Did anyone ask you to do this?

When you release something to the world, be it some piece of software or some text in a forum, then the world will react to it. It may simply ignore you -- don't overestimate yourself and your meaning and importance. Personally, I even don't expect an answer when I'm posting something here. It doesn't stop me, of course.

If you release something bad, it will be criticized. Even if you release something good, there are always people who will criticize it, nonetheless. This is the way it is -- no chance to change it. If you can't live with this, and if you can't see the positive aspects of criticism, then yes, maybe it is the best idea to never release anything again to the world. It is your own choice, and I don't suggest it.

Anyway, thank you for an inspiring discussion.
Secure
Wednesday, September 06, 2006
 
 
can any one tell how to make the trial version of the software that i am having? it will be automatically uninstall after 15 days.

i have made the project in c#.net.

bye
Avinash Send private email
Wednesday, September 20, 2006
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz