I would like to add licensing system to application. For example: user buys license for 1 month and after that program expires (Kinda Anti-Virus style?).

Problem is that application is supposed to run in systems which may or may not be connected to internet, so how to protect from date-time changes?

Storing app startup and close times in encrypted file won't work as date can be changed (with program uptime of 8 hours per day, would be possible to extend license to almost 300% in ideal case - change time to app close time + 1 second before launching program).

Another question - is there any way to protect from software like http://en.wikipedia.org/wiki/Deep_Freeze_(software)? (maybe scan drivers?)

EDIT:
I'm currently using smart card to store licensing information and will use code virtualizer on critical functions (I know about making breakpoints on API calls and inspecting passed data - don't need to hide that data, just to ensure things go as planned)

Step 1: Create trial_tracker entry in an encrypted format in a windows registry and in file.

Step 2: Assign app install timestamp ( yyyy-mm-dd-hh-mm-ss ) to trial_tracker

Whenever app starts, check if current system timestamp is greater than trial_tracker and less then expected expiry date

• If yes, update trial_tracker to current system timestamp and continue.

• If no, trial_tracker has been tampered or trial time expired. Ask user to purchase full version or exit.

Note: User can get away with this by deleting windows registry entry and encrypted file.( if he is able to find them ). In such case, further checks can be added. For example create secondary windows registry entry which checks for existence of primary registry and encrypted file.

Along with these, additional remote checks can be applied which depends on internet connection ( optional )

Yes, it would be possible to extend the license by up to 300% but at great effort to the user. Frankly if someone is going to spend every day of a month resetting their time to one second after they quit your program before starting it again to use it longer, there is nothing you are going to do about it, and the time you take to stop them will cost you more than they ever will.

Reputable game development manager stated once in a conference that it's impossible to protect software for longer than a month even with internet connection - if your software is popular :-) So you can just write software that no one wants and it will be as safe as you want :-)))

If on the other side you write reasonably popular software then you couldn't care less if a small percentage of paying customers snitch some extra time - they'll renew a week latter anyway. If you really want to do short time licensing you have to put internet as a pre-requisite. It's still going to be cracked in a month if it's good for something :-) but paying customers will by and large remain paying customers with reasonably light enforcement.

If however you piss people off by doing intrusive and scary things then you'll loose paying customers and create much bigger motivation for ppl to crack it.

Create a windows service that gets installed with your app, but is auto-start. Keep track of elapsed time and offsets there. Provide an API for your app to talk to the service to query usage/elapsed time.

I assume the software phones home at least once to let you know the license key has been bought / installed / extended?

After the time has ran out since they bought the license key and they haven't purchased another you could contact them and ask them how they are getting on and to let them know they need to renew. If they do choose to abuse your system a simple call to chat about it may be enough to get them to stop.

Maybe you could combine the use of the date/time with the tick count? Then if you see a date/time with an incompatible tick count, you could flag that as a violation. This would change your worst case scenario to require them to restart the machine whenever they want to manipulate the clock to abuse your license.

From your program you create a log of time when the app is launched and exited.The log is encrypted and prevent the common user to trick its content.

With this log, you can see if time elapsed normally that is time goes to the future. If not then something fishy is occurring on this system. In this case display a dialog box with a phone number where they can call you.

You could also ensure via a data file that the program can run for one month only after that as the said data file don't contain the data to work for the following month, this requires an update.

The idea is that time is flowing linearly to the future, it can only increase the counter from the launch date and external data is required for the program to run in the future so you've created a dependency relationship on updates. This last strategy is what Microsoft and co used and they call it security updates / patches...

You shall decrease the time elapsed between checks. Instead of checking only at application startup and application shutdown, you shall check every 5, 10 or 15 minutes using a timer or a background thread. In this way the user cannot change time (because the software will stops in few minutes).

However, I'd prefer to pay a software that I need instead of not having the correct date/time on my machine.

Create a Windows driver that starts on boot, grabs the system date-time, and runs until shutdown, tracking the time independently from Windows [ sleep(1000); ++time; ].

When your application starts up, check that the service is running, and check the date-time! Compare it to the date-time you were installed on, and you can figure out if you've expired or not.

Note: If any application did this, I wouldn't install it in the first place. If I WAS tasked with cracking it, it would be trivial. There is no way to prevent reverse engineering. NONE. It WILL get cracked no matter what. And when it does, you're going to regret putting any time into this.

Enable Privilege Use logging (in the installation process) and then check for a time changed event in Windows' event log, as explained here:

http://www.stevebunting.org/udpd4n6/forensics/timechange.htm

You can then deduct the time difference from the license (rather than void the license, since some system clock changes are legitimate).

NOTE: This will not protect from changes of the system clock when changed from the BIOS.

You are putting too much effort in the protection itself.

Instead your trial software should contains annoying limitations that will not prevent your users to evaluate it but will certainly prevent them from using it for business.

Maybe you could offer this software as a service if you are so worried about enforcing the licence?

One way to do is to store the current time and date of software download in an encrypted file that should be used along with the package.

Another way is to store file in the user computer and keep checking with your hard coded date in the software with that file.