There's another thing I haven't seen mentioned yet : You could add loads of settings to the applications' configuration file, and start with ridiculous defaults. Then do the installation & configuration personally, so no-one but you is able to figure out how everything should be set. This can be a mayor put-down for people that are just trying out if a copy is enough. (Be sure to add settings that depend on all sorts of system-settings, like OS-version related DLL-versions that should be loaded, etc). Not very user-friendly tho ;-)

We adopt a license bound to a component approach. With the component being either an IP/MAC address or machine ID. So the app will only operate if the key and component are valid. Yes, the app can be copied, but it simply wont work without a new key as the component will have changed. We generally use our own generated machine ID and our own keygen, which inlcudes an optional expiry for demo periods.

Users are forced to 'phone home' in order to license their software with us. Given the nature and value associated with our products, this approach works well for all concerned.

Don't do this, don't attempt it, don't even think about it.

This is a battle you can't win. If people want to pirate your software they will. You'll be shamed by the fact that a smart reverse engineer can write a one byte binary patch to subvert all your protection schemes.

The people who are going to pirate your software will do so and all these "security features" you build in will likely end up only inconveniencing your true supporters: the people who have legitimately purchased your software. These draconian DRM / anti-piracy schemes only build resentment among software users.

There are several approaches you could take, but there are three that will be vastly more effective that any of the others.

A. Don't create it.

Software that doesn't exist never suffers from unauthorized use.

B. Don't release it.

If you have the only copy, and you keep it that way, then the chances are exceedingly good that there will be no unauthorized use.

C. Give everyone permission to use it.

If you don't want anyone to use it without permission, then you can give everyone permission and there will be no unauthorized users.

There is a possibility to trace the usage. You can accomplish this by letting phone your tool home and send the information you need. The problem with this is, that first nobody likes software that phones home for this purpose and second with a simple application-level gateway you can block the application to phone home! What you describe in your question is a common problem of software-distributors and it's not an easy one to solve!

Hardware dongles are the best way if you are really concerned about piracy IMO. Check out the big industrial CAD/CAM packages worth thousands or tens-of-thousands, or the AV/Music production software, they virtually all have dongle protection. Dongles can be emulated or reversed but not without a significant investment in time, a lot more than just changing a few JEs to JNEs in your assembly.

Phoning home is not the way to go unless you are providing a service that requires a subscription and constant updates (like antivirus products, for example) as part of your business model. You need to have a bit of respect for your users and their privacy. You might have perfectly innocent intentions but what if a court ordered your company to hand over that information (like the US government is doing with Google and its search terms) - would/could you fight it? What if you some time in the future sold your company and the new owners decided to sell all that historic information to a marketing company? Privacy is not just about trusting a company not to abuse your data, it is trusting that company to go out of their way to protect your data. Which is pretty far down the list of priorities for most companies. So basically, the monitoring users thing is not really a good path to go down.