Before you dive into proprietary software, restrictive license agreements, and DRM I think you should take a look at the open source philosophy.

Whats there to take a look at? "Open Source" just about sums it up.

Here is a strategy I've been thinking about for a while.

Have the user download a downloader + installer. The installer gets the CPU id, turns it into a checksum (use some salt for added security), and sends it to the server as part of the download request. Have the server place this checksum into the program at a convenient location (like say the very end of your main executable)*.

When your program starts up read the CPU id and turn it into a checksum (with the same salt used the first time) and compare it against the checksum in your main executable.

Here is some code to read the last 4 bytes.

#include <iostream>

int main(int argc, char *argv[])
{
    std::ifstream exe(argv[0]);

    exe.seekg(4, std::ios::end);

    uint32_t storedChecksum = 0;

    for(int i = 0; i < 4; i++)
        storedChecksum &= exe.get() << i;
}

Edited.

Here is some code to get the cpu id from allegro.

#include <sstream>

...

check_cpu();

std::ostringstream cpuID;

cpuID << cpu_vendor;
cpuID << cpu_family;
cpuID << cpu_model;
cpuID << cpu_capabilities;

cpuID.str() <- Turn this into a checksum

_{* Be careful to write the checksum in an endian-safe manner if you still care about that}

The idea I'm after isn't to make it perfect. Mostly its so Jane at home who finally learned to send emails doesn't become my favorite redistributor.

This gets the job done cleanly, efficiently and without disrupting the customer's experience (ie. a CD key is highly annoying)

To expand on DDustin's idea, the key generation part could be randomized for every executable/installer pair via some preprocessor magic or otherwise. This will make a generalized crack much harder to create, since, if done correctly, this will require each executable to be cracked separately.

That would only work for a closed source program though... I am not too sure if it is possible to copy-prevent an OSS program. Personally, if I absolutely had to get money from my software, I'd keep it closed source for the first year or two, and then release it for free under GPL, like Id. (yay Id, my favourite company).

EDIT: A note however. If the user changes his CPU, DDustin's method will fail rather miserably, so it needs to be supplemented by something else, perhaps an installation key that identifies each purchase. It could be a 1000 digit code (sent via email) so that you would be unlikely to guess it, but at the same time it would serve as a good fall-back identifier.

What Thomas said.

Wow, a lot of people not actually answering the question.

Of course, completely preventing theft is unfortunately impossible, not attempting at all isn't really a good alternative. I say add what security you can, but don't waste too much time on the subject. The people who are good enough to hack it and/or take a hacked copy aren't really a part of the target audience. And, if people are willing to hack it and/or take a hacked copy, it means your product is worth their time. Then you have word-of-mouth advertising.

That being said, I'm no where qualified to offer any secure measures to helping prevent theft.

And all of the current alternatives only make it harder or more inconvenient for paying customers. None of them challenge the pirates, its largely a waste of time and effort for most software.

But Timorg does have a point, probably one of the most secure ways is to implement the important stuff server side, so to play say the multiplayer part, you need a valid account.

I just make the registration key from the users name + valid email.
That way they can spread the software, but they'll know that I can extract the email from the key of a pirated program. No point in making it hard for people to use.
If you really want to, use something like MoleBox with a hardware key generated from the users machine. But the user will have problems installing on a different machine.

At the end of the day, every scheme can be easily cracked with a good debugger. Even encrypted executables, needs to be unpacked in memory before being fed to the CPU and that way both the encryption scheme as well as the hardware key check can be found and worked around.

Alternative ideas from the past: Include huge book which you must look up for important game text (mostly for RPGs), include great physical content (maps, books etc) or as mentioned make a large part of the game online.

I'm not sure that modifying an executable file is a particularly sound way forwards. I'll wager that at least one of the realtime anti-virus programs will have something to say about it. And you need to do it before the executable reaches its destination, since a significant-enough-to-be-worth-mentioning number of people store those in read-only places and having a .exe modified while it is running is likely to trip even more antivirus programs.

I'd say that if you want basic copy protection then some sort of license key that incorporates some machine information and is stored in a proper preferences file (i.e. one stored wherever your OS says they should go, not DOS-style with the .exe - which doesn't even work on Vista) is probably all you can do. It'll mean that program files and license keys can't be redistributed. Someone will be able to crack it, but someone will be able to crack anything you do and this way isn't liable to trip antivirus software or do any of the really stupid Sony BMG-type things that have pretty much killed attempts at DRM on music CDs.

A decent door, secured windows, a burglar alarm and possibly a safe. Copyright infringement != theft.

I know well that A friend of mine told me that H20's cracks are far from being perfect, the cracked software usually doesn't work at 100% and you have to re-install it and re-crack it after every use.

In my opinion, hardware dongles are invasive but because of this they are perhaps the most effective anti-copy system.