Magnum One

home *** CD-ROM | disk | FTP | other *** search

/ Magnum One / Magnum One (Mid-American Digital) (Disc Manufacturing).iso / d2 / serlyz03.arc / QBSERLYZ.DOC < prev next >

Wrap

Text File | 1989-11-13 | 44KB | 1,058 lines

QBSerlyze Version 1.04 Program Serializer for QuickBASIC Programs Copyright InfoSoft 1988-1989 1.0 Introduction Serialized .EXE program files have generally been difficult to impossible to do for programs written in QB simply because the QB compiler lacks the ability of compile time variable definitions. The basic alternative was to debug or 'hack' up a master copy for each user that registers a copy of your program or to recompile with a new variable assignment. QBSerlyze provides complete and professional serial numbering support for QB and includes extensive validity checking. Whereas even some commercial programs allow you to alter (change or even remove!) the serial number display, QBSerlyze performs some rudimentary encryption of the serial number as well as checking the validity at runtime. This allows you to stop the system or issue warnings when the serial number has been altered. The encryption and checking are not fool-proof (very little is these days), but is designed to be as close to that as possible with a minimum of overhead. The serial string is embedded and protected on several levels: First, the serial number is encoded, so that if the serial number is "12345", it takes more than simply loading a byte level editor and doing a search for "12345". The theory here being that if they can't find it, they can't change or remove it. Secondly, should a devious (yet talented) person find it, the number they substitute for your valid number may not be a valid serial number and your program can verify the validity at run time! This level also helps preclude someone from typing in an incorrect serial number (or simply mistyping it) when serializing. Thirdly and finally, should they successfully patch a serialized program with another valid serial number, the internal validity checking would identify that the serial string has been modified since it was installed. QBSerlyze support functions are extremely flexible allowing the serial number to be installed or locked into your program in a nuber of ways. One method allows an 'install' sub routine to embed the serial number into your EXE, or you can link this function into your program so that the first time your program is run, or in response to a /REGISTER or /INSTALL switch, your program serializes itself! Copyright InfoSoft 1988-1989, 1990 2.0 QBSerylze Files QBSERIAL.EXE - An external 10k program you can distribute with your program(s) to embed a serial number you assign to a registered user or program. This is ideal for larger programs where you prefer not to link in the code to embed the serial number to your program since it is called only once. QBSERLYZ.EXE - An alternative to QBSERIAL.EXE that requires the user to acknowledge certain licensing terms before the program is serialized. QBSER.OBJ - A callable QB subroutine to embed a valid serial number into a EXE. This perfoms the identical function of QBSERIAL.EXE except rather than an external program doing the serializing, your program can serialize itself. Using this method requires that your program run under DOS 3.0 or above, however. Note that since the disk EXE file is serialized this cannot be called from inside the environment. SERNO.OBJ - These are simply assembler support files for the various functions. QBSERGEN.EXE - This simply generates valid serial numbers within a range you specify. More on this later. 3.0 Serial Number Format As of version 1.04, QBSerlyze supports 4, 5 or 6 digit serial numbers. This allows maximum flexibility, such as in supporting different versions, product lines or batches, QBSerlyze encodes a serial number and registration name into the EXE file, are in the following format: vvv-ssss[s[s]] <5 to 32 character Registration Name> vvv - The version number you define or assign. ssss[s[s]] - The actual serial number from the QBSerlyze generator. Valid serial numbers can be in the form 4, 5 or 6 digits. The registration name would hold the name of the license holder. We will refer to the complete number (vvv-ssss) or string as the Serial String, the vvv as the Version Number and ssss as the Serial Number, the complete string of embedded information (including the name) will be referred to as the registration string. Copyright InfoSoft 1988-1989, 1990 The information embedded into the EXE file also contains a registration string or name. That is, the information locked into the EXE is would be on the order of the following: 101-12345 Bob's Lava Lamp Emporium The registration name string is limited to a minimum of 5 and a maximum of 32 characters. This name is encoded like the serial string is and protected by a CRC algorithm so that changes can be detected at runtime. 3.1 Version Number The version number need not refer to an actual version of your product (though it can), but can be anything you care to represent in 3 digits. For example, your FooBar program might be coded as "101", FooBar Deluxe as "201", and FooBar Deluxe Plus as "301" and so forth. This could alternatively represent "batches". Once you have sold so many registrations that the number of valid 4 digit serial numbers is exhausted, the FooBar version number could be incremented from "101" to "102" you could then reissue all the valid 4 digit serial numbers. Or the version number could be meaningless - it is up to you. The serial numbering and checking algoroithms check the entire 'packet' of registration information: the version number, serial number and name the program is registered under. While there is no validity check done on the version number (the QBSerlyze routines have no idea of the algorithm you are using when assigning them), at installation or when serializing, the QBSerlyze routines will encode the version number and once serialized, any changes or tampering with the version number, serial number or registration name will be detected. However, only the actual serial number is checked at install time for validity, if the end user embeds a nonsence version number, QBSerlyze will have no way to tell this. NOTE: While it is up to you WHAT the version number identifies, it must be listed or passed to the installation routines or an error is reported. 3.2 Separating dash The separating dash is required, though for no particular reason except maybe to make it explictly clear where the version number stops and the serial number starts. The installation and some parts of the checking algorithms will report an error or invalid serial string if there is no dash present. Copyright InfoSoft 1988-1989, 1990 3.3 Serial Number The serial number portion of the string is where the serial or program control is. QBSerlyze supports 4, 5 or 6 digit serial numbers, that is, VVV-SSSS VVV-SSSSS and VVV-SSSSSS are all valid serial strings, and are the ONLY valid serial number string formats. Where you have total control over the version number, you have little control over the serial number. These are generated according to a specific algorithm so that EVERY 4, 5 or 6 digit number is not a valid serial number. This allows the QBSerlyze routines to check the validity of an alleged serial string at run-time and when being installed. Four digit serial numbers range from 1000 to 9999, five range from 10000 to 99999 and 6 digit serial numbers range from 100000 to 999999. In the four digit realm there are 296 valid serial numbers, five digit has 5432. The six digit realm has 5500 valid serial numbers in just the first 100,000 numbers (100,001 to 200,000) Although the validation algorithm is different depending on the number of serial digits, you should be aware that if you issue a valid 5 digit number to someone, the install processes WILL allow them to install a valid 4 digit one should they happen upon one, or know one from a different product line. The install program/sub routine have no way of knowing which serial number format you intended. The chances of a five digit serial number being mistyped (by dropping one of the characters) and that resulting 4 digit code being valid are slim. That is, if you issue ABCDE, the chances of ABCD or BCDE being valid 4 digit serials are slim. Should that person contact you for support and you ask for the serial string, you would likely recognize the problem or error based on the version number and the combination. When embedding the registration string, all the QBSerlyze methods of serializing, check the serial number portion to see that it fits the serial number algorithm before encoding and embedding the registration string, so that an invalid serial number will not be placed in the EXE file. Additionally, the QBSerlyze support functions will detect a change to the registration string once serialized (at runtime). Copyright InfoSoft 1988-1989, 1990 3.4 Registration Name The registration name allows for 5 to 32 characters to be embedded into the EXE file. Like the version number, QBSerlyze has no way of knowing if the registration name entered is valid, but once installed, it cannot be changed without detection. The only way to alter this would be to re-install the entire registration string to a pristine copy of your program. When serializing, the Registration Name is also encoded like all other parts of the Registration String, and changes after that are detected at run-time. However, there can be no way for the QBSerlyze routines to verify the Registration Name, eg entering Santa Claus as the Registration Name. Since there is now way to change the name except to reserialize it from a pristine copy of the program such as the distribution diskette, you can discourage such false names by displaying the serial number. After all, who really wants Mickey Mouse or Santa Claus showing up on the screen as the person the program is registered to every time the program is run? Alternatively, if you perform the serialization of the program according to the order form, all this becomes academic. 4.0 Generating Serial Numbers - QBSerGen QBSerGen is a utility program for the publisher or developer to aid in identifying valid serial numbers in a given range and/or realm. Since there are a fixed, finite number of valid serial numbers in the respective realms of 4, 5 and 6 digits, QBSerGen will list those valid ones to the output device of your choosing. The syntax is: QBSerGen <Size> <StartNo> <StopNo> <S | F | P> SIZE is the realm to use. Enter 4, 5 or 6 only as the size of the serial number to generate. STARTNO the first number to start with. Since the 6 digit realm contains so many valid numbers, you may want to generate these a little at a time. StartNo must have at least SIZE number of digits in it. That is, 999 is too low for the 4 digit realm. STOPNO the last number to test or scan as fitting the algorithm. OUTPUT output can be sent to the Screen, File or Printer. You need only enter S, F or P in any case. File output is sent to QBSER4.LST, QBSER5.LST and QBSER6.LST depending on SIZE. Note that these files are OVERWRITTEN if they already exist, this should be of no concern since the same serial numbers are always generated. As you will see later, File output is by far, the most usefull and flexible. Copyright InfoSoft 1988-1989, 1990 When QBSerGen is done, it 'stamps' the number of valid serial listed, and the last number tested to the output device/file (screen, file or printer). Regardless of the output mode, pressing ANY key while QBSerGen is working will halt the process. When this happens the last number tested is stamped to the output device/file. Note that QBSerGen only generates the serial number and has nothing to do with the version number you may choose to prefix it with. Example: QBSerGen 5 10000 90000 File Lists all valid 5 digit serial numbers found between 10000 (the lowest possible) and 90000 (90001 to 99999 are not screened) and output is sent to QBSER5.LST in the default directory. If your customer database program reads or accesses the list of serial numbers, take care that you do not overwrite file lists in use with a new one! 4.1 QBSerGen Lists and usage The output list from QBSerGen (in file mode) can be used in many, many ways. First, the format is such that LINE INPUT or INPUT can be used to input them into your customer database program. The flexibility of this is incredible: * Your customer database program could read in the list, prefix each serial number with the version number and dash, and print out notes, letters or cards identifying the serial number. Eg: +-------------------------------------------------+ | | | NOTE: Your FooBar serial number is: | | | | 123-4567 | | | | DO NOT LOSE THIS NUMBER! | | YOU WILL NEED IT FOR UPGRADES AND SUPPORT | | | | To take advantage of the features of | | FooBar Deluxe, type: | | | | FooBar /Register <your serial number> | | | | and FooBar will then be fully registered | | and the Deluxe features will work. | +-------------------------------------------------+ At this point, you simply enclose the note with your 'standard' disk and let THEM do the installation. Copyright InfoSoft 1988-1989, 1990 * Alternatively, if you choose not to use the standalone serializer and prefer to have the program serialize themselves, you could easily have your INSTALL sub program print out such a note. * An intermediary program could convert the list to a "blank" random file where only the Serial string is filled in. When filling an order for your product(s), your database program does a GET from the blank serial number file, you fill in name etc, and then the database program could generate a note like above, but WITH the customer name and number on it. Be sure to delete or mark the used blank serial number record as "issued" so that you do not issue the same number twice! * If your text editor can do block moves and fills, you could edit the list(s) to prefix the version number to each, or make product based lists. Prefixing "1234" with "101-" could be stored into a list of valid FooBar serial numbers, adding "102-" and storing in another creates a list for FooBar Deluxe. * Your database or other program could then scan that list to verify the serial string given on an upgrade request or when verifying a customer's request for phone (or other) support. Contrast this to looking the number up on a list - especially the 5 or 6 digit ones! * Alternatively, you could key in a customer name etc, get a valid serial string and SHELL to QBSerlyze and do the serial number embedding for them, thus precluding the chance that fake or goofy names be embedded by the end user. In this case, we would read the entire list of serial numbers from the .LST file into a fixed length string array, and then write it back out to the same file from the first unused array element. Doing this, we would only generate the 6 digits ones in blocks of 5500 or so by using a range of 100,000 (100000 to 199999, then 200000 to 299999 etc) so that only a manageable number are on disk at a time. These are only a few of the ways that you can use QBSerlyze to make your life easier as the support/developer side. The amount of time it saves you in registering disks or programs is limited mostly by how you incorporate QBSerGen lists into your support program(s) or database. Copyright InfoSoft 1988-1989, 1990 5.0 QBSerlyze Stand-alone support programs There are 3 standalone QBSerlyze programs that support the QBSerlyze scheme. The first, QBSerGrn is covered above and is used to generate valid serial numbers in a range. The others are used to actually serialize the program. As noted above, there are 2 ways to actually, physically serialize your programs. The first is to use QBSERIAL.EXE or QBSERLYZ.EXE, the other is to link in QBSER.OBJ. These all perform the same technical function of embedding a valid serial string into your program. The difference is that QBSERIAL and QBSERLYZE are PROGRAMS that serialize your program, where QBSerInstall is a called ROUTINE in QBSER.OBJ that allows the program to serialize itself. There are advantages and disadvantages to each. 5.1 QBSERIAL.EXE QBSerial is a command line driven program to embed the serial string given on the command line into a file. The syntax is: QBSerial <prog name> <serial string> <Registration Name> QBSerial DOES check the string prior to embedding it to see that it is valid. As noted earlier however, it cannot know whether you intended a 4, 5 or 6 digit string be entered. If valid, the serial string is encoded and embedded in the file. Note that the file to be serialized can only be serialized ONCE, if a person mistypes something, it would have to be re-serialized from a pristine copy. The advantages to QBSerial are that the code to do the embedding is kept external from your program. Since it would only be called once, it is kind of a waste of code and data space to be in the EXE file forever (the inline, callable version temporarily uses a little over 2k of string space but frees it up before completion). Within in the QBSerial version 1.xx range, I promise NOT to change the serial encoding algorithm so you would need to re-distribute QBSERIAL.EXE only once per customer (until version 2.0 is released). The disadvantages are that QBSERIAL.EXE could get lost or deleted and the user would then be unable to re-register backup or original copies, and finally, QBSerial heralds the InfoSoft copyright which may or may not bother you or confuse your end user. Note Well: Given the drawbacks of people entering nonsence as the version string or registration name, and the (however slim) possibility of a mistyped-yet-valid serial string, the only way to BE SURE that the correct information is entered is for YOU to enter it into your product before shipping. The drawback to this the immense amount of valuable time this can consume. The compromise is to modify (or write) your customer database program to 'hook' into the serial list you are using and SHELL to QBSERIAL.EXE to do the embedding. Copyright InfoSoft 1988-1989, 1990 5.2 QBSERLYZ.EXE QBSerlyz.EXE has the same syntax and performs the same identical function to QBSerial.EXE except that it is a Verbose or Terse type approach. Before the subject program is actually serialized, the user is asked two questions: "Have you read and do you understand the terms of the licensing agreement for <prog name> (YES/NO)? " "Do you agree to abide by, and be bound by those terms (YES/NO) ?" The person performing the installation must answer "YES" or "yes" to both questions ("Y" and "y" do not cut it!), or the serializing aborts. This is provided mostly as a service to fully commercial developers who may choose to require such terms be agreed to before the program be registered. If you do not supply a written licensing agreement with each and every disk, you should not use this method of serializing. The advantage of this serialization method is clearly that you get explicit confirmation of the user's intent to abide by your terms before it is registered and/or registered features are enabled. The disadvantages of the method QBSerlyze are the same as QBSerial, although for a reasonable sum, I will customize QBSerlyz for specific licensing agreement messages and alter the InfoSoft copyright herald. Again, this will be mostly of interest to fully commercial developers (or very, very serious shareware ones!). 5.3 QBSerInstall The last method of embedding the serial string is to allow the program to do it to itself. By calling QBSerInstall, FOOBAR.EXE can serialize itself. This self installing routine is in the object module QBSER.OBJ. The syntax is: errc = QBSerInstall%(serial$, RegName$) Your program will have to fetch the serial$ from the command line or get it as input from the user to pass it to the routine. The function returns a variety of error codes: 0 = Installed ok -2 = Invalid serial number -4 = QB.EXE is loaded (cannot install into a EXE from the environment!) -5 = Cannot serialize - Too many support copies appear linked (SERNO.OBJ) -6 = Cannot serialize - Cannot find support module, or already serialized. Copyright InfoSoft 1988-1989, 1990 The advantages of this method are that there is no need of an external serializer program, but on the other hand, the code used to serialize itself is used only once, but remains in the program forever. This internal method is slightly slower than either external method, and is considerably bulkier since additional checking must be performed to ensure that the process aborts if QB.EXE is loaded. Note that this method requires DOS 3.x+ at run time. QBSERIAL.EXE and QBSERLYZ.EXE do also, but that has no bearing on what DOS version your program runs under. Immediately after calling QBSerInstall, remember that the returns from the QBSerlyze support functions (see below) will not be valid until NEXT time the program starts. This is because when a program loads into memory a COPY of the disk form is loaded - after calling QBSerInstall, the disk form is indeed, serialized, but not the one in memory! If the return from QBSerInstall is ok (0), then you can simply terminate the program or force a variable TRUE. Eg: IF INSTR(COMMAND$, "/INSTALL") THEN ' requesting install GOSUB GetRegName ' perform serial name I/O errc = QBSerInstall(Serial$, RegName$) IF errc = 0 THEN Registered = 1 ' or to force a restart: ' PRINT "Serialization Complete. Restart program." ' SYSTEM ' or if you have GLIB: ' errc = PrgName(myname$, los) ' get EXE program name ' myname$ = LTRIM$(RTRIM$(myname$)) ' trim it ' RUN myname$ ' run it allowing for paths ELSE GOSUB PrintCorrectSyntax SYSTEM END IF END IF A further warning is that you must decide at compile time whether to use the external serializing method (ala' QBSerial or QBSerlyz) or the internal one (QBSerInst). You cannot link in QBSER.OBJ and still use either external method for serializing as the external programs will be confused as to where to store the serial number. Additional LINK time instructions are provided in Section 7.0. Copyright InfoSoft 1988-1989, 1990 6. QBSerlyze Runtime Functions Once your program is properly serialized, it can begin to use the returns from the QBSerlyze support functions at runtime. A series of functions are provided to query the QBSerlyze status: SerialInst% SerialValid% SerialGet% SerNameGet% Name: SerialGet Type: FUNCTION Syntax: errc = SerialGet%(serial$, size) This polls the QBSerlyze system and returns the complete serial string embedded and the size code. All the runtime support systems are written in assembler, so you must initialize serial$ to SPACE$(4 + SIZE), where SIZE is the size of the serial number (4, 5 or 6 for a total of 8, 9 or 10 spaces) - the additional 4 is to allow for the 3 version number characters and the dash. Upon return, this will fill serial$ with the entire serial string (serial number AND version number), size% will return the number of serial digits embedded (ie 4, 5 or 6 - NOT including the 4 characters in the version number and dash!). This allows your program to verify the SIZE code at runtime also. Note that in the interest of speed, the serial number is not validated with this function. In fact, the only need for this routine is if you wanted to display the serial string upon start up or in an error message such as PRINT "Serial number "; serial$; "; is inavlid!" or in reponse to a user keypress request to display the serial number for verification. That is, there is no need to actually get or display the serial number in order to use and act on the QBSerlyze system. Error code returns possible are: 0 = serial string appears OK -2 = program not serialized -3 = serial$ too short -7 = invalid size (ie not 4, 5 or 6) Copyright InfoSoft 1988-1989, 1990 Name: SerNameGet Type: FUNCTION Syntax: errc = SerNameGet(RegName$) This complements the SerialGet routine by fetching and decrypting the name to whom the program is registered to. The string variable RegName$ must be initialized to 32 spaces to allow for the maximum possible length to be fetched. As with the other QBSerlyze support routines, this only decodes the string if the program is serialized, it does not check whether the string has been altered. This function is only performed by SerialValid. Possible errc returns: -2 = Program not serialized (RegName$ not filled). -3 = RegName$ too short or null. Only as much of name as will fit is returned. Name: SerialInst Type: FUNCTION Syntax: errc = SerialInst% This polls the QBSerlyze system and returns a code indicating whether a serial number is embedded or not. If not, the return from SerGet can be considered invalid and/or garbage. This too, does no validity checking only installation checking. Return codes: 0 = Installed -2 = Not Installed Name: SerialValid Type: FUNCTION Syntax: errc = SerialValid% This is the function onto which you can hang many program hooks. It returns a code indicating if the embedded serial number is valid and/or unaltered. This checks the version number, serial number and registration name to see if they have been altered since installation. Using this function allows you to determine if a call to SerialGet is worthwhile. This function is not inherent to SerialGet and SerialInst to keep the number of times that the decrypting and validation testing code to a minimum thereby making the whole process harder to 'crack'. Return Codes: 0 = Serial number appears valid and unaltered -1 = Serial number NOT valid -2 = Serial number not installed -8 = Serial number appears altered Copyright InfoSoft 1988-1989, 1990 7. Compile and LINK Time instructions There are a few items to be considered at LINK time, the first of which is what should be LINKed into your program. All the QBSerlyze functions are contained in SERNO.OBJ, the main support module. While developing your application in the QB environment, you will need to ignore most returns from the QBSerlyze functions. The reason is obviously that since QBSerlyze works on a disk EXE file, a program loaded into QB cannot be serialized. 7.1 Developing a program that will be QBSerlyz-ed You are urged to develop your program to completion without regard for the QBSerlyze functions and code them last. Obviously these can only be tested in serialized, EXE form. If it is your intention to only enable certain features when the program is registered and serialized, use a dummy variable during development. Ex: ' IF SerialValid <> 0 THEN ' Registered = 0 ' ELSE ' Registered = 1 ' END IF Registered = 1 During development or while working inside the QB editor, REM out the actual calls to the QBSerlyze function, and force the REGISTERED variable to either TRUE (non zero) or FALSE (zero) to test your programs reaction to either condition. Prior to the final compile, reverse the above example by un-REMARKing the calls to QBSerlyze and then REM out or remove the hard coded setting of the REGISTERED variable. 7.2 Choose the Serialization method You must also decide if you wish to serialize the end application internally (via a call to QBSerInstall) or whether you will be using either of the 2 external/stand alone serializers. Note that these 2 methods are mutually exclusive, by linking in the QBSerInstall routine, the external serializers are confused as to where the serial number should be placed and therefore abort doing nothing. At LINK time, SERNO.OBJ must be linked in for the basic QBSerlyze assembler function support. If you are choosing to have your program serialize itself at runtime, you must also link in QBSER.OBJ, QBL.OBJ and PRGNAME.OBJ. The latter 2 are standard GLIB functions provided with QBSerlyze and should be completely interchangeable with the object modules of the same name from GLIB 1.6 or GLIB 1.7. All 4 critical object modules (the three mentioned as well as SERNO.OBJ) can also be found in QBSERLYZ.LIB). Copyright InfoSoft 1988-1989, 1990 7.3 LINKing with /EXEPACK There are 2 other LINK time considerations. First, is the use of the /EXE switch which CANNOT be used prior to the program being serialized. Attempting to do so can result in "Packed File Corrupt" error message at run time. If you are not familiar with what '/exe' does, it 'packs' or slightly reduces the size of the resulting EXE file by removing extraneous NULLS from the EXE header. The EXE file must be serialized first, which inherently precludes the program from being re-LINKed. If you have BASCOM 6, MSC 'C', or MASM 5.x, you can use EXEPACK from any of these to perform the same identical function after the program has been serialized. If you do not have access to any of these, you might look for a Shareware/Freeware type program that performs the same function, but we are not aware of any such programmer's utility, and failing that, the EXEPACK function will have to be omitted. 7.4 Using QBSerlyze with BCLock The other consideration is that QBSerlyze poses a conflict with our BClock program. (BCLock provides virus and tampering protection in compiled EXE programs). The very last thing that must be done is that the program BCLOCKER is run on the EXE file to be BCLocked. This naturally precludes the use of the internal serializing method since that would mean that the serialization would occur after you have BCLocked the program. This also means that should you want to employ both QBSerlyze and BCLocker on the same program, it would naturally have to be BCLOCKED by you since BCLOCKER.EXE cannot be distibuted. Given this, you would also have to do the actual serialization prior to shipping the disk(s). This is not near the inconvenience that it sounds: using the disk output from QBSerGen.EXE, you could edit in the names of users from the order forms, and write a small program that reads in the next name/serial number string, SHELLS (or modifies a BAT file you are in) to serialize the program, then EXEPACKs it, then BCLOCKS it and makes an entry in your customer database with that information. The only remaining shortfall of using both BCLOCK and QBSerlyze is the explicit consent one garners from the agreement prompts in QBSerlyz.EXE. Copyright InfoSoft 1988-1989, 1990 7.5 Compile/Link sequence To be sure, the following shows how one might compile and link a program (FOOBAR.BAS) using the above information: A. LINK with the intent of using EXTERNAL serializers only BC FooBar /o /s; ' of course you may require other switches LINK FooBar+FooSubs+SerNo ' you may have other modules to link in... ' but DO NOT use the /EXE switch You are now ready to distribute program ready for serialization. The program may not be EXEPACKed until after it is serialized, and part of your distribution to registered users must include either QBSERIAL.EXE or QBSERLYZ.EXE to perform the actual serialization. B. LINK with for EXTERNAL serializers and using BCLOCK BC FooBar /o /s; ' of course you may require other swicthes LINK FooBar+FooSubs+SerNo ' you may have other modules to link in... ' but DO NOT use the /EXE switch QBSERIAL FooBar <SerNo> <RegName> ' serialize the program with a valid serial ' string and the correct user name ' optionally run EXEPACK on the file AFTER ' it has been serialized EXEPACK foobar.exe foobarr.exe DEL foobar.exe ' delete unpacked file ren foobarr.exe foobar.exe ' swap the name back BCLOCKER foobar.exe ' optionally BCLock the file You are now ready to distibute a fully serialized and BCLocked program! Note that all of this could be performed via a program you whip up to shell to BCLOCKER and EXEPACK, or in a batch file. Copyright InfoSoft 1988-1989, 1990 C. LINK with the intent of using INTERNAL serializers BC FooBar /o /s; ' of course, you may require other swicthes LINK FooBar+FooSubs+SERNO+QBSERI ' link in SERNO support and the internal ' serialing function QBSerInstall. ' You may have other modules to link in, ' but DO NOT use the /EXE switch You are now ready to distibute your program! The program may not be BCLocked using the internal serializing method since you may NOT distibute BCLOCKER.EXE. The program may however, be EXEPACKed by the end user AFTER they install or serialize the application if they have access to EXEPACK. You are now ready to distibute program ready for serialization via a the application itself. Copyright InfoSoft 1988-1989, 1990 8.0 Advanced uses for QBSerlyze Note that the return from SerialValid allows you to program in 'suppressed features' without actually using the serial numbering system or alerting the user to such. By distributing a version of your program with no serial number installed, you can act on the -2 return from SerialInst% and/or SerialValid% to not execute whatever enhanced features you provide with the registered version WITHOUT having to maintain 2 copies of the program. While this can be done with a variable or constant set or cleared (eg: CONST REGISTERED = 0), it takes much more for a person to scope out the process used to determnine registered or non-registered status when you use QBSerlyze. Additionally, even Shareware/FreeWare type products can use QBSerlyze as a tracking number. If you spend hours calling various bulletin boards to upload your products, by serializing them (as well as the ones sent to User Groups and so forth), if your registration form asks that they list the serial number from the copy they have, you can begin to track which distribution outlets actually yield a return. If a registration using the West Logoslobovia User Group/BBS serial number has never come in, maybe the club officers are hogging the samples (we do that, ya' know), or maybe it is just not worth the money to mail or phone to send or upload upgrades to them every few months. In the corporate environment, serializing programs used internally to individual employees can help can dissuade pilfering (provided that there is a use for the program outside the workplace). If copies of it start showing up on local bulletin boards, you might want to get it and identify the serial number. The fact that the program is serialized need not even be known to the employees - perhaps it is displayed in response to key combination known only to a few. Of course, if they know the programs are serialized that can help dissuade the unwanted distribution itself. There are a number of tracking, identification, verification and developers support aides that QBSerlyze makes availble to you. Hopefully, these few we've listed will trigger others that you can imagine. It is important to remember that QBSerlyze is not copy protection, more like copy identification. We also do not mean to imply that the algorithm used here is fool proof - it is not. The encoding and validity checking do offer more than a modicum of security on the serial string: it is not easy to find and it the checking algorithm is internal so it is not easy to decipher what is valid and what is not - except maybe to other developer-users of QBSerlyze. Copyright InfoSoft 1988-1989, 1990 9. License and distribution Because some portions of QBSerlyze, by design, are meant to be redistrubuted by you, we will list limitations by file: QBSERIAL.EXE and QBSERLYZ.EXE You may redistribute this EXE, but only with programs you design or develop AND are legally allowed to distribute AND that program must make use the QBSerial serial numbering system. That is, at least one accompanying EXE file must be linked with SERNO.OBJ and make calls to the assembler support routines. SERNO.OBJ, and QBSER.OBJ These may only be redistributed by you to the end user in LINKED form as part of an .EXE application program that utilizes the QBSerlyze system/routines AND of which you are the legal developer, author, and/or publisher. These may not under any circumstances be distributed or passed along separately or in OBJECT module or OBJECT LIBRARY form. No portions of QBSerlyz 1.4 may be distributed or passed along in OBJ form. QBSERGEN.EXE This is registered to a single user or developer for the purpose of managing the QBSerial System. QBSERGEN.EXE and it's output may not be passed along or distributed except by InfoSoft and/or it's agents. The results of any use, abuse or misuse of the QBSerlyze programs, system and/or subroutines are solely the responsibility of those programmers electing to include, implement and/or utilize QBSerlyze in their application program. IN NO EVENT WILL INFOSOFT BE LIABLE FOR ANY DAMAGES, INCLUDING ANY LOST PROFITS, LOST SAVINGS, OR OTHER INCIDENTAL OR CONSEQUENTIAL DAMAGES RESULTING FROM THE USE, OR INABILITY TO USE THIS SOFTWARE AND DOCUMENTAION. IN ANY CASE, OUR MAXIMUM LIABILITY SHALL BE LIMITED TO REFUND THE INFOSOFT LIST PRICE OR THE PRICE YOU PAID FOR THE SOFTWARE, WHICHEVER IS LESS. The use of QBSerlyze routines AND/or system explicitly implies your acceptance of, and intent to abide by these terms. 10. Acknowlegments QBSerlyze was written and developed by InfoSoft. BCLock and BCLOCKer are copyright InfoSoft QBSERYLZE is copyright InfoSoft GLIB 1.6 and GLIB 1.7 are copyrights of InfoSoft QB, QuickBASIC, EXEPACK and MASM are copyrights of Microsoft Corp. Copyright InfoSoft 1988-1989, 1990