One obvious option is to use ethernet MAC address. The only problem is, a few machines don't have ethernet. So just have some other mechanism for ethernet-less boxes (like reading the windows registration key if you can).

Then just send that as a string to the server, have it authenticate by comparing it against the existing key - if it's different then ask the user to phone up the support department.

The support department can then check what's going on with that particular registration key - if it's an honest user trying to reinstall the software legitimately, then they can do it anyway.

It's unlikely that a warez kiddie would ring the support department to have their key authorised - but besides, you can keep a track of how many different machines the same key is used on - if it's one or two, they can get away with it, once there are several, it's obvious that that key is being abused.

The software could check periodically that its registration is still valid by asking the server. If the software had been reinstalled on another machine, previous ones would then stop working (again, don't stop working rudely, just ask user to call support).

Keys that had obviously been abused could then be deactivated on the server, and the software could refuse to work if that key was used.

In any case, in my experience, people will generally just crack it after a while anyway. So don't try too hard.

Slarty