What you want to do cannot be done in a failsafe way. As long as your user has control over the environment your program runs under, the program cannot reliably check that it is just being installed into a specific environment and only once. As a simple proof to that statement, consider virtual machines (such as VMWare or QEMU, a user can simulate an identical environment as often as he wants using such virtualisers.

Keeping that in mind, if I were to attempt such a thing I'd have the installer gather some system information that's hard to duplicate (e.g. on Linux output of lspci -vv, ethernet card MAC addresses, output of "hdparm -i " for main harddrive). Have the installer "call home" to a server you control, with a unique registration number that's embedded in the installer and disable that registration number on the server afterwards (so installation can only happen once). Hash the system information together with the registration number and store the hash. Then have the program modify its executable so that it will only run if it can recompute the stored hash at startup. This will break if the user ever changes any hardware, and can be circumvented using a virtual machine as described above, but it may be a reasonable approach for a demo/test of the app.

Long story short: you're wasting your time.

It's trivial for a well-informed person to copy your code. If you don't trust these people, you shouldn't be working with them.

There are no technical ways to make your code safe, as it must execute on the host system. Work with good people, write contracts (if you must), and move on...

Update: I forgot to mention, if perl2exe works like PAR does (which I think is true), did you know that you can open that .exe file with WinZIP? Please, spend your time on productive things.

Is is more than a trust issue really. I do NOT know the people who are going to do the tests and secondly it is a non-commercial program and I do not want people to make money from it. I am already considering of splitting the program into several seperate working testable functional units. It will not be possible to "glue" them together, so nobody will have the entire working copy. That way the risk of someone "stealing" my work and making money from it will be averted (I hope).

The best approach is not to give it to users you don't trust. If you are afraid they will share it then get new testers.

It would probably be worth mentioning that M$ tries this with XP and yes it isn't difficult to find the hack online.

If you insist on trying it then i would consider a two step approach. Build a utility that they run and it gives them a signature of there system. Then build your exe that uses the signature to limit the use. You could probably use the signature in some sort of encryption to make sure the EXE only runs if it gets the right key.

If I remember correctly anyone can just rename your .exe .zip and then open it up and see the source code (perhaps thats a different 2exe utility though.)

Whatever you do rememeber it is just a deterant and there is no fail safe way to accomplish your goal.

I am perfectly aware that nothing is foolproof. What I am merely trying to achieve is to put up some barriers only (like you mentioned: deterrant). FYI: I tried renaming exe to zipfile but it doesn't open with winzip

Yes, I had PGP in mind. Now the question that remains is: can you limit the amount of time(s) or duration that the key is being used (expiration ....). Anyone some clever idea for this to happen?

make it ask a key from the user, then store it in a dot file in the homedirectory (Linux) or eventually in the registry (Win32). Have the script check for the value before it asks the user for it.

I have only one remark of a linguistic nature: I see that you're from Germany, and hence probably not a native English speaker. I'm not, either: I'm from Italy. Here we have the adverb "eventualmente" which may seem to map 1-to-1 to the English "eventually". However the former means "possibly", which I assume is what you really meant, and the latter "in the end" or "finally". I suspect that something similar happens with German...

There are other cases, like "attualmente" and "pretendere" that have quite different meanings than "actually" and "to pretend" respectively.

I would have rather /msg'd this, but it wouldn't fit - an maybe it's not so bad to post it for the benefit and hopefully the interest of other readers.

The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whomever generated them, and may be sold commercially, and may be aggregated with this Package. If such scripts or library files are aggregated with this Package via the so-called "undump" or "unexec" methods of producing a binary executable image, then distribution of such an image shall neither be construed as a distribution of this Package nor shall it fall under the restrictions of Paragraphs 3 and 4, provided that you do not represent such an executable image as a Standard Version of this Package.

I am wondering whether this goes contrary to the Perl license? I'm not sure of the legal subtleties, but it does seem as though your idea goes against the spirit of Perl, if not the exact license.