Include a unique URL in EXE

I want to give users of my site the ability to upload their software/hardware configuration automatically on Windows. So I'm thinking of having an EXE file download, and somehow put in that EXE a unique URL for each user. When the data is collected, the program would just posts some JSON to that URL. How can I do it开发者_如何学Go? I'm most familiar with .NET platform. Tools like this do exist, for example Blizzard uses this approach for their beta test enroll. Each user downloads a slightly different EXE.

TIA

Simply create a unique identifier for each user

Guid.NewGuid()

then either embed that into the download. Or much simpler: create the Guid the first time the user runs the application. Then a single download will be sufficient.

There are a couple approaches that occur to me off the bat.

If you truly need a unique id embedded directly in the executable, then you are talking about:

1. Compiling a separate executable for each download, in which case you'll need to script out the act of changing some file used to build the exe, and calling csc.exe to compile a unique exe file for each user at the time of the download.
2. Locating the unique key embedded in the .exe file itself, and editing it in-place just before downloading the file.

Both of these seem a bit heavy-handed to me. Why can't you just keep the unique key in a separate file? As long as it's unique to each user, I don't see why it would need to be embedded directly into the exe. You'll still need a way to package it up for delivery, of course. You could zip up the "key file" with an installer, and script the installer to copy the key file to the location of the exe file, I suppose.

Of course, the identifier should be encrypted somehow to stop casual hackers from breaking your system, perhaps using the registered user's name as the initialization vector (IV) or salt value to the encryption routine. As long as the executable itself doesn't actually use the key for anything, then it won't even need to have the private key used to decrypt it. To the exe, it's just a magic value that it uses when asking for updates. The exe could pass this value in the querystring or post data of the request for updates. On your end, you decrypt the value, pull out the user ID, and use that to generate the new download if there is one.

If you want the executable to use the value, perhaps at startup to verify that it's a "genuine" copy, then you're going to have to give it the ability to decrypt the key. This means embedding the decryption key into the exe file, and hoping no-one digs it out with Reflector or something.

At this point, you're talking about full-fledged copy protection, in which case you're much better off finding a commercially available system than trying to write one yourself.

Try compiling an application with a unique string. You could search the resulting binary for that string at substitute it with another string of the same length.

I don't know if .NET uses checksums or anything though.