https://stackoverflow.com/questions/22255057
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYes and no.
Just about everything you do, even in those cases you mentioned above, can be disassembled and overwritten. Consider, all they have to do is replace those lines in assembly (completely ignoring disassembly) with a NOP slide and then repackage it, signing the app package with their own certificate and installing it on their own machine.
The key is the way that they have to install this. In order to install a metro application, they need to get a developer's license and side-load the application. According to MSFT, they track (in some way) the usage of this developer's side-load to ensure that you are not installing pirated applications and are indeed using it for testing and development purposes (which you have to agree to in order to get the developer's license).
Now, if someone were able to bypass this system further, then this won't affect them as much, but that's the way DRM works. As of the current state of technology, it's not perfect (and likely never will be).
To answer your question though, Windows 8 has similar features built-in to the system. Users who misuse their developer's licenses will lose that license and be unable to side-load applications at all, so long as the system works.
You can do things to make it more difficult for them to, say, disassemble and repackage your application and sell it on the store like has been quite common in Android markets. Check out Dotfuscator. They have a version specifically for Marketplace apps.
Unfortunately, that's the best that can be offered. You can make it harder to pirate, but not impossible. You could have the app hash the contents of the install directory and send that off to a mobile service to be verified, but they could just as easily run it once regularly, sniff the packets being sent, then replay the verification response. You could also create a signing certificate in the mobile service and verify that the response is coming from the mobile service itself, but they could also just replace that certificate. You could have it pull the certificate from your mobile service in the first place, but they could just point your app to their own mobile service.
And, again, they could just bypass the checks entirely.
The system has drm already in place to try and make it more difficult for pirates to create a usable system, but with piracy, where there is a will, there is a way.
