Pc-Guard is not a sample of very strong protector : there are tools to unpack automatically protected apps : even pcgwin32 wich is protected by itself is easilly decrypted, as you know
Nevertheless, if you trace manually the decrypt process you become aware of this generality : All is needed to decrypt
must be in the distributed exe, exept one key wich
may not be hardware nor username dependent. This key must be the same for all users and all machines.
Of course, the app vendor dont send this key (let name it "A"), but a combination of A, UserName, HW-id, etc
So, in two words, encrypt your app with key A. When some user want to register your app, he send to you his HW-id, name, mail or what you want.Then you return to him a key "B" (some complex combination of A , name, etc). In your app, there is a routine wich decode key B, (knowing his name, HW-id etc), and restore key A wich can decrypt your app.
On another pc, decoding key B will give a wrong key A.
Is that more clear for you ?