Have you seen the protections on some of the Windows executables - e.g. WINLOGON.EXE - to avoid modification that may allow users to use the OS past its licensed limits? For example, enabling multiple terminal server sessions on XP. I've tried to crack those but it was too difficult for me.
I think this is the same thing as is alluded to here:
http://research.microsoft.com/crypto/piracy.aspx
"Microsoft protects its software from abuse by writing into the basic code protection mechanisms that, while the program is running, continually verify that it has not been tampered with. The program may call for the tamper protection mechanism every 40 clicks of the mouse, or every time a file is opened, and if the right response is not forthcoming, the program shuts down. The call is usually encrypted so that it cannot be detected or intercepted."