To avoid key sharing you need to bind your key generation to some property of customer’s computer – a ‘hardware lock’ or ‘software lock’. As a ‘hardware lock’ the mac address, hard drive’s id (etc) can be used. Sometimes ‘software locks’ are used that gives end user more freedom with hardware upgrades.

So the scheme is looking this way:
Software generates the ‘request key’ = f(‘hardware lock’) which a customer sends to a software vendor. The vendor generates the ‘authorization key’ = F(‘request key’) by keygen and gives it back to the customer. When the customer activates his software, it verifies the key if(‘authorization key’ == F(f(‘hardware lock)) { okey, here we go } else { nope, key is invalid }

The drawback of this method is that a hacker tracks the flow of the key put to ‘activation key’ field and can find the F(f(‘hardware lock’) then does some ‘copy/paste’ of F binary code, creates the keygen and shares it over the web.

A better approach is if a hacker can not reach the routine that performs actual ‘auhorization key’ generation. For instance if it is located on a remote server.

Anyway there is no need to re-invent the bicycle, you can use the solutions developed by others, check the https://activation-cloud.com

Sure thing there is no protection that can not be hacked. The question is how much effort it takes to do it.