AVS probably stands for Automatic Validation Service... hm interesting. Just checked mine, yesterday after freesh windows reinstall around ~13, WAT started to initiate somekind of check about 8 hours later. This are what i got in event log. "Genuine validation initiated. " "Health check initiated. " "Health check passed. " "Genuine validation data sent to AVS successfully. " "Genuine validation result: hrOffline = 0x00000000, hrOnline = 0x00000000" (WTF?! have can offline and online both be 0? eather its one thing or another...) "Genuine validation schedule created/changed. Interval: 129600 minutes" (it got signatures?! and next schedule is after "90 days"?!) "SLUI notification schedule modified. Schedule type: 1" This is all from WAT, more or less exactly after 8h after FRESH windows instalation (WAT was intergrated in to install DVD), it kinda seems that servers are online already, even tho i didnt find any new files in system32/wat and also they dont seems to be updated, date/time of those files is creation/time that when i installed windows and thats ~12:30 something and logs are from ~20:45
Windows Activation Technologies--> HrOffline: 0x00000000 HrOnline: 0x00000000 HealthStatus: PASS Event Time Stamp: 2:15:2010 16:04 WAT Activex: Registered WAT Admin Service: Registered HWID Data--> HWID Hash Current: LAAAAAEAAgABAAEAAAABAAAAAQABAAEAnJ+gRLytJGbmt4bkdug6eLIBRso= OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20001 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table NameOEMID ValueOEMTableID Value FACPVBOX VBOXFACP SLICACRSYSACRPRDCT Still Genuine with latest daz loader on vbox
Go to Custom View (or something) and make new View with Windows Activation Technology as source. edit: also did search on my system partition for all files changed between 20:40-20:50 and it didnt turned out anything important, so it might still be down, however no idea why it scheduled next update in 90 days...
I've got the exact same stuff shown up in the event log but all this happened on 12th feb. So thing has been working for the past 3 days?!?!
found it thanks and yep it says i passed but next one also is in 90 days so does this mean we passed or failed because its going to check again in 90 days??
Also noticed that HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Activation Technologies\AdminObject\Store\TotalValidations have value of "1". Like it did one validation already... Oh well, lets see what tomorrow brings with online validation check.
SoLoR, If WAT is really functional now, howcome it hasnt affected any of the loaders yet? Also this hrOnline=0 is very puzzling.
If it passed for you then you should be good. I think it does retests because lets say you activated it via bios mod but wanted to go to a loader after the validation, then it will detect you as pirated. I would also assume that M$ will be putting new info into WAT like if they find a new activation technique that they can kill, then it will be added to WAT and every pc will be re-validated with the new info if that makes any sense to you.
Thats what it doesnt makes much sense And we should wait until tomorrow, when there will be "online" check.
then you should be fine dude. My guess is that they will not be touching bios mods with their validation because it would just be too much work and cost too much. I would think they would rather actually change the activation process for OEM before checking every single motherboard and bios revision but that is just my opinion, Bios mods survived vista all the way through service pack 2 so it should be ok dude.
I may be completely wrong here, but I think they are building a data base of machine hashes to compare every 90 days. The more machines WAT checks the more that will get marked as pirated. In other words, a BIOS "modded" as a DELL will be like a small fish on a big pond. But, a true DELL machine with the proper BIOS will be like a bunch a fish in a large pond, therefore the true DELL machines will be considered normal. The "modded" machine will be all on it's own, and in low numbers. That will make them easy for Microsoft to verify. Best way I know to put it right now, and it's just what I think they are doing. Like I said, I could be completely wrong.
No it isn't, a loader loads slic table in memory before windows boots, if slic and cert (and maybe key in the future) matches then windows is genuine. But if wat is going to read data from the bios chip it will notice the bios doesn't have slic 2.1 or no slic at all and will flag windows as not genuine. When the driver for bios (which is needed to read bios I think) is replaced with a driver that emulates a fake bios then wat reads the fake bios data, and when the slic from the loader is the right one for the virtual bios then it will look like it's all legit. Windows doesn't see the difference between a virtual cd drive, so for now it also won't see a difference between real and virtual bios. Next step may be to encrypt the driver and so on so MS can't check if the bios driver is an emulator or not. Does this make sense? EDIT: @mhzjunkie If they are making a database then the emulated bios should be a backup from a bios that is actually being sold and it will be in the witelist then. AND I DON'T KNOW IF THIS WILL WORK, I HAVENT TRIED IT CAUSE I CAN'T MAKE DRIVERS, it's just an idea...
That's the advertised behaviour. It allows them to start soft and ratchet up the tightness of the tests untill it starts generating false positives. So they may well be 'passing' suspect systems at first ( now ), but by having the check run every 90 days against more and more stringent tests downloaded from the server, they can net in more and more faked systems. So just because a machine passed today doesn't mean it will pass the next round. Expect to see this board light up every 90 days or so.. -- SC
The Bios date is stored at different places. The places are read only! Either it reads it from the chip directly or from the mapped mainbiosmodule. This mainmodule that contains the date is compressed. It'll be decompressed and mapped to physical memory. Usually to an read only area (physical memory) after P.O.S.T. A loader neither can write to EEPROM (bioschip) nor in there to patch it. That's the reason why it would be a good check to separate a mod from an official one. Solution would be an enhanced biosmod...