That would 'fit' to my guess.....(I hadn't a look at WAT yet)...the manufacturer string of the mobo is usually located at low address range 'shadowed from Bios' <= 1Mbyte...(0xC0000 to 0xDFFFF and 0xE0000 to 0xFFFFF)...screen messages at P.O.S.T. also (SLP1.0 ranges are valid there as well, at second range)....this address range is read only after P.O.S.T....a loader would have trouble to write in there, because it's Northbridge dependent to set a special bit to write. Not sure how they want to identify mobos that are not officially SLP licensed....blacklist? .........anyway to read out the chipset and hardwareIds would be more effective...SLI licenses (Nvidia) are working that way....solution (besides a DSDT mod) is to patch the HAL.dll to retrieve chipsetIds of your choice.. anyway....nothing more than speculations
GetSystemFirmwareTable is a function in kernel32.dll that retrieves ACPI tables such as FACP, APIC, SSDT, SLIC and so on. It can also retrieve the Raw SMBIOS data and dumps physical memory address data from 0xC0000 to 0xDFFFF and 0xE0000 to 0xFFFFF (this part has SLP strings).
MD is right, the API function could just be a harmless check to simply read the SLIC and compare it. If you look at Everest that can mark some things as emulated and sometimes it can't tell the difference, it's all based off the SLIC address which if anything is a very poor thing to base validation off and I would be surprised if MS were to flag the "maybe modified" users without an accurate finding. It will be funny when Hazar's RemoveWAT actually does remove the standalone WAT update, because thats all it is. A few files that are not even required for Windows 7 to run and can easily be deleted and/or patched
This my friend, is what will try to stop us from running windows without paying for it. But don't worry, there's always a workaround for everything.
I'm not sure if that API function is able to retrieve the ACPITable's memory addresses. Since some bios mod methods are using 'unusual' addresses it could be possible to detect a biosmod. Also to retrieve the raw SMBIOS data and to verify them could be a way to detect modded bioses..anyway M$ has to be very careful not to mark official licenses being 'modded'...all this can be circumvented by a new biosmod and a dynamically allocated SLIC....and a new string placed at mainbiosmodule to fool the verification again.... What makes me believing that additional checks are not easy to perform for M$ is the fact that the licensing is specified. It's clearly described what has to match to get it valid. It are the OEMIds and TABLEIds of the RSDT table or if present the IDs of XSDT that have to match the one of the SLIC.... NO OTHER table....any additional check would mean to extend the specification of the license... So possible would be the address verification of the tables without to extend the licensing specification...although there are no ranges excluded by the specification.... Interesting....and means probably nothing..yes..
@ Brainsuck SP1 is just a service pack, it installs most of the updates in just a "pack" form to save download time... that and it can sometimes contain a few improvements. At the end of the day though it's just as easy to remove the files from the service pack or patch them to always return valid. I mean why release WAT as a standalone if you think SP1 will integrate it into the system more? It won't because MS will constantly have to be updating WAT and like XP's WGA it can be stripped from the system or modified. So simply put service pack 1 means nothing and if you think otherwise then you will only end up being proven wrong MS can't fix all bugs, MS left Windows 7 as vulnerable to the same exploits Vista had and they were perfectly aware of that so I personally think whatever MS does there will always be a way around activation until they drastically change the whole activation system.
ok great with everyone talking about the acpi tables etc i was unsure if there was anything new on it.
Relax, MS is always full of s***, I mean big stories how they will correct something, and then you will see that even loaders will survives after some modification. I once told Hazar that I thought Microsoft HAL was smarter, but it is not.
To read out data only and to decide about are different matters. M$ is probably planning to read out more info about the bios / ACPITables. If they can use it to differentiate / detect a biosmod is the other question. Yes...
And in case WAT makes our mods useless, which I don't believe actually, we would need to patch WAT so that the info it reports to m$ is always "correct"
Do you realy believe that MS can't detect file removal WAT bad enought the panic about bios mods, even DMI which have never been knocked out yet. Scare mongering people again no Prophets here we have to wait and see but all bets are on bios mods. at the end of the day it is MS OS system not ours we just rent it so Big Bill can get his money