ExGetLicenseTamperState

This function asks the kernel whether the license data has been tampered with.

Declaration 

BOOLEAN ExGetLicenseTamperState (ULONG *TamperState);

Parameters

The optional TamperState argument provides the address of a variable that is to receive the tamper state.

Return Value

The function returns TRUE if the license data has been tampered with, else FALSE.

Behaviour

The function stores the tamper state at the address given by the TamperState argument, if this address is not NULL. The function returns TRUE if the tamper state is not zero, else FALSE.

Availability

The ExGetLicenseTamperState function is exported by name from the kernel in version 6.0 and higher.

Use by Microsoft

The only known use by Microsoft is in SPSYS.SYS and in the kernel itself.

The internal use is in a timer that recurs approximately every hour. If the tamper state is found to be 4, then Windows stops. The bug check code is SYSTEM_LICENSE_VIOLATION (0x9A), with 0x1B as the first argument.

This page was created on 9th March 2009 and was last modified on 15th March 2009.

Copyright © 2009. Geoff Chappell. All rights reserved. Conditions apply.