Geoff Chappell, Software Analyst
Windows Vista introduces a formal scheme of named license values, with API functions to manage them. The license values are stored together as binary data for a single registry value. The data format is presented separately. Like registry values, each license value has its own data.
The kernel exports two functions ExFetchLicenseData and ExUpdateLicenseData that work with the whole of the binary data. Another, ZwQueryLicenseValue, obtains the data for any one license value. This function is also accessible from user mode, as the NTDLL functions NtQueryLicenseValue and ZwQueryLicenseValue.
Of course, license data stored in the registry even in an undocumented format might easily be changed by users, which they would have some incentive to try since Microsoft charges significantly different prices for different licenses. Microsoft therefore has an elaborate scheme for checking that the license data remains as Microsoft wants it. The kernel is the repository for whether the licensing data has been tampered with, and to this end exports two more functions, ExGetLicenseTamperState and ExSetLicenseTamperState.
It should not surprise that no function mentioned on this page is documented.