From recent VAC update. Vac is now checking if you disabled signature verification of drivers (Code Integrity check, more info http://technet.microsoft.com/library...(v=ws.10).aspx).
I tried calling NtQuerySystemInformation with same parameters and info2.flags is either 1 or 0, depending if is drivers signature check enabled or disabled.
Those wProcessorArchitecture and dwProcessorType can't be used for hardware id ,as some people might think, because they aren't unique. Valve might use this info for futher diagnostic in case where NtQuerySystemInformation fails.
Having drivers signature checking disabled of course isn't a reason for a ban, but again, if you disabled it you are candidate for mode deep vac scanning.
Credits: lmaobox <3
PHP Code:
output[18] = GetVersion();
GetNativeSystemInfo(&lpSystemInfo);
output[20] = lpSystemInfo.u.wProcessorArchitecture.wProcessorArchitecture;
output[21] = lpSystemInfo.dwProcessorType;
output[6] = NtQuerySystemInformation(
SystemTimeOfDayInformation,
&info1,
48,
0);
output[14] = info1.CurrentTime.LowPart;
output[15] = info1.CurrentTime.HighPart;
output[16] = info1.BootTime.LowPart;
output[17] = info1.BootTime.HighPart;
info2.Length = 8; // The length field in SYSTEM_CODEINTEGRITY_INFORMATION must be set to 8
output[7] = NtQuerySystemInformation(
SystemCodeIntegrityInformation,
&info2,
8,
0);
output[19] = info2.flags;
Those wProcessorArchitecture and dwProcessorType can't be used for hardware id ,as some people might think, because they aren't unique. Valve might use this info for futher diagnostic in case where NtQuerySystemInformation fails.
Having drivers signature checking disabled of course isn't a reason for a ban, but again, if you disabled it you are candidate for mode deep vac scanning.
Credits: lmaobox <3
Aucun commentaire:
Enregistrer un commentaire