While thinking about anti-VM and anti-sandbox tricks, I came up with the idea of ​​implementing a simple check to confirm whether the operating system has a valid license or not.

After some google-fu I found this Windows API: SLIsGenuineLocal().

The first argument is a pointer to an SLID structure that specifies the application to check, the second argument is a pointer to an SL_GENUINE_STATE enum that specifies the state of the installation, and the third can be NULL.

The proof-of-concept code is really simple as it only checks if the current status is SL_GEN_STATE_IS_GENUINE and opens a message box with the result.

Licensed Windows:

Unlicensed Windows: