WMI (Windows Management Instrumentation) is the unified API for system information on Windows. Anti-cheats use it because it's stable, well-documented, and provides 80% of the fingerprint surface in a single round-trip.
Common WMI queries: Win32_BIOS (SMBIOS), Win32_DiskDrive (disks), Win32_NetworkAdapter (NICs), Win32_Processor (CPU). Each returns 30+ fields, and an anti-cheat hashes the union into a profile.
Our changer rewrites the WMI cache after every HWID change. The next anti-cheat query gets the new values immediately. We've tested this against EAC, BattlEye, Vanguard — all see consistent fakes.
Edge case: some anti-cheats (Vanguard 2024+) cross-check WMI against direct kernel reads. If WMI says "new SMBIOS" but the kernel sees "old SMBIOS," that's a flag. We work around this with simultaneous rewrites of the kernel data structures via legitimate Driver IO Control codes.
Important: if you wrote your own utility that only changes WMI cache without touching the underlying APIs, it's caught instantly by Vanguard. Don't reinvent the wheel — we've solved the cross-check problem in HWIDChanger 3.0.