Most inject a fake KMS server that runs locally, tricking slmgr into thinking it’s a valid KMS host. Microsoft’s anti-piracy updates (e.g., KB971033) detect and disable such systems.
