Kas Ob.

The blackout is striking again, two days out of power, now back to 3 hours on and something between 3-6 or even 9 hours off. Defender easily can do it and even worse. What is standout for me, is why it is not verified ?!! while other are OK, but yet it might not be a big deal https://security.stackexchange.com/questions/224829/does-a-lack-of-verified-signatures-for-windows-defender-indicate-malware https://learn.microsoft.com/en-us/archive/msdn-technet-forums/a7e41613-43aa-4c9b-b117-46d0f9420bf7#986960c6-d417-4747-8020-e06f3bf6e1fb As what could go wrong ? the answer here makes sense (pun intended) https://answers.microsoft.com/en-us/windows/forum/all/is-it-okay-if-the-windows-defender-service-is-not/2d1dbf86-06cc-4c5c-a415-75fa0b878cff So, as a theory, Sense at some point was allowed to upload samples in such case it could marked/flagged your application and may be your certificate too, and waiting for a response to either red or green flag it, in mean time it will be allowed to work under inspection with full logging/tracking/tracing up to a point where it deplete a specific amount of resources, it shouldn't be reaching such limit but it is, though it is a theory. Try to change the name of the EXE and how it does reach that device, i mean if you have self updating exe then override it, build a new exe with different paths if possible, and try again. OR, allow defender to take its samples if case it is misconfigured or had some policy changes, ask if someone tweaked defender, or even just try to stop it and restart it.

This is it a driver running out resource, either by being a buggy/outdated or it does belong to bigger software like an antivirus but the rest of the software is not there to continue processing something, it could be uninstalled software that had a driver leftover, running rouge. I can say something around 100% sure. for more testing please Run (As Administrator) AutoRuns https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns with Then see what reside in the both sections Services and Drivers, easy to check the Provider/Publisher.

Well this means, it is definitely a broken driver, and again such driver is there to perform a job, it could be attached to another service like (just as example) System Restore or it might have its own configuration/policy like security and its access. So what i suggest is to go back to my first post in this thread, and run SFC, yes as dumb as it sound, also check if compatibility service is running and the application doesn't have any, also check the target file path (location and upper directory(s)) have security, see i know it work sometimes but, is there something had changed it dynamically ? like at this moment causing such resource to be wrongly handled, Handles are stored in kernel in tables and cloned there, but it could depend on filters on the way (in and out), and that what you want to pin point if a buggy driver (yes it is a driver or filter driver) caused this and depleted its own resources.

Expanding a little on drivers and services, internally all drivers are called services and they configured and launched from one location in the registry Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services Except the OS kernel itself which loaded and hardcoded to load at very first step of boot, all are defined there. So when an error says service it could be a driver.

It doesn't matter, and yes it will help if no object with that name exist then the problem is in the middle between use mode and user-mode driver.

Sorry i forgot to mention to search and find your MyMutex1

Not mentioned is enough for this one, it does confirm it is coming form a driver, low level one.

No not healthy at all. But this one could be the running out resource ! Yes handles has limit and still the same as i mentioned above, the handle is wrongly handled, Please, download WinObjEx64 https://github.com/hfiref0x/WinObjEx64/releases Then share screenshots of the three tabs like this

TO be honest it is not exactly a service but stapled to one, see this cryptic error most likely caused and reported from User-Mode Driver, as kernel mode driver are more detailed error, yet in both cases these drivers belong and part of to an OS service as mentioned above, i think it is between System Restore, Defender or some network mapped drive.

Use Process Monitor without filter(s), them see what is trying figure who reported the Resource Error.

Well, this clear few things Service ! , so the cause is not your application, i am of course assuming your application is not a service, as you didn't mention that and that is very relevant. My logic thinking about this, is that a service very relevant to your application and in this case very relevant to reading/accessing files failed to resources or other causes, here keep in mind many service error are mistakenly reported as resources deficiency due how it is structured to communicate by direct IPC or other method, these belongs to OS IPC designs. So an OS service caused this, how this can be ? OS Services interact and interfere in [a/any] application in directly or indirectly 1) Directly, as example, DNS Cache, TWAIN, or some .NET freak service,.... if your application is depending on something like OS DNS resolving and the service is misconfigured (something broken hosts file) it could lead all sort of such unexplained errors, yes i know i am bringing dns example to file but the idea i want to convey. 2) Indirectly, and this is the most relevant and may be the cause of your problem, see, there is services within OS are built to hook and intercept IO, example Volume Shadow Copy, System Remedy (or something), System Restore, Defender..etc all of these capable to stop your IO from completion, and on top of that if they failed for some reason, and your application is done and gone, and you are left with cryptic error message like yours. Also there is one in particular not mentioned in 1 and 2, Application Verifier, though it is low probability to be your problem, but checking does worth it, https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/application-verifier Make sure if it is exist on the target device, if yes then open it and remove/delete any thing in that list, yes delete them and you will know how once you see it. Anyway back to suggestions and shooting darts in the dark, try to find the service attached to that error, and delete system restore check points, disable then enable... just try to figure what service is interfering and try to remedy it, one of them could have broken policy or setting or just really out of resources.

You landed on the holy grail of bugs ! If you can make smallest demo to reproduce this bug then it is great for reporting, these Variant handling exception/bugs/AV are fatal in the IDE and debugger and there quite few of them, not all do show error messages, many leads to silent IDE crash or just freeze, there is bugs is many places but it could shed light on this Variant mishandle in IDE/Debugger in general.

Well, i don't have a idea about such case per se, but i witnessed many of these when i broke my OS kernel debugging and fooling around, so i have thoughts here But first let me say what is different in LSTC from the normal, they are the same, except LTSC comes with slightly different default policies, policies that are not even listed in GP editor, some of them need to be added using ADMX files to be accessible, to have an idea look here these https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-storage They mostly are documented though, yet many need to be added, so your OS might need some restoring its default. That being said, now to what i think might be the cause, also while we shooting darts in the dark: 1) Storage handling layer and its drivers run in two layers User mode part and Kernel mode part, in some cases i caused a corruption in user mode, this triggered an exception, yet that exception wasn't critical to crash the system as it happened after returning form the kernel system calls (drivers), the exception marked the file handle as corrupted and left it in locked mode, or just the handle tables were faulty and the system couldn't add another handle or even try to read part of that table, sometimes many files locked, so no more file access with strange errors or simply freeze, yet the file(s) were accessible from from different processes, this due the user process sandboxing which start in kernel and extend to user mode. 2) LTSC does have delayed update policy, meaning fewer fixes will be pushed, so if there is a bug it could be simply fixed by update your LTSC to the latest and in case you can't then really running SFC 🙂 (as they always suggest) can help, the more info about running SFC is literally everywhere ! 3) Your disk have a problem, i saw these on Server 2003, also have them on my old XP, the disk wasn't aligned, yes it is a thing and there is few tools to check disk aligning and fix it, https://superuser.com/questions/132296/how-to-check-the-partition-alignment-on-an-ssd-drive Notice that searching the net now gives me only SSD result, but that is not the only case, it might happen with any disk type as it with mine, and also it increase the speed, and linger for trouble in accessing disks, which might be your case, One thing though don't use any non official application or method from any where on the net to align your disk, first check your disk manufacturer if they have such a tool, WD, Intel, Samsung ... they wither have tools or their software will check and prompt you to fix the alignment. And with 3rdpary tools like the one mentioned here https://www.diskpart.com/windows-10/ssd-alignment-windows-10-3889.html It could be fine yet i wouldn't recommended it. Hope that helps !

Standards, specifications and their accuracy ! https://www.di-mgt.com.au/x942testvectors.html

On side note KDF(x) are key driving functions, but these functions are old and mainly used for specific purposes, which generating a key from a key or sufficient and accepted entropy, they never meant to be used for passwords and for that they had the seed added, they should have have been designed better to focus on this issue, not like PBKDF which is Password Based Key Deriving Function, which designed to be get a key from low entropy sources like password and it compensate with arbitrary rounds of HMAC.