Kas Ob.

One last thing here, from the documentation Although i hate to do the multiplication and see it to some extent as wrong instead of division of the delta on the biggest, why this is not in the library (Math unit) as function ? that is the question.

That is personal point of view, i agree, but how many out there and here in this very forum knows that SameValue without Epsilon with return True for any value less than 1e-4=0.0001 even with 0, like comparing 0.000099 with zero will be True, also for bigger number should Epsilon go in decimal or will always be False, and how many knows how to estimate Epsilon the right way. Machine Epsilon should be incorporated check approximation, that is a fact, and the lack of documentation is disturbing to say the least, the main point here isn't this the job of the library (or the function) to do that in right and correct way ? Just food for thoughts. And yes should renamed to be Delta there.

Can't agree more, yet there is many cases when you can't predict the usage of a library or the user input, in real estate 1 square meter could be priced at $1000 or even $10000 even for small office at 33 square meter, so the fractal part worth non negligible value, in other cases the asset we need to process all the same is at million square meter, here the price could be not a problem but are the result have the same precision ? i know i sound like losing the subject !, Please bare with me a little, i will try to explain few things which many knows and many doesn't know, just to reach some points at the end. i will start with single float point, it is 32bit and we all know its structure and how it work, but i am writing about the things that are not very known ! lets look at the smallest number that single can have, and again i am talking about positive only here as the negative while they are less but ,, meh ,, it is just signal bit, anyway the 3 smallest numbers, and here pay attention i am going with normal and not subnormal ones, these are smaller a lot but they are different case, while both belongs to IEEE 754, the smallest one is 2^−126, i don't have calculator to get the decimal value because it will help here, so i am using online Wolfram Alpha 2^-126 = 1.1754943508222875079687365372222456778186655567720875215087517062784172594547271728515625 × 10^-38 but we are limited in precision and i need the decimal representation and singles has 24 precision so 2^-126 = 0.000000000000000000000011754943508222875079687365372222456778186655567720875215087517062784172594547271728515625 But this approximation and could have more puppies, i mean digits, yet we (computers and software) can't handle such precision out of the box so lets truncate it a little, we get the smallest three singles 0 0.000000000000000000000011754943508222875 | 0.000000000000000000000011754943782280733 | the step is 0.000000000000000000000000000273057858 again in these numbers i am taking normal not subnormal, the difference exist in the 1 on the left side and it affect precision, long story and irrelevant to this post. While the biggest numbers are 340282313029632462711731687303715884032.0 | 340282346638528859811704183484516925440.0 | the difference aka step here is 33408896097170127936.0 Infinity (overflow) the step plays crucial rule in float point, as it resize based on the exponent used, in other words we might add billions and yet the result will not change a bit ! Fun fact on side note, ULP is the official name for these adaptive steps and let see what happen when and where ULP is >= 1 ULP(x) = 2^(exp2(x)-23) , so for >=1 we have exp2(x) >= 23 , hence x >= 2^23 and this equal to 8388608 , Now to the eyes widening fun fact for any value for x where x >= 8388608 , we have x +1 = x , here x is single and might be better to be written 8388608.0 , yet i think the idea is received, if you do 8388608.0 + 1.0 then the result will be 8388608.0 !! with that fun fact at hand imagine using single or double, any float numbers to count puppies in a country, we will thing we increasing by one and will hit hard limit without any notice or problem. same if we are counting pairs of eyes of puppies the there is limit when the step by 2 will be neglected and lost. as for bigger numbers as shown above we might be adding millions or billions and losing money, that why banks and financial software should never use floating point and stick to fixed point. Now back to our non beloved puppies killer SameValue, and here my thoughts 1) It does use Epsilon in violation to what epsilon represent, there is Machine Epsilon mentioned above, but Epsilon generally in math used to describe small values no Deltas, yes in that context and as it implemented it should be named Delta, that name trigger my OCD. 2) SameValue calculate the Delta between singles not THE approximation for equality, not the sameness with tolerance, just Delta, so if you feed a number like 1000 then you might expect the close one at 1000.01 with %1 error tolerance, this Delta or Epsilon make no sense when the number is 1000 000 because it will be Delta and will compare between 1000 000 and 1000 000.01 , can you spot the different here ? we are using the same delta and changed the tolerance to %0.0001 , this goes up and down, and the only way to accommodate this factor is by adjusting the Delta (Epsilon for the SameValue) at runtime, while this can be ignored or pre-calculated for assertion, it is a must for runtime if you value your calculations and output precision. 3) the documentation fails to mention the delta usage and fail to warn about this very shortage. 4) The default value for error tolerance if we might call it for SameValue, is 1e-7*1000= 1e-4 = 0.0001 , for single type, this is useless when numbers goes in thousands or millions, but the real danger is for small numbers like the ones which are less than 0.0001 , they all are equal with SameValue ! 5) Rollo62 mentioned known the arena we staging and performing within, yet for a small office or room where 4x5 m we can use the same tolerance (we put it there like 0.01 for 1 cm) for the dimensions and the area and we still in control, but if we used the tolerance E=0.01 (1e-2) , with huge farm land with where 1000x1000m we have million squared meter and we are in different realm like the example in (2), notice for larger numbers above 8 millions and from above too, 1 meter tolerance is literally no sense operation. Now from these i can deduce this, SameValue is wrong, Anders asked if it is within its implementation, and yes it is but it has deceiving name, it should be called something CloseEnoughBy , and never should be used for testing equality or approximation of equality, it failed in documentation and failed in implementation to serve the sameness which it claim, as for its usage and how to use it right, then you have to calculate the correct and right Epsilon then provide it as parameter, rendering its usage merely compare the difference, aka within Delta. In my opinion SameValue should 1) deprecated, just kill it and warn who use it to refer to the documentation. 2) add a real, useful and correct alternative like SameValueEx or some other name. 3) Yes like Anders point to, the implementation should test first for 0 and NaN , in other words it should be right implemented, and this mean with the suggested formula it will be slower a lot, like a lot, but and as always correctness can't and must not be a point to discuss, the developer can and should seek alternative if it will be used in big/long tight loop, heck he can use SameValue 🙂 killing more puppies 😭 4) The enhanced version could have multiplier (cofactor) for Epsilon instead of Epsilon, as it should be strictly using Machine Epsilon, the multiplier can serve better in implementation, example if you are calculating area then two singles involved hence we can adjust the positive only multiplier to adjust to the area, thus we have clearer and easier reach for the best error tolerance, and here i don't want to drive this of the road as multiplier from mathematically and statistically the correct way should be accurately adjusted, see, in case of 2d and area calculation there is many methods for error tolerance from CEP to Root Mean Square Error to .... but we talk singles and many of those doesn't apply on the single arithmetic operation itself those apply to the input values for the arithmetic operation and for the operation it self we are little more free, this is due the fact float point are approximations so we can just use a factor of 2 or you can go with sqrt(2) or even 10, this is up to the developer and the engineer of the formula/operation involved. Hope that was clear and somebody find it useful ! ps: more things came to mind now, where i saw many made such mistake, see, single can hold a large number like 340282346638528859811704183484516925440.0 and small number like subnormal 2^−149 = 0.00000000000000000000000000000000000000000000140129846432481707092372958328991613128026194187651577..... But it can't have 340282346638528859811704183484516925440.6 in fact the closest number to 340282346638528859811704183484516925440.0 is the one i listed above and it is far by 33408896097170127936.0 So be careful when and how you use float point and remember one thing float point is like ruler (exponential one) that slide up and down losing anything not in the range, well mostly it slide up only killing all creature including puppies standing behind the point. PS i made a mistake above and will not correct it, but will point to it here and too lazy to read and rewrite, i dont think this change a lot of the above though. I used ">=" instead of ">" in calculating ULP and this leads to mistakenly assuming adding one to 8388608.0 will result the same, while with ">" the needed exp will be 24 so 16777216, and here is the testing code procedure TestULPx; var A, B, C: Single; begin A := 8388608.0; B := 1.0; C := A + B; Writeln(C); A := 16777214.0; B := 1.0; C := A + B; Writeln(C); A := 16777215.0; B := 1.0; C := A + B; Writeln(C); A := 16777216.0; B := 1.0; C := A + B; Writeln(C); end; The output 8.38860900000000E+0006 1.67772150000000E+0007 1.67772160000000E+0007 1.67772160000000E+0007 // 16777216.0 is the threshold at 2^24 when adding one is lost, x+1=x

May be i missed, SameValue does work as documented, no word there. Yet it doesn't use the standardized value for the default Epsilon and it does that without documentation, its documentation should declare it use low(reduced) precision for comparison by default.

Well this is longer discussion and need scratching behind the ear, not from the puppies fleas but pretending thinking deeply The suggested formula above is the best one or lets say the most right one, but it is not adaptive with fixed error tolerance, adaptive one will be more complex and depend on the exponent part and scale with it, think about it, comparing numbers in billions makes the machine Epsilon very silly, so such epsilon (error tolerance) should be magnified a little to accommodate the fact these numbers and the need for their comparison is coming for arithmetic operations, so multiple mE by 10^n makes more sense.

The right way to do (the formula) at that very Wikipedia page, from https://en.wikipedia.org/wiki/Machine_epsilon#Relationship_to_absolute_relative_error the first line has the formula, and its proof, while the last line explain how to generalize it to Notice that the mentioned formula i suggested is the exact one but it use the max between x and y, unlike the Wikipedia listed formula, the reason is using the biggest one will increase the precision as the left side might fall beyond one machine epsilon step, using the biggest (max) hence it is the right way to do it, also the SameValue should be check the same value within best highest precision possible, so while we have defined and mathematically proven formula we should stick to the most standardized references, in other words it should utilize division instead of multiplication. This formula is not from yesterday... Digging more and consulting with Wikipedia sources i see what might be the origin of these numbers used in Math unit here from 1999 https://people.eecs.berkeley.edu/~demmel/cs267/lecture21/lecture21.html While the correct epsilon values should be For singles = 1.19e-07 and for doubles = 2.22e-16 Now comes to the formula from that page again we have

Right, yet the formula for the comparison should be MaxValue := Max(Abs(A), Abs(B)); if (Abs(A - B) / MaxValue) < Epsilon // Epsilon is the optional provided one or Machine Epsilon and the machine Epsilon should be For singles = 1.19e-07 and for doubles = 2.22e-16 These numbers are known and defined https://en.wikipedia.org/wiki/Machine_epsilon#Values_for_standard_hardware_arithmetics and not what Math unit define in the RTL as approximation to these, then for some unexplained reason multiplied by 1000 reducing precision 3 degree to kill 3 puppies at least 😭

Look at these cute puppies 0.96493138416 , look at them pawsitively ! SameValue will murder some of them as its error tolerance is fixed (not adaptive) and the comparison is .. meh .. it looks close (aka very far error tolerance), so some cute puppies and kittens will be missed by the world 😭

DELETE can have content, also between all HTTP methods only GET and HEAD are not allowed to have content (but with a twist) From the same section of the the RFC you referred to: 1) from https://www.rfc-editor.org/rfc/rfc9110.html#name-delete This imply, well it does not imply it does clearly say the error cause is no content. 2) from https://www.rfc-editor.org/rfc/rfc9110.html#name-get So there is access where GET request is allowed to have content but only in special case with origin server is already on the same page with client, or lets say server and client has their own communication semantics, (their own API/SDK), in that case then such content is handled only by such server, other servers should drop it (drop the content) or refuse to serve with an error, the risk here is coming from request smuggling, this is interesting class of attacks against cache proxies and/or load balancers. 3) HEAD has the same paragraph as GET about request content. 4) Now back to (1) of DELETE, the same paragraph as GET and HEAD but we have specified error to return in case of absence of the content, in other words it is likely that there is generally defined semantics for DELETE (between client and server) hence the request content is needed.

Few things to know about this API 1) FoundLength is critical to know and adjust to, as the result of found string might be longer or shorter. 2) ACaseKind can/must be none of the above for default behavior and ignoring nothing. Anyway here an example, and as usual the forum sometime corrupt the text, and in this case is more delicate to reserve it as it contain very non popular encoded strings, i suggest to use the files instead of copy from the forum program FindNLSstring; {$APPTYPE CONSOLE} {$R *.res} uses SysUtils, Windows, Classes; type TNLSFindKind = (nlsFindFromStart, nlsFindFromEnd, nlsFindStartsWith, nlsFindEndsWith); TNLSCaseKind = (nlsNotSpecified, nlsLangIgnoreCase, nlsLangIgnoreDiacritic, nlsNormIgnoreCase, nlsNormIgnoreKanatype, nlsNormIgnoreNonspace, nlsNormIgnoreSymbols, nlsNormIgnoreWidth, nlsNormLangCasing); function TextPos(ASubText: UnicodeString; AText: UnicodeString; ACaseKind: TNLSCaseKind; var FoundLen: Integer; ALocale: PChar = nil; AFromPos: Integer = 1): Integer; var Flags: DWORD; begin Flags := FIND_FROMSTART; case ACaseKind of nlsLangIgnoreCase: Flags := Flags or LINGUISTIC_IGNORECASE; nlsLangIgnoreDiacritic: Flags := Flags or LINGUISTIC_IGNOREDIACRITIC; nlsNormIgnoreCase: Flags := Flags or NORM_IGNORECASE; nlsNormIgnoreKanatype: Flags := Flags or NORM_IGNOREKANATYPE; nlsNormIgnoreNonspace: Flags := Flags or NORM_IGNORENONSPACE; nlsNormIgnoreSymbols: Flags := Flags or NORM_IGNORESYMBOLS; nlsNormIgnoreWidth: Flags := Flags or NORM_IGNOREWIDTH; nlsNormLangCasing: Flags := Flags or NORM_LINGUISTIC_CASING; nlsNotSpecified: // we need this end; Result := FindNLSStringEx(ALocale, Flags, @AText[AFromPos], Length(AText) - AFromPos, PChar(ASubText), Length(ASubText), @FoundLen, nil, nil, 0); if Result >= 0 then Inc(Result, AFromPos); // adjusting the position end; const SUB_STR_1 = 'Götterdämmerung'; SUB_STR_2 = 'Götterdämmerung'; // we can use LOCALE_NAME as empty , the system will use the default for user LOCALE_NAME_USER_DEFAULT // LOCALE_NAME_USER_DEFAULT does override LOCALE_NAME_SYSTEM_DEFAULT LOCALE_NAME = ''; procedure LoadFileAndSearch(SubString: string); var StringList: TStringList; OurLongText: string; FoundPos, FoundLen: Integer; FoundString:string; begin StringList := TStringList.Create; try StringList.LoadFromFile('MacOS_ItunesContent_Small.txt'); OurLongText := StringList.Text; FoundPos := 0; Writeln('Searching for ', SubString, ' Found :'); while True do begin FoundLen := 0; FoundPos := TextPos(SubString, OurLongText, nlsNotSpecified, FoundLen, LOCALE_NAME, FoundPos); if FoundPos < 0 then Break; FoundString := Copy(OurLongText,FoundPos,FoundLen); Writeln(#9,FoundPos, ' Length : ', FoundLen,' ',FoundString); Inc(FoundPos, FoundLen); end; finally StringList.Free; end; end; begin try SetConsoleOutputCP(CP_UTF8); // don't know which code page can display the strings in question like it does in a VCL Memo // OS supported code pages are listed at registry path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage //SetConsoleOutputCP(1252); LoadFileAndSearch(SUB_STR_1); LoadFileAndSearch(SUB_STR_2); except on E: Exception do Writeln(E.ClassName, ': ', E.Message); end; Writeln('Done.'); Readln; end. the needed sample file content, copied form the German forum without permission dummy line Götterdämmerung Götterdämmerung Track 4344 Track ID: 11572 Titel: Morgendämmerung und Siegfried's Rheinfahrt aus "Götterdämmerung" Artist: Richard Wagner Album: Rheingold Track-Art: Abgeglichene AAC-Audiodatei GUID: Hinzugefügt: 14.12.2017 17:57:46 Persistent ID: 91453A3B4084EC74 Tracktype: File Speicherort: Macintosh HD/Users/AlfonsYondraschek/Music/iTunes 1/iTunes Media/Music/Richard Wagner/Rheingold/05 Morgendämmerung und Siegfried's Rheinfahrt aus _Götterdämmerung_.m4a Track 4345 Track ID: 11574 Titel: Siegfried's Trauermarsch und Finale aus "Götterdämmerung" Artist: Richard Wagner Album: Rheingold Track-Art: Abgeglichene AAC-Audiodatei GUID: Hinzugefügt: 14.12.2017 17:57:46 Persistent ID: 6C45FF4271B8A57B Tracktype: File Speicherort: Macintosh HD/Users/AlfonsYondraschek/Music/iTunes 1/iTunes Media/Music/Richard Wagner/Rheingold/06 Siegfried's Trauermarsch und Finale aus _Götterdämmerung_.m4a the result should be like this Searching for Götterdämmerung Found : 15 Length : 15 Götterdämmerung 32 Length : 17 Götterdämmerung 135 Length : 15 Götterdämmerung 488 Length : 17 Götterdämmerung 591 Length : 15 Götterdämmerung 936 Length : 17 Götterdämmerung Searching for Götterdämmerung Found : 15 Length : 15 Götterdämmerung 32 Length : 17 Götterdämmerung 135 Length : 15 Götterdämmerung 488 Length : 17 Götterdämmerung 591 Length : 15 Götterdämmerung 936 Length : 17 Götterdämmerung Done. the files FindNLSstring.dpr MacOS_ItunesContent_Small.txt Notice the output on my console is like this using CP_UTF8, but pasting in the bowser fixed it, outputting to lets say TMemo will show correct text like notepad or the text in the forum.

The picture still not clear for me, If i understand it right, then you have a server running IIS and you installed software (SDK) from Global Payment, right ? If the answer is yes then it has nothing to do with Global Payment, the TCP connection is blocked between me (not only me many others) and your server, it is on your Windows and the host that is hosting your IIS, Also you said cloud, what you mean by cloud is it VPS or dedicated, what is the host company ? this one who you need their support to diagnose the blocked connections. I am confirming again the connections are not established, so not TCP handshake, nothing, it has nothing to do with software that is running on IIS, It can be IIS failure or a filter but this is very unlikely, or a firewall, that firewall can either be on your Windows (your server) or running by the host company of your server.

I tried these links and nothing is no one answer the connection timed out. Using WireShark also showed the connection didn't establish and no answer or anything came back, acted like black hole. Using SSLabs.com as you did shows result and successful server response, using two other similar services also shows online server. The problem is not in your IIS at all, it is fine and responding, but when it get connections, there is firewall or monitoring service blocking IP(s), in case my ISP is blocked, find out what is monitoring/protecting your server traffic and reconfigure it, it could be missed/updated configuration on the host part, or simply you did select wrong or tight security template or something there. In short that is not IIS problem at all, and most likely your host security software/hardware, test with disabled Windows Firewall to make sure, beyond that it is not IIS or Windows problem.

Here a faster suggestion procedure FooBar(const X1, Y1, X2, Y2: Single); var Y1bin: Cardinal absolute Y1; Y2bin: Cardinal absolute Y2; begin // Check if both Y1 and Y2 are zero using a single bitwise operation if (Y1bin or Y2bin) shl 1 = 0 then Exit; ... end; Or using AND instead of bit shifting procedure FooBar(const X1, Y1, X2, Y2: Single); var Y1bin: Cardinal absolute Y1; Y2bin: Cardinal absolute Y2; begin if (Y1bin or Y2bin) and $7FFFFFFF = 0 then Exit; ... end;

If only it was this simple ! The idea is right, but the complications can be huge. 1) The code is not handling the failure of UnregisterClass. 2) UnregisterClass will fail if there is a Window still online associated with that class, by online i mean created and/or visible, simply a window with that class exists, from https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-unregisterclassa Before calling this function, an application must destroy all windows created with the specified class. 3) even if did pass and succeeded then there is the other caching software that might already read and copied the Class and its information and might fail, like live translation software or the one for accessibility that read the content of the screen or the ones that completely redraw them in different way (out of the OS theming), such software will behave erratically if performed something at that moment and Windows reported an error with the associated WindowClass. So, i don't recommend such approach, if UnregisterClass should be called then it should put at lower level (deep) in the VCL in appropriated place, and it must recreate all the already created Forms, dialogs, controls... it is huge adjustment.

Found the culprit of this discrepancy, but don't have a solution, or lets say nice solution, on top of that my old VCL is irrelevant to the most , so , someone else should have a deeper look into this. There is two different RegisterClass functions, one belong to Delphi RTL and the other is an OS API, Delphi Forms like other controls do register them selves with RegisterClass with unique name, on both API and RTL, the one is causing this problem is API how Windows store the style, Delphi RTL doesn't handle UnregisterClass (API) correctly or not calling it at all, hence CreateParams and the following creating the control (and setting its modern and advanced style) stay short from performing as intended. As a workaround a suggest to refactor your popup into base and two inherited ones hence forcing the class name used by RegisterClass to be different, one with shadow and the other without, this will be the most clean way, though it must be tested. ps: @PeaShooter_OMO don't call "FreeAndNil(FormPopup);" on Self, this is problematic and dangerous, just use "Release;" and it will be released in orderly form, and you can skip the var usage altogether by using with TFormPopup.Create(True) do Show; // or with TFormPopup.Create(False) do Show;

Testing the real project and now i see even with RecreateWnd it is not reliable, and acting as there is something is not initialized. On XE8, the same code with RecreateWnd, act differently with or without debug dcu included in project settings !, and if there is a break point that halted the code execution then the shadow might appear more frequently.

It is beyond me why it is needed, short coming in CM_RECREATEWND that used to trigger the recreation and when it is received, (i think ) It could be made better but will break things, also may be things changed in newer VCLs but in the older ones RecreateWnd is needed, even it means the recreation will happen twice.

Nothing wrong, just missed "RecreateWnd;" after setting the Params.

I see undefined behaviour, this can go beyond degraded performance and go into literally corrupting the memory or the the worse the stack, triggering very hard to diagnose behavior, see.. calling ".classname" might land on an arbitrary method, and who knows what have been changed in that method/procedure/function... , literally nightmare stuff, and reproducing it is near impossible ! And of course the exception doesn't have to be silent, it could be triggered but after altering memory/stack, disguise the expected behavior and hide what have being changed somewhere.

No, that is misuse between declaration and definition, use what Remy suggested. IFDEF/IFNDEF about definition, literally defined, these are not for the code but for the compiler variables. DECLARED()/NOT DECLARED() these about your code, namely anything that can be declared like consts, records, classes .... It compile in your case because there is no defined directives (compiler directive) under that name. Example: var i: Integer; B: Integer; // comment this and the compilation will fail {$IF NOT DECLARED(B)} This should cause an error only if you comment or remove B from variables {$IFEND}

Hi Anders, I want to list some facts 1) Windows Explorer is an application like any other, and it is not essential to the OS itself, so when RDP application run it will interact between two application, hence the need to capture and handle the clipboard, when i copy a file/dir form my own desktop and try to paste it on remote using RDP, then i am pasting the on my application (or RDP), and this should trigger RDP or on the remote to paste, so it should simulate clipboard is filled then send data. 2) CFSTR_TARGETCLSID is irrelevant here as it used internally by Explorer itself. 3) Microsoft RDP does send file in two different ways, one capturing clipboard and its content then simulate on the other hand, well usually it does that, unless Local resources being shared per setting in the RDP connection, this initiate completely different path to share files and synchronize them between host and guest. 4) SHChangeNotifyRegister can capture files changes and many others like copy and paste or rename, initiated by keyboard and/or by mouse. ( might not be useful or needed after all) 5) Th trick is to capture the event then using IShellExplorer to emulate pasting file in the specified directory, (also might be not needed at all) So in short the solution is not to circumvent any thing, not really, because , as example, i built a RDP application, then on the remote part capture the copy event from clipboard (yes using clipboard APIs), then trigger filling the clipboard on my local PC, then on paste on my local i will initiate the sending file after locking the directory same as RDP (this locking will need shell APIs), same can happen in the other way around. Now sounding this loud, i don't understand the need for monitoring the shell operation using SHChangeNotifyRegister ! may be i lost it there or over complicate things, but the copy and paste is happening into different applications, either my remote RDP with the remote Explorer, or local RDP viewer and local Explorer, sending data is handled by the RDP two parts not involving any Explorer. ps: I spent near 3 hours trying to make SHChangeNotification_Lock work, but i think it is working at last !

Yes. Yes. In two different way, one when to upload and one to download, but this is somehow irrelevant to your usage, as like Windows RDP it comes baked with special integration with for Windows Explorer aka Windows Shell, these are undocumented API and COM objects. How to do it ? You must understand and use these : 1) IFileOperation https://learn.microsoft.com/en-us/windows/win32/api/shobjidl_core/nn-shobjidl_core-ifileoperation this will capture (and monitor) copying files, moving ,renaming .... 2) IFolderView https://learn.microsoft.com/en-us/windows/win32/api/shobjidl_core/nn-shobjidl_core-ifolderview to find the focused folder in Windows Explorer 3) SHChangeNotifyRegister for hooking shell operation https://learn.microsoft.com/en-us/windows/win32/api/shlobj_core/nf-shlobj_core-shchangenotifyregister 4) IShellWindows https://learn.microsoft.com/en-us/windows/win32/api/exdisp/nn-exdisp-ishellwindows this is the core one to start with and needed to find opened folders ..etc Using these will remove the need for key logger and mouse tracking event, yet in case it failed or and because i can't remember how the hooking was triggered as only reporting or intercepting, meaning you can block, in case that the case and you need to prevent the operation, then you will need key and mouse logger, there is few methods to intercept then cancel if you want. Hope that help, as for all the above, there is many questions on the internet and resources on how to do it, but you specific case need to understand and mix and match an approach.

First you missing few details about the problem at hand, 1) You are using Client and the client doesn't need a certificate, to be more accurate the default usage for validation on the client side is to check and validate the path of certificate(s) from the server against trusted root or trusted CA. 2) What certificate is on the server, is it valid ? not revoked ? not expired ?.... 3) What is this certificate you mentioned, is it the root or the CA or the end point that server has used to establish the connection ? Now, what you can do or what you should do 1) By default like any TLS connection, the client must have a trusted root store, to resolve the server certificate to, this include any CA in-between them (i mean the end point one aka server and its root), generally either you have a store (punch of certificates) included with in (shipped) your own application, or depend on the OS provided store. 2) Your client doesn't have a store, then it is OK, you can have one root and resolve the path to like above. 3) You are binning the certificate, meaning you will included one certificate, no store, no validation, not best practice at all !, yet it is OK, will work , and fail later ! , but should work (highly not recommended as it is bad and fragile and can render you communication useless any time when the server lose its private key or the certificate leak and you have to replace it...etc), in this exact case and if this is what you are trying to do , then just compare the server certificate against the one in the pem Hope that help, ps: though you had searched the internet, so i will assume you are loading the pem right and you know to validate or compare, but in case you still missing the point and how it should done, then i recommend to use ICS demos, even if you are not going to use that library, but you can study and understand how to validate a certificate ( or try to shoot your self in the foot by comparing against end point only, against all recommendations )

Is this VM a developing machine or daily driver for browsing internet and download everything you being offered by an advertisement ? 1) developing machine, then you don't need security scanning for everything all the time, right ? 2) daily driver and testing everything you can download, then leave the defender and install like ten more anti viruses, and make sure to uninstall Delphi for your own security and integrity of your code and generated binaries. It is simple, my developing machine is not allowed to see Internet or access anything outside my home network, i don't download anything suspicious from unknown providers on that machine, heck, i even don't allow Windows to update or to contact Microsoft, so i don't need an virus scanner at all. Anyway, it is up to you keep Windows Defender running or just remove most of this useless scanning each time, in worst case scenario let it scan once, and then disable behavior control and live protection or what ever called, by each AV, also make sure to disable sending samples to laboratories to any AV home, also don't even allow any AV to scan your traffic, this compromise you and your data the most,... i am sure i forgot to mention tens of thing to not do, so the most critical advise of them all think of everything they offer in the settings and use logic, and remember if a malicious code is on your device then it only be detected if it is in the AV database, in other words already known !, so all of this crap of detecting illegal behavior in real time is useless crap, if it is know then cold scan will detect it, if it is unknown then it will run unless real time monitoring is kicking it hence will ask you about everything running on your device, the only good thing from a good scanner if that question happen once only.

MsMpEng.exe is Windows Defender scanner and smart locker, and it will repeat the above or similar report for each file or library that bds.exe will load, in that report it is only for one bindcompfmx290.bpl trying to load. So yes disable Defender.