Kas Ob.

Expanding a little on drivers and services, internally all drivers are called services and they configured and launched from one location in the registry Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services Except the OS kernel itself which loaded and hardcoded to load at very first step of boot, all are defined there. So when an error says service it could be a driver.

It doesn't matter, and yes it will help if no object with that name exist then the problem is in the middle between use mode and user-mode driver.

Sorry i forgot to mention to search and find your MyMutex1

Not mentioned is enough for this one, it does confirm it is coming form a driver, low level one.

No not healthy at all. But this one could be the running out resource ! Yes handles has limit and still the same as i mentioned above, the handle is wrongly handled, Please, download WinObjEx64 https://github.com/hfiref0x/WinObjEx64/releases Then share screenshots of the three tabs like this

TO be honest it is not exactly a service but stapled to one, see this cryptic error most likely caused and reported from User-Mode Driver, as kernel mode driver are more detailed error, yet in both cases these drivers belong and part of to an OS service as mentioned above, i think it is between System Restore, Defender or some network mapped drive.

Use Process Monitor without filter(s), them see what is trying figure who reported the Resource Error.

Well, this clear few things Service ! , so the cause is not your application, i am of course assuming your application is not a service, as you didn't mention that and that is very relevant. My logic thinking about this, is that a service very relevant to your application and in this case very relevant to reading/accessing files failed to resources or other causes, here keep in mind many service error are mistakenly reported as resources deficiency due how it is structured to communicate by direct IPC or other method, these belongs to OS IPC designs. So an OS service caused this, how this can be ? OS Services interact and interfere in [a/any] application in directly or indirectly 1) Directly, as example, DNS Cache, TWAIN, or some .NET freak service,.... if your application is depending on something like OS DNS resolving and the service is misconfigured (something broken hosts file) it could lead all sort of such unexplained errors, yes i know i am bringing dns example to file but the idea i want to convey. 2) Indirectly, and this is the most relevant and may be the cause of your problem, see, there is services within OS are built to hook and intercept IO, example Volume Shadow Copy, System Remedy (or something), System Restore, Defender..etc all of these capable to stop your IO from completion, and on top of that if they failed for some reason, and your application is done and gone, and you are left with cryptic error message like yours. Also there is one in particular not mentioned in 1 and 2, Application Verifier, though it is low probability to be your problem, but checking does worth it, https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/application-verifier Make sure if it is exist on the target device, if yes then open it and remove/delete any thing in that list, yes delete them and you will know how once you see it. Anyway back to suggestions and shooting darts in the dark, try to find the service attached to that error, and delete system restore check points, disable then enable... just try to figure what service is interfering and try to remedy it, one of them could have broken policy or setting or just really out of resources.

You landed on the holy grail of bugs ! If you can make smallest demo to reproduce this bug then it is great for reporting, these Variant handling exception/bugs/AV are fatal in the IDE and debugger and there quite few of them, not all do show error messages, many leads to silent IDE crash or just freeze, there is bugs is many places but it could shed light on this Variant mishandle in IDE/Debugger in general.

Well, i don't have a idea about such case per se, but i witnessed many of these when i broke my OS kernel debugging and fooling around, so i have thoughts here But first let me say what is different in LSTC from the normal, they are the same, except LTSC comes with slightly different default policies, policies that are not even listed in GP editor, some of them need to be added using ADMX files to be accessible, to have an idea look here these https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-storage They mostly are documented though, yet many need to be added, so your OS might need some restoring its default. That being said, now to what i think might be the cause, also while we shooting darts in the dark: 1) Storage handling layer and its drivers run in two layers User mode part and Kernel mode part, in some cases i caused a corruption in user mode, this triggered an exception, yet that exception wasn't critical to crash the system as it happened after returning form the kernel system calls (drivers), the exception marked the file handle as corrupted and left it in locked mode, or just the handle tables were faulty and the system couldn't add another handle or even try to read part of that table, sometimes many files locked, so no more file access with strange errors or simply freeze, yet the file(s) were accessible from from different processes, this due the user process sandboxing which start in kernel and extend to user mode. 2) LTSC does have delayed update policy, meaning fewer fixes will be pushed, so if there is a bug it could be simply fixed by update your LTSC to the latest and in case you can't then really running SFC 🙂 (as they always suggest) can help, the more info about running SFC is literally everywhere ! 3) Your disk have a problem, i saw these on Server 2003, also have them on my old XP, the disk wasn't aligned, yes it is a thing and there is few tools to check disk aligning and fix it, https://superuser.com/questions/132296/how-to-check-the-partition-alignment-on-an-ssd-drive Notice that searching the net now gives me only SSD result, but that is not the only case, it might happen with any disk type as it with mine, and also it increase the speed, and linger for trouble in accessing disks, which might be your case, One thing though don't use any non official application or method from any where on the net to align your disk, first check your disk manufacturer if they have such a tool, WD, Intel, Samsung ... they wither have tools or their software will check and prompt you to fix the alignment. And with 3rdpary tools like the one mentioned here https://www.diskpart.com/windows-10/ssd-alignment-windows-10-3889.html It could be fine yet i wouldn't recommended it. Hope that helps !

Standards, specifications and their accuracy ! https://www.di-mgt.com.au/x942testvectors.html

On side note KDF(x) are key driving functions, but these functions are old and mainly used for specific purposes, which generating a key from a key or sufficient and accepted entropy, they never meant to be used for passwords and for that they had the seed added, they should have have been designed better to focus on this issue, not like PBKDF which is Password Based Key Deriving Function, which designed to be get a key from low entropy sources like password and it compensate with arbitrary rounds of HMAC.

Hi, I looked at the implementation at https://github.com/MHumm/DelphiEncryptionCompendium/blob/master/Source/DECHashAuthentication.pas#L997-L1049 and lets say this one https://github.com/MHumm/DelphiEncryptionCompendium/blob/master/Source/DECHashAuthentication.pas#L1067-L1074 class function TDECHashAuthentication.KDF1(const Data, Seed: TBytes; MaskSize: Integer): TBytes; begin if (length(Seed) > 0) then Result := KDFInternal(Data[0], length(Data), Seed[0], length(Seed), MaskSize, ktKDF1) else Result := KDFInternal(Data[0], length(Data), NullStr, 0, MaskSize, ktKDF1); end; The problem is easy to see and and easy to fix here, but lets point the cause Data is TBytes, in other words managed type and if Data is empty then Data is nil, and that is it, accessing Data from class function TDECHashAuthentication.KDFInternal(const Data; DataSize: Integer; const Seed; SeedSize, MaskSize: Integer; KDFType: TKDFType): TBytes; var I, n, Rounds, DigestBytes : Integer; Count : UInt32; HashInstance : TDECHashAuthentication; begin SetLength(Result, 0); DigestBytes := DigestSize; Assert(MaskSize >= 0); Assert(DataSize >= 0); Assert(SeedSize >= 0); Assert(DigestBytes >= 0); HashInstance := TDECHashAuthenticationClass(self).Create; try Rounds := (MaskSize + DigestBytes - 1) div DigestBytes; SetLength(Result, Rounds * DigestBytes); if (KDFType = ktKDF2) then n := 1 else n := 0; for I := 0 to Rounds-1 do begin Count := SwapUInt32(n); HashInstance.Init; if (KDFType = ktKDF3) then begin HashInstance.Calc(Count, SizeOf(Count)); HashInstance.Calc(Data, DataSize); // <-------- here Data can't be nil end else begin HashInstance.Calc(Data, DataSize); HashInstance.Calc(Count, SizeOf(Count)); // <-------- here Data can't be nil end; HashInstance.Calc(Seed, SeedSize); HashInstance.Done; Move(HashInstance.Digest[0], Result[(I) * DigestBytes], DigestBytes); Also as designed, i mean KDFx it does hash the concatenation of Data with the seed, if data is nil then just skip it, and that is the fix. As for your request the specification, then check your private messages, as i attached IEEE 1363-2000 and an old draft of ISO/IEC 18033-2.

Hi, I tried the following to address the overloading and it work, yet the problem you are speaking of is real problem, interface uses Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics, Vcl.Controls, Vcl.Forms, Vcl.Dialogs, rtti, Vcl.StdCtrls; type TMyColor = type Cardinal; type TForm10 = class(TForm) Memo1: TMemo; procedure FormCreate(Sender: TObject); private { Private declarations } public procedure AddNumberToMemo(Value: string); overload; procedure AddNumberToMemo(Value: TMyColor); overload; procedure AddMyColorToMemo(Value: TMyColor); end; var Form10: TForm10; implementation {$R *.dfm} function ExecuteInstanceMethod(Reference: Pointer; const AName: string; const Args: array of TValue): TValue; var context: TRttiContext; instType: TRttiInstanceType; obj: TObject; meth: TRttiMethod; parameters: TArray<TRttiParameter>; MethodIsFound, ArgumentTypesAreEqual: Boolean; index: Integer; LastError: string; begin context := TRttiContext.Create; try meth := nil; MethodIsFound := false; obj := TObject(Reference); instType := (context.GetType(obj.ClassType) as TRttiInstanceType); for meth in instType.GetMethods do begin MethodIsFound := SameText(meth.Name, AName); if MethodIsFound then begin parameters := meth.GetParameters; ArgumentTypesAreEqual := False; if Length(Args) = Length(parameters) then begin for index := 0 to Length(parameters) - 1 do begin ArgumentTypesAreEqual := parameters[index].ParamType.Handle.Kind = Args[index].TypeInfo.Kind; if not ArgumentTypesAreEqual then begin LastError := 'Argument type of ' + parameters[index].Name + ' is not ' + parameters[index].ParamType.Name + ', it is ' + Args[index].TypeInfo.NameFld.ToString; //raise Exception.CreateFmt('Argument type of %s is not %s, is %s', [parameters[index].Name, parameters[index].ParamType.Name, Args[index].TypeInfo.NameFld.ToString]); //Break; end; end; end; if MethodIsFound and ArgumentTypesAreEqual then Break; end; end; if (LastError <> '') and not (MethodIsFound and ArgumentTypesAreEqual) then Form10.Memo1.Lines.Add(LastError); //raise Exception.Create(LastError); if (meth <> nil) and MethodIsFound and ArgumentTypesAreEqual then begin result := meth.Invoke(obj, Args); end else Form10.Memo1.Lines.Add('method ' + AName + ' not found'); //raise Exception.CreateFmt('method %s not found', [AName]); finally context.Free; end; end; procedure TForm10.AddNumberToMemo(Value: string); begin Memo1.Lines.Add(Value); end; procedure TForm10.AddNumberToMemo(Value: TMyColor); begin Memo1.Lines.Add(IntToStr(Value)); end; procedure TForm10.AddMyColorToMemo(Value: TMyColor); begin Memo1.Lines.Add(IntToStr(Value)); end; procedure TForm10.FormCreate(Sender: TObject); var T: TMyColor; begin // addressing overload ExecuteInstanceMethod(Self, 'AddNumberToMemo', [100]); ExecuteInstanceMethod(Self, 'AddNumberToMemo', ['Color3']); T := 99; ExecuteInstanceMethod(Self, 'AddMyColorToMemo', [55]); ExecuteInstanceMethod(Self, 'AddMyColorToMemo', [T]); // T handled as Int64 ! end; end. the result in memo is 100 Color3 55 Argument type of Value is not TMyColor, it is Int64 method AddMyColorToMemo not found Now, my IDE is XE8, and i have %50 confidence that this behavior might have changed overtime for RTTI, yet i didn't tested it with my older IDEs, i will assume it irrelevant for any of you, yet you may want to make sure that the compiler behavior with RTTI is consistent for newer versions. As for the exact problem i saw above which i assume is your question to begin with (i might be wrong and missed that), if RTTI only will return TMyColor then you need to search and globally of the included/shipped RTTI to try and resolve TMyColor to its base (origin), if that work then it could be resolvable by building a table then cache it for multiple reuse. That is the problem with RTTI, once you typed a type then there is few moving parts, hidden and silent done by the compiler.

Can you confirm the assertion code is there ? (i mean the compiler did add the code ) I ran of something similar but it was the IDE fault, sometimes disabling the assertion in project options, and then re-enabling them is not enough for some reason the compiler will not add them until calling clean on the project or closing the project and re-open it, this happen on XE8. In all cases put a break point and see if the assert code in assembly is there, also it could be a forgotten directive somewhere.

Hi, I waited for someone else to add an answer for you as i don't use LockBox, and have no experience with it, sources i looked at https://github.com/TurboPack/LockBox https://github.com/TurboPack/LockBox3 Now to what i see (without building or compiling anything): 1) Extracted the private key from your post and pasted it on ASN1 decoder and here the result https://lapo.it/asn1js/#MIICXAIBAAKBgQDFoP5AJIv1KFGRpv_Uw7drFXjWbZG6wNsO7P58ocZIcxyKGU6uTgXw8N1IvTmd9yXRSdcb2fCWB7J_QUQDJQ3YuuXSOQCVOdi8Wy9UoZ5jNdqtZ6CMCvnK_v4Wy38ZhrB0CRkeiuyjmUdfQhe8mh3pE3iFBusYd1TVCxQt3VBkqQIDAQABAoGAaYBaeo-ID6YodWL7a-_XeNkLmxz_EP1nc_5clNgf7AlXkPmVoUORtGBBIVWy7ntDuwh6Ryn_X3hYd8q1riAX1UwVuUduOENmgyzmO1rRIoB_17vzYwVMYOB2h-qbxEqjg4dUfk_1occyDwpehWel-1NIgvQLNYLcn2JXxkAyrMkCQQD37-3Y8sjYxwApgiIClsCjrla73cS_QwzArGEnOjBs86LyzCc0pNzmP2OD0a9VlD3k6dMnhT2Oj-2knZs8dUlHAkEAzA4_mQeFvdiKIkzUBECn3w9Ylu2IfpKnQt_0EFUENxS9ONZ1jj4pzDBfZosgwnE1GiECELM3R_6Pzl-uIGrajwJBALm5HG3az-CykMiHFnrh-kOiII5xvSOYUkEx30THLecvSeyeSPACXwaKjTz9IV31wbdsACQmhsn3vogFF3feU5kCQARP9MYeI5RshBbPeteQKjwLjfq6kFzkaoZ-RyElOs6TMKCH37oe1DFNgGahYBLb45xmwC1sLCnoVk-tM_fZaj8CQGQyIlxwbgNBBdV3wnmtX9yPDflOsjpo3FuBMOu3nZADKEpmTXFgdwP4oMMbCmDvH3dav92LE5JN1cPik9z0Piw And that is correct and valid RSA key, yet clicked and browsed the sources on github, there is no ASN1 decoder in the sources, the closest thing is using OpenSSL to do the loading of the private key, or to be more accurate to decode the private key to usable format by TP. 2) searching for KJUR.crypto.Cipher.decrypt, found this https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Cipher.html So the encryption indeed is RSAOAEP, (RSA encryption is completely different from RSAOAEP for future references don't mix them), also check the sources and its look like TP can do RSAOAEP https://github.com/TurboPack/LockBox3/blob/master/run/RSA/uTPLb_RSA_Primitives.pas#L116 And that what you should use, so your code is using "Signatory: TSignatory" in complete wrong path 3) Also important the JS code does the decryption, and as usual decryption parameters way less than encryption, to perform RSAOAEP encryption and decryption sometimes you need the default parameters and sometimes you need to figure if there is some default must be set before the decryption. 3) Couldn't find useful examples for you but, so others may help here, or you can start by looking at https://github.com/TurboPack/LockBox3/blob/master/test/uLockBox_RSA_TestCases.pas#L466 Notice there codec and no TSignatory, but the most important (for me at least) these keys are not decodable as they are not ASN1, from the sources they look like custom format specific to LockBox Here SO question, close enough to your problem https://stackoverflow.com/questions/68186850/lockbox-3-encrypt-rsa-with-public-certyficate Again couldn't find what can solve your problem in full Suggestion With above i hope you have better understanding what is your problem actually is, it is loading the private key as first step, then perform the right decryption with RSAOAEP, and that is it, so either try with OpenSSL to load and decrypt or look for different library. And good luck !

Well, this is easy and hard to explain at the same time, it is very easy as cryptographically process and there is many standardized schemes to ship keys/data in an encrypted way, but harder to explain in plain human language, but .. I will give an example on how this is done , As example take how secure connection are established between browsers and this site, the client (browser) and server negotiated a shared key, by shared key i mean they used specific algorithm to reach the same key without shipping (sending) it, but older algorithms were way more simple as the key wasn't shared but generated on peer side (client and server) and shipped in encrypted form, this was called key encapsulation, meaning client and/or server generated their own keys and sent it to other party, this was and is still secure, how it was secure ? because the client after receiving the server certificate used the server public key to encrypt its own chosen key (aka encapsulate it) and send it, only server or any party has the private key can extract that key. Now, what if we replace client and server by hardware token, and make the private and public key already in the hardware !! this will make shipping private key (or any payload) between tokens secure and only who know the already stored private key (should be no one away from the one who stored them) can extract these keys, and this how token can be copied or duplicated. On side note, most secure and modern post quantum cryptography algorithms are incapable of key sharing and only do key encapsulation !

I have few : 1) Get familiar with EurekaLog, being having the sources or not, with the source you will have faster and better understanding on how things is done, but in all cases spend few hours with its demos and the documentation, keeping in mind EL comes with default behavior but in no way you are obliged to follow it. 2) Use the real gem in EL, the customization, yes, you can customize every thing from error handling to generating the reports. 3) Don't go after a fast kill by replacing all the existing error handling with EL, in other words don't make a shock to your own source code while generating bugs unintentionally, keep the existing error handling for now and ship/build EL report with it, have a look here https://www.eurekalog.com/help/eurekalog/how_to_add_information_to_bug_report.php you can ship the existing logs and error report as fields or as attachments. 4) i don't like the EL components, not because they are bad, but by design these components are initialized after/while a form is created, this could be too late, use events and other EL API from its SDK, example for what important to browse and use https://www.eurekalog.com/help/eurekalog/index.php?how_to_register_event_handler.php https://www.eurekalog.com/help/eurekalog/index.php?index_eevents_routines.php Lastly, don't let its new API design and functionality overwhelm you, take your time (and this is important) to test each API in a test project, before adding it to your production application, some functionality need understanding and tweaking. ps:I had the chance to fix a project, it was big with its own error handling and reporting same as your case, i introduced EL gradually, combining both error reporting, and removing the existing (old) error handling, only few every few days, providing debug version of the application with EL capture all handled exception, then disable the ones that are solved using my own filter in code (using the events) sometimes the shear amount of handled or silent exception is in millions, due to stuff like integer overflow !, but in the end even those disappeared and the project become exception free, except the intended to be exception by design, and it wasn't worth change the application functionality to remove those. Hope that helps.

It is doable, but you need to understand what/which encryption scheme is used with php side that uses openssl, is it standardized one or not, then replicate that on Delphi application, one thing though the most crucial thing with RSA encryption is padding !, so .. I suggest to go with TMS but before buying have your question to their support Sales/Technical, just make sure to give them full and detailed information unlike your question above, like what php code/library is doing the encryption so someone can identify the scheme/algorithm for you. to get an idea of some of standards look at this page https://www.cryptosys.net/pki/manpki/pki_rsaschemes.html yet any code (like php) could be using its own implementation, hence it need to be custom decryption method and of course this include padding.

@dummzeuch Can't test it right now, as it need more code to make it work, but Don't ever use select in that way, in general all looks fine and correct, but without socket errors not the ones with API calls return, but the ones from "exceptfds", without checking for socket level errors you are driving in the dark, if error was signaled on the socket then read will hang for ever ! Add exceptfds, and then check for errors before read or write, as in many cases both error and read/write might be triggered and reported at the same time, in your case most likely this what did happen, an acknowledgment received to close and both readfds and exceptfds had been signaled.

I am chipping in, i don't have CPU with E-Core and P-Core, but i believe i do have a clear picture on them and will try to explain and clear few misconception about CPU core in general, HT (also called SMT) and the new technology E-Core with P-Core. (too long to read ?, just skip the latest few lines) We must start at the beginning, How Multithread is working ? in other words how OS simulate and provide Multitasking ? This is essential to understand, as many know it, the running thread which called CPU (aka CPU processor), must be stopped and switch context then continue from the new point, and how low level interrupt involve is irrelevant here, one can imagine a hardware timer by the CPU itself stop the current running process (from execution processing in virtual mode) and start by going to specific address in protected mode, this make the thread (again i am talking about CPU and running Core thread) a kernel one, this thread itself will run in the context of OS scheduler and will pick a new context then continue, hence will appear as the OS providing multitasking by slicing the running time between multiple contexts, these multiple contexts could be in hundreds or thousands, and these have nothing to do with CPU or any hardware, it is agnostic for the CPU and it is irrelevant, so the limit is OS resources to save contexts. Thread context, is resource(s), from the OS point of view is very small and limited, it is essentially are the current CPU registers (general and others including execution pointer, stack pointer, debug ....etc), these are a must to make the thread continue running multitasking, but the OS also need its own identifiers and resources, but again this one is very small as it is one memory page (4kb) storing the context needed by the hardware ( registers and what not) and the OS specific data like the thread TLS and context recognizing if it is User or Kernel one... that in very simple way and it is enough to understand how the OS with one core CPU ( one running physical processer) can provide multitasking and multithreading. The process or the operation of switching the context is well called Context Switching.. duh ! and it happens in software, in OS kernel scheduler. Now with multi physical cores, the above is the same multi core can and will do the exact same as one core, only the kernel scheduler start to become a little more complex (aware) to adjust and when and where these threads continued to run, example if a heavy process thread running with higher priority and taking its sweet time, the scheduler might refuse to perform a context switch and send the thread running to continue its work, or decide to pick a specific thread was running on the same core instead of making salad and arbitrary switching, there is much to write here, but this is enough for now. Now at some point CPU manufacturer had an idea what if we did the switching of the context instead of the OS kernel, hmmm.... we can simply build our own hardware context and simulate 2 thread while doing nothing at all except storing the hardware context of the running CPU, and thus they created HT (hyperthreading), it doesn't provide anything other than performing hardware context switching on its own, and in theory they can make HT3 version for simulating 3 threads (3 logical core form one physical) or even 128 logical one, but the CPU must have extra space for storing the contexts and that is it, so it is cheating or faking. Now, how much is that HT useful or gaining performance? the answer is it depends, mostly yes it is faster, but it could be slower, see... my Windows 10 saying there is ~1460 running thread at this moment of writing, my CPU is i7-2500k, no HT !, my HT i-2600k burned in March so i replaced it with the mother board with used one at $35 , and i am satisfied with this as the change didn't make dramatic or even noticeable performance change for me, anyways, OS is deciding when and where to switch the context to, as almost all of these ~1500 threads are doing nothing, just waiting on some hardware interrupt, signals in general, software ones. when HT is performing slower? while if there is very intensive execution, the OS could do better than hardware in the context of context switching because it does know to whom give more execution time slice, here the hardware switching is fooling the OS and wasting time, there is many resources on the internet asking and explaining how and when HT is slower or faster. So to short the above HT is a cheat trick by the CPU to emulate another core, very helpful with more of the %90 any modern OS CPU usage. Now to our main subject E-Core and P-Core, intel wanted to break this stall, as we did reach the peak of CPU speed with Sandy Bridge or may be Haswell, they invented and added many tricks to enhance the performance, but they weren't enhancing the performance of the low level instruction execution, all the tricks were about the end of the execution, the result, the visible change, and they did great job mostly in decreasing the power usage and enhancing the output, yet there was the problem with HT and its impact, as HT at anytime can be hindering. So they implemented and presented a new standard (technology) to involve the OS while adding new simplified cores, physical ones, these ones doesn't have the full potential of latest Intel technology and tricks !, these could be the ones that are waiting, of course this need the OS to signal or mark the current context as ...like.... nah.. this one is performing Sleep(t) or this one is blocking for another thread so this is lower processing priority, we are talking about E-Core (efficiency core), it is full CPU with full capability, BUT it doesn't have the full packages of Intel tricks, like out-of-order-execution in its full window length, or lack the out-of-order-execution or full dedicated L1 cache size like P-Core, i don't know for sure what have being decreased or removed to be honest, and quick search didn't help much, but you got the idea, most articles draw them as smaller in physical size like this, notice the size and the E-Core shared LLC (Last Level Cache, known as L1) Now after all of the above comes how to utilize the CPU in full with the existence of P-Core and E-Core, i can't answer that too, as i don't have physical access to one, and answering this is little harder than it seems, like this article is deep and great https://www.anandtech.com/show/17047/the-intel-12th-gen-core-i912900k-review-hybrid-performance-brings-hybrid-complexity Few extra thoughts 1) While my late deceased HT CPU was with me something around 13 years, big chunk of its life was running with HT disabled, yes if you are going to optimize and do the right clocking then HT will only corrupt your result. 2) To be honest disable HT didn't impact my PC experience at all. 3) if you ever need to use fibers or you are building application with intensive CPU usage, you really should disable HT, as it will only throw sticks in the wheels of your application or server. 4) While it is useful in general, i mean all the Intel tricks, some of them are expensive, and not worth it at all, just waste of money. 5) The huge impact that every one should pick is power consumption when choosing CPUs, as it will reflect how CPU will throttle, and when, the lower CPU power needs, the faster and longer it will perform the intensive processing, while in obvious way if you don't need the intensive usage then don't buy the most expensive, it is simple logic if you think about it, paying top $ for a feature that may save me few minutes per week, is waste of money, and if you calculate if that saving will be in hours per week, then it is valid argument. 5) In general, wouldn't expect E-Core to be a lot of useful in doing work , as they designed and implemented as second degree performer, and should be dedicated to waiting for input, as many of the resources i read they really under performing when it comes to memory operations, aka performing as they were cores from decade or more ago, so utilizing them at %100 could be a mistake as all what they will contribute is more heat by consuming more power, affecting other cores and causing throttling. 6) About throttling, while yes throttling is decreasing the power and the clock, it doesn't mean the newer CPU will not shut down the E-Core, in theory it will be easier and more efficient to shut down a core, but hey, there can't be a shut down, it will be running the core at lowest clock possible with the lowest power possible, this might be what is going on, and this is my personal opinion, modern CPU should start to throttle cores in interleave way, in hope to dissipate the heat in half step instead of lower them all, but based on .. again my opinion, but not the least it will be easier and logical for the efficiency to throttle E-Core before P-Core. Lastly, for the subject of this thread and the Jud question, you need to monitor your CPU in lowest level you can, share with us a screen shot of Process monitor while application under full load where you expect it to utilize %100, only then we can say something, look at task manager when report the overall of all the cores (logical and physical) is uninformative !, and wrong way to find the short coming, to be honest i didn't see a screen shot of these mixed core as reported by monitoring tools, like Process Monitor or even CPU-Z... Hope you find this informative and helpful.

Yes, i got that and in fact this is visible when you verify, you can get the full of hash table like this But my question is Why and How is this useful ? while i found how to build it manually and also verify it, my question is how is this a useful thing, what is the point to hash each page alone when signature is only depend on the the file hash in full, meaning if a page has different hash means that page is tempered with, but this also will change the file hash and render the signature invalid. i asked if someone has saw it in the wild being requested or needed, my assumption is this feature could be one of futuristic feature that being dropped, or it might be still active and hidden (undocumented) by Microsoft, to validate page integrity for already loaded binary, in other words to make it easier and faster for lets say Windows Defender to validate specific pages instead of keeping calculating the whole memory layout of the loaded file, also while not all pages on the file would be in the memory loaded, but this could give the ability to check protected pages for loaded binary if the protection being changed, hence can be way faster to detect tempering while remove the need to pre-calculate these hashes at the loading moment, but yet again DEP should prevent this, unless it is a feature to allow to patch memory pages in safely method (API), yet not documented. Anyway... that too much ranting.

Hi, This version of GetTickCount works in both flavors (32Bit and 64Bit) on all 64Bit Windows versions, the result is identical to both APIs, also the 32Bit version of it will work on all 32bit Windows versions, the problem is i don't have access to to 32Bit Windows that is running for more than 49.7 days to test the 64Bit result version, And here comes the question for the help, if anyone have access to such OS, like Windows XP or Server 2003 that is running for that long time, it will be great help to test the result from the 64Bit result form this emulated API, and confirm it does return true value with value above the 32Bit. function GetTickCount64Emu: UInt64; const KUSER_BASE_ADDRESS = $7FFE0000; //KUSER_BASE_ADDRESS_KERNEL_MODE =$FFFFF78000000000; //in case it is needed begin Result := (PUInt64(KUSER_BASE_ADDRESS + $320)^ * PCardinal(KUSER_BASE_ADDRESS + $4)^) shr 24; end; Rename as you wish, and adjust as you see fit, like make the result Cardinal to replace GetTickCount or keep it as UInt64, it doesn't matter. and keep in mind it does exactly what GetTickCount and GetTickCount64 do, as this snippet i decompiled form the OS, also this address is fixed across Windows versions, and belongs to a readonly page protected, also in the past, well, far past Microsoft documentation for DDK, was suggesting using the same algorithm for games engines to ditch calling API for timing, to squeeze few extra cycles, so even if this approach is not documented now, it was and will stay accessible. The operation of multiplication and shifting is as it seems a simple division, but with fixed point, hence the bit shifting, per Microsoft documentation the Windows OS kernel is prohibited from using float point operation, and only fixed point are allowed, those has the point at 24th bit. If someone has insight about this, then please share, and if someone can confirm a result over 32bit on an old or new 32Bit system that was and is running for over 49.7 days, then it will be great to share the result.

To make it clearer, your result is 5283539281 in decimal which is 13AEC6951 in hex, meaning it did not wrapped (overflow) and performed exactly what GetTickCount64 should/have returned.

Brilliant, thank you very very much ! This test is very hard to wait for and make, and you did it, really appreciated your sharing.