Kas Ob.

He can and that is the problem, he can and there is a result but it is for different user as IIS (the host of the ISAPI) run in its own user, so most likely the error is the path doesn't exist or something. IIS run starts and runs in separated own user privileges, hence the complete different registry local user, also it deliberately has limited file access to prevent ISAPI from doing nasty stuff, or when things got broken and hacked that ISAPI can't compromise the system in whole. Also there is IIS isolation mode https://learn.microsoft.com/en-us/iis/manage/configuring-security/ensure-security-isolation-for-web-sites which spawn different hosting process with another different security context. @Sebastiana the best way to solve this right, is to ditch the registry and switch to either file ( in a guaranteed access directory for this ISAPI), or run a separated windows service to serve the registry to the ISAPI using some IPC, if there is an legacy code that is running on the same machine then it is possible to make it serve these data to the ISAPI, away form that it will be just ugly workarounds and most likely will break later due some changes in IIS or as always some hardening tools that change policies for IIS and running ISAPI's.

@Sebastiana from https://learn.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regopenkeyexa If your service or application impersonates different users, do not use this function with HKEY_CURRENT_USER. Instead, call the RegOpenCurrentUser function. And your ISAPI is running under different user most likely the is the limited IIS_IUSRS, you need to use RegOpenCurrentUser https://learn.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regopencurrentuser https://learn.microsoft.com/en-us/windows/win32/sysinfo/registry-key-security-and-access-rights

I do use FileZilla for years now, but can't remember the last time i downloaded it from its site ! And from the screenshot of VirusTotal, the classified it as AdWare, RiskWare... not really as malicious as it sound but yet there is a BundleWare (have the ability to download and run) that comes from different developer included in that setup. I recommend to use the portable version from https://portableapps.com/apps/internet/filezilla_portable But by using only the portable application we lose the ability to update in time, so i recommend to use portable platform itself, it does manage these applications nicely, https://portableapps.com/ The selling points of this: 1) they are in one place, and with one click the launcher can check and update them. 2) They are portable, meaning if you switch windows or copied that folder in its whole, it will work on any Windows with all the settings, history... as the user used it.

I did that many times in very similar needs, but instead of MessageBox which also i in the past used, now i do exception in a loop with Sleep(1) with check for global boolean variable, this will stop that thread specially if i am after the main thread. In some cases starting the debugging process is very slow if i don't know exactly when it will happen, like hunting these loch ness situations, but with that loop i don't have the message box, where the main thread had altered stack or touched, attach the process to the debugger then it will break in place, then change that global to exit the loop.

Hyper-V Server 2019 is free LTSC and will stay like that until January 2029, which is its EOL https://learn.microsoft.com/en-us/lifecycle/products/hyperv-server-2019 https://www.microsoft.com/en-us/evalcenter/evaluate-hyper-v-server-2019

The answer is easy for this one : Because hitting Delete on file using an application is not equal to hitting Shift+Delete on that application ! See, hitting Delete with or without Shift in Windows Explorer, will perform what Windows Explorer designed to do, in most case as in default Delete a file using Windows Explorer is simple move to Recycle Bin, and if that explorer is broken by an update then Microsoft had broken many things, on other hand the Explorer is the main target to abuse by every AV out there, as it is the users default UI, they hook it and then break it.

Hi, though i have never used DCP i have looked at this https://github.com/SnakeDoctor/DCPcrypt and can elaborate here. Of course it is !, and what is wide ? thoughts here : 1) there is no wide definition Cipher Blocks algorithms against the usual, there is no such thing, for BlowFish and its SelfTest it is only 64bit (8 bytes) as it should be. 2) BlowFish is 8 bytes block cipher, and you are misunderstood the context of this self test, from what i see this self test looks well defined, and you can't (and must not) introduce or use (for block cipher like blowfish ) a key with 32 bytes, that is wrong, these (almost all) block ciphers algorithms are not standardized (or defined) to handle a key with arbitrary size. 3) same as above (2) only with the data blocks, they are also have specific size with BlowFish it is 8 bytes, with TwoFish and AES is 16 .... Here i am assuming you want to your own self test, or introduce different Test Vectors, so you need the higher level of this implementation for this cipher, the one encapsulate this algorithm, which from what i can see it is TDCP_cipher, this one implement the supported algorithms though TDCP_blockcipher64 or TDCP_blockcipher128, these two does the functionality of longer data handling, aka multiple blocks of data, yet you can't use them, so you really should only use TDCP_cipher for your not only tests but in every usage. Using TDCP_blowfish directly is for only for the who really know what they are doing or who will either stick to only one block or will implement their own higher level encapsulation. Now an important thing to keep in mind and remember always, Block Ciphers works only with defined key length and they can't handle arbitrary key length without introducing another algorithm preferably a standardized one, so stick to the key length for each algorithm, if you are trying to make compatible encryption with different library that is using/accepting arbitrary key length, then you need to emulate/reproduce that part of key trimming/expanding to the accepted key length. in case you want arbitrary key length, then you should look up PBKDF2 algorithm or the less recommended KDF, i can't see these in DCP, so either i don't where to look, you you can just ditch DCP and switch to another library, here comes others who can suggest libraries for you after you extend you need exactly, for me i would not suggest BlowFish for anything, unless there is a legacy data (yes data and not an application), legacy applications should use more modern and more secure algorithms. Hope that was clear.

Will work, but will need lot of details to be ugly. I am suggesting as Remy suggested, switch all the CobmoBoxes to custom draw (virtual mode) and solve this for good.

Good point, but remember invoking/calling CreateThread from local thread doesn't require specific privileges but while injecting (almost always ) with CreateRemoteThreads does require security privileges. This is interesting https://github.com/stephenfewer/ReflectiveDLLInjection/pull/17 FireFox indeed tries (tried in the past i don't know the current code) to protect itself from remote injection by hooking the BaseThreadInitThunk not the RtlUserThreadStart, for the same reason that RtlUserThreadStart is not always the start point. More hmmm. Doesn't really tell me much with regard to the source of the thread. Well you are diving deeper into OS kernel, so to make sure we are on the same page first let clear the separation of the functions in the OS as whole Kernel part and kernel user part. In Windows there is 3 levels of functions, and they are named little differently, sometimes the difference is only with Nt or Zw against nothing, or completely different name encapsulating multi functionality. eg CreateThread is for RTL user mode, this will internally call NtCreateThread we still in the kernel but in the user part which is lower than user process but higher than the kernel itself (the hidden and protected one), then comes ZwCreateThread which reside in the kernel and this one is system call not system function, meaning the execution is not done by simple assembly branching instruction like JMP or CALL, no this is done by SYSCALL and SYSENTER https://www.felixcloutier.com/x86/syscall https://www.felixcloutier.com/x86/sysenter This page https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/using-nt-and-zw-versions-of-the-native-system-services-routines explain the difference but still hard to grasp or understand it from one reading, hence i am trying (or failing) to make clearer a little. With each level different checks are performed for security, errors, ... Zw calls are essentially to be called directly and exclusively form drivers and the kernel, Nt calls are less strict yet these Nt call are the ones that will check for privileges to perform/acces from User more process, while Zw are the ultimate to decide as there is many of them will simply refuse to execute because the calling thread is not kernel one, Nt will refuse to execute if you don't have user mode privileges. Take as example CloseHandle, this function does close almost everything yet it called CloseHandle, there is NtCloseHandle, but there is no ZwCloseHandle, there is ZwClose that perform all the closing in the kernel. Now i drifted far form the question and your comment (but for IMO good reason), NtCreateThreadEx is the real function behind CreateThread (which in fact is calling NtCreateThread) from the User Mode and will perform the same functionality but it does have the last check for privileges and context to execute or invoke a new thread. Not sure if this was clear, i just hope.

What to say, i have pasted the link and mentioned many times 😎 For more powerful tool i use, different but more invasive/intrusive i use CheatEngine https://www.cheatengine.org/ https://github.com/cheat-engine/cheat-engine Written mostly in FreePascal, and it is for games, yet it is so much powerful with its monitoring and even capturing low level event like executing a specific assembly code or passing though (executing) specific address or even accessing a block of memory (read or write), also there is LUA scripting... In short it is really useful to master and use.

Hours and hours digging into Windows kernel, also the name of that first in the stack function is very specific and very familiar RtlUserThreadStart, as example, CreateRemoteThread doesn't invoke this one. Lastly from old readings, i can't find many resources but have a look here http://www.nynaeve.net/?p=200

@aehimself use ApiMonitor to find these not-yours threads http://www.rohitab.com/apimonitor NT Native -> Process and Threads -> Ntdll.dll for lower level functions and Process and Threads -> Thread -> Kernel32.dll for higher level function (your usual user mode functions aka RTL)

Yes there is, but in this case the RtlUserThreadStart from the kernel user mode (ntdll) is the one supplied with ThreadProc from CreateThread from this running process.

Evidently it is from Delphi code and started with CreateThread , see the UserThreadStart ? that is it. So this thread in particular is create from library you are using, it could be VCL or RTL or 3rd party or some unit you included, but without any doubt it is started from CreateThread there is high chance to be from TThread somewhere, but this is an encapsulation after all. There is also a chance it is from a DLL your code is calling, but again this thread is created from user space code not the kernel, also from the stack itself it is deep nested with 7 levels in your EXE, so it should be easy to identify.

I didn't say it is SSL/TLS issue, i used that error (issue) to make some logic (deduce) about failed synchronization or wrongly sent buffers due faulty destination assignments between threads and sockets.

Right. Microsoft define its literals strictly in most cases, yet the compiler has well defined behavior, both for the best outcome from using the SDK. Look at this no problem and no warning. Here the compiler warns but compile, and the IDE didn't show anything different for the other DWORD and INT32 But here with lets say HANDLE Things are very different, as HANDLE are defined as struct as you know, specially to prevent the code from doing constant assignment. Like this Now why it is an integer: i think because it had been misunderstood as very big value (not the biggest though 0x80000000) instead of lowest possible negative value in 32bit, it could simply been declared as -1 and called a day, but who knows might be some legacy issue.

Sorry, I can't agree on the rightness of this, heck.. i might call it rightmess ! Is Delphi 12 compiler handling (and generating machine code for) untyped numerical constant (literal) to be evaluated at runtime ? That is wrong. It would be great if you or anyone shared these warnings, i only can imagine what could be the case(s), but still when and where the compiler draw the line for such runtime evaluations yet it does accept them at compile time ? Also on side note how the compiler will handle such constants without a type when used in 64bit (Int64 and UInt64) ? See, the idea of being typed by a modifier after the "=" for numerical constant is disturbing me.

assuming these cores doing near nothing except your stress test, right ? If you tried to open FireFox while doing such stress test looking for weak and missed situations to break, open it then try few tabs with Youtube playing videos, then see how that probability goes 100 times to 1/350, cores here will not help you as different application running on that server can easily make OS thread scheduler switch in different and biased way, this is the same case if you have your application running on server and then some like 2 Hyper-V guests booted on that device, it is doesn't worth to gamble. The role is one gamble like this and literally your application needs to restart at best case scenario, while the worst it will cost money like lost hours of work or simply corrupted data.

This inconsistency is very annoying with Delphi compiler, and as you see it, untyped constant should be ... well .... untyped , duh ! , its value i mean in this case numerical value used as needed and casted in place of usage. In this piece the compiler refuse to handle "HandleDWORD(A)" for no logical reason, notice it doesn't have problem with the more dangerous one "HandleInteger(B)" const A = Integer($80000000); B = DWORD($80000000); C = $80000000; D = MINLONG; procedure HandleInteger(Value:Integer); begin Writeln(Value); end; procedure HandleDWORD(Value:DWORD); begin Writeln(Value); end; begin HandleInteger(A); HandleInteger(B); HandleInteger(C); HandleInteger(D); //HandleDWORD(A); // [dcc32 Error] Project5.dpr(36): E1012 Constant expression violates subrange bounds HandleDWORD(B); HandleDWORD(C); HandleDWORD(D); Readln; end. Result on my XE8 I wonder what is the result with Delphi 12 ?! considering there is a change did broke untyped constant handling.

You lost me there, i don't understand the context of this assumption the why and for what, also sockets are sequential when they are TCP (and only) . About the mentioned error in the called Gitter (first time i see it), it is clear and without doubt that your receiver (client or server you didn't mention or i just miss it) had received unprocessed data by SSL/TLS handler, the other party sent plain data instead of the layered or secured TLS buffer. With this in mind then your server/client had messed up the integrity of the data (or stream), this easily can be happen if you are using multithreaded design and mixing protocol or multithreaded with corrupted (not protected or thread safe) socket list, example a buffer of plain data should first processed for layered security, then that buffer should be sent to the one and only socket established the secure connection or establishing one, here no matter if you switch between ICS or Indy the problem will persist, because your socket handling by your threading model is broken or faulty ! So as suggested above, provide the smallest but detailed (preferably code) how you handle threads and sockets and how are you separating them. Also expanding on this will help, Your own implemented data ACK or the the default TCP ACK ? Also as Francois mentioned to not complicate this thread with ICS and Indy, you might need to start another thread.

Hi, Angus answered, but i want to suggest different and shorter approach. Just build an application with two servers HTTP at port 80 and HTTPS at port 443, make it relay everything from one connection to the other, that should solve your need for browsers secure connection to the device. By relay i mean, there should be one connection for each of these servers and whenever data being received from one then send it to the other one.

I prefer long pants.

Hi, I always test my text and DB applications for international clients, not only international but when ever a user might be input text and locale might be a concern, which is almost always the case, with https://github.com/xupefei/Locale-Emulator Get familiar with that emulator mainly because it really save your time on changing OS settings (non-Unicode and interface) and combine that with virtual keyboard or just use copied text from Google Translate using Chrome and FireFox, don't use Edge ! Never used TStringHelper though in my code, mostly due the old Delphi versions, so try to reproduce this on your developing machine. Hope that help.

Forgot the moral of all that The best way for high performance is to not push the threads (job or whatever), let them pull/poll on their own time. By centralizing the email handling with watcher in intervals, you will be removing huge bottleneck in case there is many emails, while the dispatchers will be almost a sleep sending and using SMTP because it is slow, so yes you can have 64 dispatcher at the same time and will not notice the CPU usage goes above %1, while the watcher can read hundreds in one go and also this is very short and fast process.