When you run the System File Checker (Sfc.exe) or DISM, the error code 0xc0000017 may appear. The following is the full error message:
sfc.exe - Application Error The application was unable to start correctly (0xc0000017). Click OK to close the application.
Dism.exe - Application Error The application was unable to start correctly (0xc0000017). Click OK to close the application.
The error code 0xc0000017 means the following:
STATUS_NO_MEMORY ntstatus.h
# {Not Enough Quota}
# Not enough virtual memory or paging file quota is available
# to complete the specified operation.
# 1 matches found for "0xc0000017"
Cause
This error happens if malware has added a Dism.exe or Sfc.exe entry in the “Image File Execution Options” registry key. The entry might look like the following:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sfc.exe] "MinimumStackCommitInBytes"=dword:41888888
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dism.exe] "MinimumStackCommitInBytes"=dword:41888888
The above registry value is usually employed by malware. As per TrendMicro, the value of MinimumStackCommitInBytes associated with a specific process in the IFEO registry key will be used to define the minimum size of stack to commit in initialising the main thread. If the stack size is too large, it will trigger a stack overflow exception and terminate the current process.
Resolution
To resolve the DISM or SFC error 0xc0000017, delete the abovementioned registry key(s).
Launch Regedit.exe and go to the following branch:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sfc.exe
Right-click on the Sfc.exe key and choose Delete.
Then, go to the following branch if it exists:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dism.exe
Right-click on the dism.exe key and choose Delete.
Exit the Registry Editor.
You should now be able to run DISM and Sfc.exe.
Additional note
On some systems, malware may have blocked additional executables using the IFEO key. For example, the following executables may be blocked.
aswidsagent.exe: [MinimumStackCommitInBytes] 1099466887 autoruns.exe: [MinimumStackCommitInBytes] 1099466887 autorunsc.exe: [MinimumStackCommitInBytes] 1099466887 AvastSvc.exe: [MinimumStackCommitInBytes] 1099466887 AvastUI.exe: [MinimumStackCommitInBytes] 1099466887 avpui.exe: [MinimumStackCommitInBytes] 1099466887 bcdedit.exe: [MinimumStackCommitInBytes] 1099466887 klwtblfs.exe: [MinimumStackCommitInBytes] 1099466887 KVRT.exe: [MinimumStackCommitInBytes] 1099466887 mbamagent.exe: [MinimumStackCommitInBytes] 1099466887 mbamservice.exe: [MinimumStackCommitInBytes] 1099466887 mbamtray.exe: [MinimumStackCommitInBytes] 1099466887 MediaCreationTool22H2.exe: [MinimumStackCommitInBytes] 1099466887 mmc.exe: [MinimumStackCommitInBytes] 1099466887 mstsc.exe: [MinimumStackCommitInBytes] 1099466887 PowerTool.exe: [MinimumStackCommitInBytes] 1099466887 PowerTool64.exe: [MinimumStackCommitInBytes] 1099466887 ReAgentc.exe: [MinimumStackCommitInBytes] 1099466887 recoverydrive.exe: [MinimumStackCommitInBytes] 1099466887 rstrui.exe: [MinimumStackCommitInBytes] 1099466887 systemreset.exe: [MinimumStackCommitInBytes] 1099466887 SystemSettingsAdminFlows.exe: [MinimumStackCommitInBytes] 1099466887 tcpview.exe: [MinimumStackCommitInBytes] 1099466887 tcpview64.exe: [MinimumStackCommitInBytes] 1099466887 vssadmin.exe: [MinimumStackCommitInBytes] 1099466887 Wireshark.exe: [MinimumStackCommitInBytes] 1099466887 wuapihost.exe: [MinimumStackCommitInBytes] 1099466887 wuauclt.exe: [MinimumStackCommitInBytes] 1099466887 x32dbg.exe: [MinimumStackCommitInBytes] 1099466887 x64dbg.exe: [MinimumStackCommitInBytes] 1099466887 xcopy.exe: [MinimumStackCommitInBytes] 1099466887
One small request: If you liked this post, please share this?
One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!
