XenDesktop 7.X: Disabling Citrix API Hooks Fails To Take Effect When A Lot Of Executables Are Added To "ExcludedImageNames" Registry.
Article ID: CTX231351
Updated On:
Description
- You have a lot of applications/ executables for which you wish to prevent loading of Citrix API hooks.
- You add the executable names of those applications to the below registry key. However, when you launch those applications in ICA session, though Process Explorer tool you find that the Citrix API hooks are still getting loaded in those applications.
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxHook
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\CtxHook
Value Name: ExcludedImageNames
Type: REG_SZ
Value: badapp1.exe,badapp2.exe,badapp3.exe
- We used Process Monitor Tool to see what happen while launching the applications which were added to the exclusion list and found that we were getting "Buffer Overflow" while reading the above two registry keys:
- From further testing we found that this happens when more than 483 characters are added to the above two registry keys.
Resolution
- This issue has been addressed under L8614 in 7.15 LTSR CU3 and 7.6 LTSR CU6.
https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-6-long-term-service-release/xad-whats-new/cumulative-update-6/fixed-issues.html
- The workaround is to reduce the number of applications added to the ExcludedImageNames registry key so that you don't hit the 483 character limit.
Problem Cause
Buffer Overflow" while reading the above two registry keys when more than 483 characters are added to the above two registry keys.Issue/Introduction
Disabling Citrix API Hooks Fails To Take Effect When A Lot Of Executables Are Added To "ExcludedImageNames" Registry.
Additional Information
STATUS_BUFFER_OVERFLOW : {Buffer Overflow} The data was too large to fit into the specified buffer.
https://superuser.com/questions/491597/process-monitor-entrys-with-buffer-overflow
What is happening is the program is requesting data the length of which it does not know. It provides an initial buffer. If it is too small, a Buffer Overflow is returned together with the size needed and the program can reissue the request with the correct size.
https://blogs.technet.microsoft.com/markrussinovich/2005/06/04/buffer-overflows-in-regmon-traces/
Buffer overflow error in this context is not a security hole, but a way for the system to tell an application that there’s more data available in response to a query the application has made than can fit in the application’s output buffer. STATUS_BUFFER_OVERFLOW is used when some, but not all, available data has been copied.
https://superuser.com/questions/491597/process-monitor-entrys-with-buffer-overflow
What is happening is the program is requesting data the length of which it does not know. It provides an initial buffer. If it is too small, a Buffer Overflow is returned together with the size needed and the program can reissue the request with the correct size.
https://blogs.technet.microsoft.com/markrussinovich/2005/06/04/buffer-overflows-in-regmon-traces/
Buffer overflow error in this context is not a security hole, but a way for the system to tell an application that there’s more data available in response to a query the application has made than can fit in the application’s output buffer. STATUS_BUFFER_OVERFLOW is used when some, but not all, available data has been copied.
Was this article helpful?
Yes
No
Powered by
