I will be presenting a session at E2EVC in Rome next weekend.

Recently I published an article on my blog that shows how to run an executable of choice when the Citrix Receiver exits.

In this session I will show you how to find such undocumented features in applications step by step. Using this example we will open the Citrix Receiver in Ida Pro and disassemble it.

Using public resources such as the Citrix Public Symbol Server we can analyze, understand and finally make the code more readable.

I will try to make this session not an “enter the matrix one” but one that could be considered as an intro into using Ida Pro for reverse engineering and app compat fixing.

Hope to see you all in Rome, my session is scheduled Friday November 1 from 18.30 – 19.15. There will be room for questions so feel free to take your own Crapplication™ and ask about it after the session.

See you in Rome!

I wanted to do an unattended install of the Microsoft App-V 5.0 SP1 client.

I wanted to install using the MSI’s instead of using the exe installer so I unpacked the MSI’s from the installer as documented here.

The install failed however with MSI error 1603. I activated logging but that was not very helpful since it only logged "MainEngineThread is returning 1603".

Manual install of the MSI gave a bettor error message:

I had already installed the MSVC++ 2005 SP1 runtime but the version was slightly lower.

Unfortunately Microsoft doesn’t publish the build numbers with their downloads so it takes some searching to determine the correct download.

Version 8.0.61001 is labeled as "Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update" and can be downloaded here.

There is a similar requirement for the Microsoft Visual C++ 2010 runtime which should be at least 10.0.40219. This one is easier though because the required version is extracted together with the MSI files.

As a final note you need to set the AcceptEULA MSI property to 1 for both the client and language pack MSI or the install will fail.

I wanted to run a virtual Citrix License server in my LAB.

Unfortunately Citrix only provides the VPX License Server in XenServer format (.xva). If you want to run the VPX on VMware ESX or Microsoft Hyper-V you need to convert it first.

The option to convert a Xen Virtual Appliance to OVF format was removed in XenConvert 2.4.1. So for a conversion you need version 2.3.1.

Here are the direct download links:

• XenConvert 2.3.1 (Windows 32-bit)
• XenConvert 2.3.1 (Windows 64-bit)

However when I tried to convert the downloaded VPX (Citrix_License_Server_VPX_v11.10.0_Build_12002.xva) I got the error "Failed to decode tar header record":

Read the rest of this entry »

A while ago I was doing some research for Magic Filter when I stumbled upon something interesting within Receiver.

Inside wfica32.exe is a function called _Eng_RunExecutableOnExit. That name caught my interest, I’ve made it a little more readable with Ida Pro:

Read the rest of this entry »

Today I was troubleshooting a warning message that popped up when launching a network application with RES Workspace Manager:

Usually this is a simple fix: add the servername (file://server) to the Local Intranet zone:

That worked when I launched the application directly. However when launching the application with RES Workspace Manager I would still get the warning. Even stranger: when I clicked Cancel the application would still be launched.

Read the rest of this entry »

I needed to connect remotely via Remote Desktop to a Windows Server 2012 machine.

I received an rdp file that was configured to use an RD Gateway server:

However when trying to connect from my Windows 7 laptop (x64) machine, I got the following error message:

Read the rest of this entry »

In Enterprise environments users are often working on a remote (virtual) desktop such as when using SBC or VDI.

They typically get a full screen session, perhaps on a thin client, and have not idea that they are using a remote desktop.

The Problem
However when they press Ctrl-Alt-Delete they get either the local Security Attention Screen / Task Manager or nothing at all if it has been blocked.

Clever users know they can use alternative key combinations such as Shift-F2 for Citrix or Ctrl-Alt-End for RDS.

But that’s not the seamless experience we want to give our users, is it?

Read the rest of this entry »

Some time ago I wrote about the PNAgent data that is stored in the registry in XML format.

After that post Andrew Morgan asked me if I could extract the PNAgent icons from the XML data.

That got me interested so let’s look at this data!

If you look at XML from PNAgent the icondata as in the AppData.Details.Icon node you’ll see something like this:

Seems like the icon data is stored/encrypted in a proprietary format.

Read the rest of this entry »

ClickOnce is a Microsoft technology that enables an end user to install an application from the web without administrative permissions.

That’s great isn’t it?
While ClickOnce may sound great to developers it’s actually a nightmare for Enterprise administrators because they try to prevent users from installing software themselves.

ClickOnce also incorporates an Automatic Updates mechanism which means that users might run different or not tested/approved versions…

Virtual Environments
It get’s even worse in virtual environments such as VDI and SBC where machines are often non-persistent. Each time the users starts the application they will see a screen similar to the one below while they actually download and install it over and over again:

If the environment is persistent, it’s not guaranteed that the user works on the same machine each day. This means that the application will be installed on every box the user ever logs onto…

How does it work?
In order to understand how we can best treat ClickOnce applications we need to understand how they work since MSDN documentation does not describe this in detail.

Read the rest of this entry »

Since some time Microsoft no longer offers the Debugging Tools for Windows as a standalone download.

You need to download the SDK installer and download from there.

This sort of annoys me since I sometimes need to install WinDBG quickly for some troubleshooting.

I watched the URL’s with Fiddler while using the SDK Installer and here are the current URL’s:

From the SDK for Windows 7:
• Debugging Tools for Windows (x86) version 6.12.2.633 
• Debugging Tools for Windows (x64) version 6.12.2.633