How to Disable Citrix API Hooks on a Per-application Basis

book

Article ID: CTX107825

calendar_today

Updated On:

Description

This article describes how to disable all Citrix Application Programming Interface (API) hooks on a per-application basis, or feature specific API hooks for all applications.

Background

Features are implemented by loading a number of DLL modules into the address space of each application and hooking certain API calls. You can prevent the loading of these modules on a per-application basis or system wide for all processes. The following removal procedure removes all Child hooks from XenApp/XenDesktop – the Parent hook mfaphook.dll along with radeaphook.dll and ctxsbxhook.dll (and their 64-bit equivalents) will not be removed from the application as these components are required for basic XenApp functionality.

Instructions

Caution! Refer to the Disclaimer at the end of this article before using Registry Editor.

Renaming an API hook DLL to disable it is not supported.

You can disable all Citrix API hooks for a single executable file by creating the following registry values:

For Windows 32-bit version

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxHook
Value Name: ExcludedImageNames
Type: REG_SZ
Value: badapp1.exe,badapp2.exe,badapp3.exe

For Windows 64-bit version

Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxHook
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\CtxHook
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\CtxHook64
Value Name: ExcludedImageNames
Type: REG_SZ
Value: badapp1.exe,badapp2.exe,badapp3.exe

Note: The CtxHook64 key does not exist on Windows 2008 R2 or higher and it is not required.

You can disable a specific Citrix API hook, corresponding to an associated feature, for all processes by creating the following registry values:

For the 32-bit version

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxHook\AppInit_Dlls\<Feature>

Value Name: Flag
Type: REG_DWORD
Value: 0

For the 64-bit version

Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxHook\AppInit_Dlls\<Feature>
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\CtxHook\AppInit_Dlls\<Feature>
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\CtxHook64\AppInit_Dlls\<Feature>
Value Name: Flag
Type: REG_DWORD
Value: 0

Note: The CtxHook64 key does not exist on Windows 2008 R2 or higher and it is not required.

<Feature> is replaced with the name of the relevant registry key; for example Smart Card Redirection is controlled by the key “Smart Card Hook”.

An alternative to setting each value Flag to zero, is to remove the Hook DLL subkey from HKLM\SOFTWARE\Citrix\CtxHook\AppInit_Dlls, and then reboot.

Note: The above step will stop all citrix hook dlls from getting loaded into the specified process, which may cause some side effects.

To minimize the impact and risk, if you know which hook dll is responsible for the issue, then apply the following flag to exclude that specific hook dll from that problem process.

Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxHook\AppInit_Dlls\<Feature>
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\CtxHook\AppInit_Dlls\<Feature>
Value Name: Flag
Type: REG_DWORD
Value: 0x200

For each process to be excluded from hooking by <feature.dll>, please create the following keys:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxHook\AppInit_Dlls\<Feature>\<process_name.exe>
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\CtxHook\AppInit_Dlls\<Feature> \<process_name.exe>

NOTE: This value can be combined with existing flag bits except 0x2

For Xenapp and XenDesktop version 7.9 and newer:

XenDesktop/XenApp 7.9 and later utilizes Kernel APC Hooking as a replacement of AppInit_DLLs used in previous versions of the products. You can completely disable all Citrix Hooking (including MfApHook.dll and MfApHook64.dll) on XenDesktop/XenApp 7.9 and later for specific applications by creating the following registry value:

Key: HKLM\SYSTEM\CurrentControlSet\services\CtxUvi
Value Name: UviProcessExcludes
Type: REG_SZ
Value: badapp1.exe;badlongname.ex;badapp2.exe

Notes

You must reboot the VDA to have the changes take effect.
There is a 14 character limit on the process names - this means to exclude an application named “badlongname.exe” you would add “badlongname.ex”.
The UviProcessExcludes key does not support wild cards.
The registry will already exist on XenDesktop/XenApp 7.14.1 and newer VDAs so additional applications can be appended with a semicolon delimiter.

Environment

Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Issue/Introduction

This article describes how to disable Citrix Application Programming Interface (API) hooks on a per-application basis.

Additional Information

CTX101644 - Seamless Configuration Settings

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"