Peter Hinchley

Learning in Public

✪ Spoofing an Environment Variable for an Application using a Shim

I was recently asked to get Notes Shared Login (NSL) working on a Windows 2012 R2 server running Citrix XenDesktop. Now, officially this isn't supported; however, in theory, it should work.

After looking into the application start-up process, I was able to determine that Notes calls a function named SECIsOKToNSLEnable in nnotes.dll to query if Citrix is installed, and if so, it explicitly denies the use of NSL.

I wasn't able to easily determine how the SECIsOKToNSLEnable function actually detects the presence of Citrix, but based on previous experience, I took a guess that it was inspecting the value assigned to the SESSIONNAME environment variable. In a Citrix environment, this variable is typically set to a value in the form ICA-XXXXX. To test the theory, I manually set the value to DUMMY, launched Notes, and sure enough, this time NSL worked.

Obviously, changing the value of the SESSIONNAME variable globally (for the user's session) isn't a good idea. So I decided to create a shim that would modify the environment variable only for Notes.

This is the approach I used:

  1. On a development system, install the Application Compatibility Tools feature of the Windows 10 ADK.
  2. Run the Compatibility Administrator (C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe). Note: You should use the 32-bit client when developing a shim for a 32-bit application.
  3. Right click New Database listed under Custom Databases, and select Rename. Call it something meaningful. I used IBM Notes.
  4. Once again, right click the database, and this time select Create New / Application Fix.
  5. Set the Name and Vendor, and then browse to the relevant executable. I set Name to Notes 9.0, vendor to IBM, and Program file location to C:\Program Files (x86)\IBM\Notes\notes.exe.
  6. Skip the wizard page titled Compatibility Modes.
  7. On the wizard page titled Compatibility Fixes select SetEnvironmentVariable, and then click the Parameters button.
  8. Add the required variable name and value to the command line field in the form: Variable|Value. For example, to set the SESSIONNAME variable to DUMMY, enter SESSIONNAME|DUMMY.
  9. Complete the remainder of the wizard by selecting the default options.
  10. Save the database (e.g. C:\Temp\Notes.sdb).
  11. Copy the database to the system where you want to spoof the environment variable (e.g. C:\Windows\Notes.sdb).
  12. Install the database via the command line using: sdbinst.exe -q C:\Windows\Notes.sdb

That's it. Now, when you run Notes it will read the value of the SESSIONNAME environment variable as DUMMY. You can confirm this by using Process Explorer (look at the Environment tab on the Properties dialog for the notes.exe process).

Happy spoofing.