This is”part 2″ in a propeller-head series about the internal workings of Citrix Application Streaming.  This post covers how stuff in the registry can be “erased” during profiling without really effecting the profiling machine.  The same concepts apply at runtime where the application can erase things from the machine and have this effect only be apparent for the current user rather than the whole machine.

Part 1 covered the same topic for files.

Consider: Machine has registry space at HKLM\Software\DeleteMe (yes, notice the easy to recognize naming).  In this example, there are also a few registry items located in that space, abtly named, item 1 and item 2.

The installation program observes that this space exists and as part of its installation activity, erases it.  The job of the isolation system is to let the installer BELIEVE it erased the space, while not really erasing it, so that the streaming client can present this space as “not there”, when it really is.

For the installer, I have used CMD.exe and here’s the activity, captured as text.

c:\>reg query hklm\software\deleteme


Item 1    REG_DWORD    0x1

Item 2    REG_DWORD    0x2

c:\>reg delete hklm\software\deleteme

Permanently delete the registry key HKEY_LOCAL_MACHINE\software\deleteme (Yes/No

)? y

The operation completed successfully.

c:\>reg query hklm\software\deleteme

ERROR: The system was unable to find the specified registry key or value.

From outside of isolation, go look at the “real” registry.  You’ll see:

What happened?

Answer: The true registry was not “hurt” by the profiling activity.  The registry space that was deleted wasn’t really deleted.  The captured profile though believes it was deleted and when moved to the execution machine, the Streaming Client will do similar isolation stuff to make this space appear “gone” even if that space really exists.  The “how” follows.

Package the app up and peek into the captured registry contents and you’ll see the magic that makes this happen.  Recall from the file discussion, NTFS Alternate Data Streams are attached to the deleted files to describe them as erased.  The isolation system does similar activity for deleted registry.

Notice that the deleted registry space “exists” as part of the captured registry space.  It exists, but there is also this extra stuff that the isolation system references to conclude that this registry space is “erased” and should be masked from vision to the application.  In the case of the registry as well as for files, the erased markers are attached to the erased stuff so that the isolation system doesn’t have to look far away to index things that are erased.  When a registry key is opened, the isolation system looks to the side to see if the marker is present and if it is, it “hides” this registry key from the view of the application.


I called this magic above.  In reality, no magic.  If the application happened to use and depend on a registry item named CitrixAIEDeletedStatus, this whole thing would not work.  Fortunately, this is a rather unique name and this makes it okay to add to registry space, where the application won’t be impacted.  As a last step, the registry items that are the markers “don’t exist” from the perspective of the isolated application, so this prevents confusing an application by giving it extra registry items that it did not define.

What is the other Citrix thing

Good question.  The CitrixAIEPlaceHolder item exists so that the isolation system can transport registry KEYS that have no contents.  Compare in concept to XCOPY /S and XCOPY /S /E.  Some application create registry keys (similar to file system directories) and the mere presence of the key has meaning to the application even if that key has no contents.  Since the isolation system stores and later repopulates the registry space in a manner similar to .reg files save and restore, keys with no contents get lost.   By providing an item, any item, the empty registry key is preserved from profiling system to execution system and the application “works” because it sees what it expects to see.


Lots of bit head stuff here on how the isolation system works.  Don’t become dependent on it.  We change these things from release to release and it is likely that the method of representing deleted registry or empty registry can and will change some day in the future.

But – if you’re looking at your machine and are asking yourself: What is all the Citrix stuff?  Now you have the answer.

Joe Nord