SAP Business client “Menu” freezes the published application.

This is the RCA which was shared by SAP:

The message WM_GETOBJECT is called several times from external process(es) (it is not called by SAP code) and results in one of the callstacks above.

The COM object needs to return the return-value of the COM-Method “LresultFromObject” which gets the “IAccessible” interface of the COM object as parameter.

The “LresultFromObject” method-call internally does an increase of the COM object reference counter and the sender/caller needs to decrease this reference counter if he is done with the object.

The result of SAP RCA:

· An external process is triggering an WM_GETOBJECT message to the popup menu COM object

· The COM-Method “LresultFromObject” increases internally the reference counter

· The sender/caller of the WM_GETOBJECT SendMessage() is responsible to decrease the reference count à this seems not to happen

· COM Framework does not delete the popup menu COM object, because the reference counter is not “0” after we in SAP Coding call our own Release()

· In an RDP session no WM_GETOBJECT messages were triggered on popup menu COM object (during SAP internal debugging) and issue does not exist (also at customer side)

· Only occurs on special client PC CPUs with special Citrix Versions and special client PC OS

Ø Based on the above RCA, we determined that Citrix doesn’t call the WM_GETOBJECT directly but we utilize Microsoft Active Accessibility and Microsoft UI Automation to do the same. Please refer to below MSDN page on WM_GETOBJECT:

Sent by both Microsoft Active Accessibility and Microsoft UI Automation to obtain information about an accessible object contained in a server application.

Applications never send this message directly. Microsoft Active Accessibility sends this message in response to calls to AccessibleObjectFromPoint, AccessibleObjectFromEvent, or AccessibleObjectFromWindow.

We make use of Microsoft Active Accessibility in different components. One of which is CtxUIMon.dll, which makes use of it when one of the following 2 Citrix policies is enabled (They are disabled by default)

1. “Remote the combo box”

2. “Automatic Keyboard Display”

For more details on the above policies, please refer to

Ø Citrix Workspace app is not the culprit as the issue is resolved by enabling the above mentioned policies and hence the issue is on the VDA side (Operating System)


  • No Related Posts

Memory exploit attempt detected: Attack: Structured Exception Handler Overwrite – 4098: Intrusion Prevention

I need a solution

Memory exploit attempt detected: Attack: Structured Exception Handler Overwrite in C:Program Files (x86)SymantecSymantec Endpoint Protection14.0.3929.1200.105BinccSvcHst.exe

Support said the IPS definition set that seems to have stoped the Mem Heap spray fixed this issue but it has not.  if you have updated the IPS definitions to 201901150.64 or greater. The Attack: Structured Exception Handler will resolve itself.

That is not the case.



Java 8 idioms: Functional purity

Functional pipelines can greatly increase the efficiency and performance of your
code, especially when combined with lazy evaluation and parallelization. In this
article you’ll learn the rules of functional purity, and why you should always strive to keep lambda expressions pure in your functional pipelines.