The App That Used Lotus Notes Database for Windows Updates

Having worked on many Windows XP to Windows 7 migration projects over the past 3 years I’ve seen a lot of nasty legacy apps. This makes a good case for being labelled the most interesting to get working. (To be polite Smile )

It was a sales application, a wonderful mix of multiple technologies (The more the merrier, right?)

App highlights included:

  • 16-bit front end built on Delphi, source code long since forgotten.
  • Sync all usernames & passwords of the entire system to a local DB file stored in plain text.
  • Hardcoded paths to jre\1.5 folder dispersed across multiple batch files, .JARs, .EXEs and NSF (Lotus Notes Databases)
  • Sync data via Telnet sessions to iSeries mainframe receiving/sending ZIP files
  • Components of application built on Lotus Notes with Domino backend, and extensive LotusScript and Java code used in synchronization process
  • If DBASE style DB files + Lotus Notes database files were not providing enough places for local storage, add a local instance of SQL Server for good measure
  • Some application configuration performed by VB.NET executables

With a bit of work, I managed to get it run nicely on Windows 7 32-bit. By putting a recent copy of Java binaries in the 1.5 folder + applying the following SHIMs the app was running nicely (note it required a version of Lotus Notes client that was not technically supported running on Windows 7 … but it hadn’t been supported on XP for many years either Smile )


However one day as NSF files were syncing some users reported they were getting repeated UAC prompts. If not a local admin the only option for user was to click No, which also broke Notes replication. Viewing the “Show details” of option showed KB EXE files that were trying to launch. Checking the KBs they were Windows XP  versions of the patches.

A quick ProcMon log and we can see Lotus Notes is the process launching these EXEs:


Unfortunately there was no immediately obvious check going on whether these updates would launch or not (i.e. a reg query if update had already been applied)

So to do further investigation I used SearchMyFiles ( to search the Lotus Notes directory for anything containing this filename. (Note: Many corporate networks block downloads from as there are incredibly useful tools there but many can be used for nefarious purposes)

The reason I like SearchMyFiles is it searches binaries as well as text documents.


Ok so we found a hit:


I now turned to Ytria’s scanEZ software which allows me to open Lotus Notes database, read the schema, LotusScript, extract embedded files, etc, even if I don’t have design access to the database. (

I used this tool to open the NSF from within Lotus Notes client:


I then used the full text search option, to find part of database containing the reference (You must use Create the Full Text Index before search functions)


This brought to me some Documents in a section called .SysAdditionalProcessing


Examining all 5 documents under .SysAdditionalProcessing I found there were 2x custom Lotus Scripts that were collecting info about the laptop and storing in the Lotus database, and 3x documents that installed Windows KBs.

We found a daylight patch:


And a security patch


We found code that checked for KB being installed via reg key and stored the info back in the Notes database:

lFunctionResult = RegOpenKeyEx(HKEY_LOCAL_MACHINE, “SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB912475“, 0, KEY_QUERY_VALUE, lKeyHandle)
If lFunctionResult <> 0 Then
If lFunctionResult = 2 Then
‘The key doesn’t exist
docInfo.PATCH_KB912475_INSTALLEDDATE = “Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB912475 does not exist.”
Call FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, 0, lFunctionResult, 0, sErrorMessage, 2048, 0)
Error 9000, “Registry Error (” & Cstr(lFunctionResult) & “): ” & sErrorMessage
End If
lValueLength = 2048
lFunctionResult = RegQueryValueEx(lKeyHandle, “InstalledDate”, 0, lDataType, sReturnedValue, lValueLength)
If lFunctionResult <> 0 Then
Call FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, 0, lFunctionResult, 0, sErrorMessage, 2048, 0)
Error 9000, “Registry Error (” & Cstr(lFunctionResult) & “): ” & sErrorMessage
End If
sValue = Left(sReturnedValue, lValueLength-1)
docInfo.PATCH_KB912475_INSTALLEDDATE = sValue
lFunctionResult = RegCloseKey(lKeyHandle)
End If


With this info found we could remove the files from the Notes Database and be done with it. But not being a Domino expert I passed that info back to Notes Developers on where the offending files were located.

In case that might take a while to resolve I also came up with an alternative. By applying the SpecificNonInstaller SHIM to these executables they would run, but not elevate. No UAC prompt, and being on the incorrect OS they do nothing then decide to exit, and do not interfere with the replication process.

The patch looked like this. Here it’s important to note that just adding multiple matching files to one instance of the SpecificNonInstaller SHIM does not work, it only works with the “primary” application specified.


About chentiangemalc

specializes in end-user computing technologies. disclaimer 1) use at your own risk. test any solution in your environment. if you do not understand the impact/consequences of what you're doing please stop, and ask advice from somebody who does. 2) views are my own at the time of posting and do not necessarily represent my current view or the view of my employer and family members/relatives. 3) over the years Microsoft/Citrix/VMWare have given me a few free shirts, pens, paper notebooks/etc. despite these gifts i will try to remain unbiased.
This entry was posted in Application Compatibility, Java, Lotus Notes, Windows 7 and tagged . Bookmark the permalink.

One Response to The App That Used Lotus Notes Database for Windows Updates

  1. CypherBit says:

    Great detective work!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s