Welcome to MSDN Blogs Sign in | Join | Help

LUA Buglight

LUA Buglight 2.1 is here.  LUA Buglight identifies admin-permissions issues ("LUA bugs") in desktop applications.  I've made a lot of changes to LUA Buglight since the last "2.0 Preview" that I posted, so the version number has been bumped up:

  • Support for Windows 7, Vista and XP, and corresponding Servers (2008 R2, 2008, 2003)
  • Support for x64 (except on XP/2003)
  • Completely revamped Reporter -- streamlined and with more detailed results

Note:  The new Reporter has necessitated a new file format, so the new Buglight cannot read reports generated from older versions of Buglight.

One thing that is seriously missing is documentation -- I hope to have that posted here in some form soon.  The basics:

  • On XP/2003, you need to run it as a standard user, and you need the username/password for an administrative account; on Vista and higher, you need to run it non-elevated as a member of the Administrators group, with UAC and admin-approval mode enabled.
  • Tell it what program to run, then run it.  Whenever your app performs an action that fails unelevated, it will repeat the operation with admin rights before returning control back to the program.  If it fails without admin rights and succeeds with admin rights, details about that operation get logged.
  • Click the "Stop Logging" button to close the log file; by default this will also open the Reporter and show the results.

Another feature that isn't present yet is that while LUA Buglight does an excellent job of identifying when a program performs operations that succeed only when run as administrator, right now it doesn't provide the details to fix it if you can't modify the source code.  My plan is to turn that into a community effort by documenting the report's XML format and then providing some PowerShell scripts that process the results and point to app-compat shims, permissions changes, or other mitigations for the identified problems.

I wish I could work on LUA Buglight full time, but it's an unfunded, spare-time effort, outside of my day job.  I know that LUA Buglight would be a lot more useful with documentation, but it's more useful posted without documentation than it is not posted at all waiting for me to write up documentation.

More information will be posted to this blog.

Published Tuesday, November 03, 2009 11:15 AM by Aaron Margosis
Attachment(s): LuaBuglight.zip

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# re: LUA Buglight

Tuesday, November 03, 2009 5:18 PM by Kent

LUA Buglight is a lot more useful than me, stumbling around in the dark by myself, trying to figure this all out by myself.

I worship the keyboard your bleeding fingers pound on to produce LUA Buglight. Seriously, this is so so useful. I hope you can keep at it and thanks for all the work so far.

# re: LUA Buglight

Wednesday, November 04, 2009 4:06 AM by AndresP

Um.

Running LUAB under W7-32 with Runa as different user ( who is admin).After running program and stoping log get error messages.

"Could not load noise filter file c:\users\andres\AppData\Local\Temp\Noisefilter.xml The selected filterisnot a LUA Buglight 2.0 or newer filter." and next after pressingOK > " ERROR. The selected report is not a LUA Buglight 2.0 or newer report."

I can avoid first message if turn of filter noise. But cant still open report. Can open XML with other programs (notepad, IE etc). Seems OK onfirst look.

[Aaron Margosis]  It's not intended to be used with RunAs.  Log on as a member of the Administrators group with UAC enabled and run LUA Buglight non-elevated.  It will prompt for elevation the first time you start a program.

# re: LUA Buglight

Wednesday, November 04, 2009 4:57 AM by Vince

I don't see any way to actually download the program from here.

[Aaron Margosis]  Right below the text of the post it says "Attachment(s)" followed by a link to LuaBuglight.zip.

# re: LUA Buglight

Thursday, November 05, 2009 11:02 AM by Stephane Harvey

Hi,

I'm trying to run the new release (2.1) on Windows Server 2008 Enterprise (Build 6002 : Service pack 2) and I receive to error messages.

The first one indicate "Unable to start LUA Buglight kernel driver. (Might be a version issue.) Error = 2" and "C:\Users\has005\AppData\Local\Temp\2\LBLDriverX86.sys"

I have looked in the folder and the file is present.

The second one indicate "Unable to acquire a 'this-user-as-admin' token.  Cannot continue with the test.".

Can you assist me ?

[Aaron Margosis]  Had you run an earlier release of LUA Buglight on this system?  If so, reboot to make sure that the previous driver is not loaded.

# re: LUA Buglight

Thursday, November 05, 2009 11:40 AM by Stephane Harvey

Hi,

Yes, I have runned 2.0 but I have tried to reboot but the two same error messages appear.

Do you have another tips for me ?

Regards,

Stephane

[Aaron Margosis]  Error #2 means "The system cannot find the file specified."  The extra \2\ in the temp path seems odd.  Is that the folder you see if you start a CMD prompt and run "echo %TEMP%"?

Also, you're not doing anything with RunAs or anything like that, right?  Logged on as a member of the Administrators with UAC enabled?

Actually, never mind that thing about \2\ -- I just tested on a Server 2008 (x64) system and saw the same thing there -- it looks like it appends the terminal services session ID to the path so that the same user can be logged on multiple times.  But on my system LUA Buglight worked correctly. :)

# re: LUA Buglight

Thursday, November 05, 2009 12:12 PM by Stephane Harvey

Hi,

Yes, I have used "NET HELPMSG #" to know the signification.  This is why I have looked in the "C:\Users\has005\AppData\Local\Temp\2" folder to look if the file is here.

The "echo %TEMP%" result as "C:\Users\has005\AppData\Local\Temp\2".

I use "has005" as a member of "Administrators" and UAC is enabled.

I have tried RunAs earlier to perform some test but not now.

Do you have another tips ?

Regards

Stephane

[Aaron Margosis]  After a reboot, is there a registry key called HKLM\System\CurrentControlSet\Services\BuglightDriver ?  If so, delete it.  (Might be lingering stuff from an earlier driver that didn't clean up correctly.)

Do you have any additional security restrictions on the system?  E.g., the elevated admin has the Load Drivers privilege?  Does it work on any other systems?

What is the date on that driver file?  If you look at its Properties in Explorer, does it show as signed on October 15 2009?

# re: LUA Buglight

Thursday, November 05, 2009 1:02 PM by Stephane Harvey

Hi,

Great.

I have deleted the registry key and rebooted my server and it work better but not perfectly.

When I click "Stop logging", I receive the following error message : "Could not load noise filter file C:\Users\has005\AppData\Local\Temp\2\NoiseFilter.xml: The selected filter is not a LUA Buglight 2.0 or newer filter."

Another registry key need to be deleted ?

Regards,

Stephane

[Aaron Margosis]  Ah, good -- need to add that to the FAQ.  As to the noise filter, try this:  close the Reporter and the main LUA Buglight app.  Go into that temp folder and make sure that any NoiseFilter.xml is deleted.  Try again.  (It might be a noise filter from a previous version.)

# re: LUA Buglight

Friday, November 06, 2009 5:51 AM by Stephane Harvey

Hi,

Good morning !

I have opened the temp folder "C:\Users\has005\AppData\Local\Temp\2" and no other "NoiseFilter.xml" is present.

Also, when I call LUA Buglight, I can see that the file "NoiseFilter.xml" is generated and deleted when I close LUA Buglight too.

The error message appear immediately when I click on "Tools", "Run LUA Buglight Reporter".

receive the following error message : "Could not load noise filter file C:\Users\has005\AppData\Local\Temp\2\NoiseFilter.xml: The selected filter is not a LUA Buglight 2.0 or newer filter."

When LUA Buglight Reporter is started, if I try to open the log file generated by LUA Buglight 2.1, I receive the following error message : "ERROR: The selected report is not a LUA Buglight 2.0 or newer report.".

Another clue ?

Regards,

Stephane

[Aaron Margosis]  If you just double-click on the report file in Explorer (in the LuaBugLogs folder in your Documents folder), does it start with

<?xml version="1.0" encoding="windows-1252" ?>
<LuaBuglight version="2.0">

# re: LUA Buglight

Friday, November 06, 2009 6:11 AM by Stephane Harvey

Hi,

Yes.

Regards,

Stephane

[Aaron Margosis]  What language version of Windows are you running?  (I ran into a localization problem with the first version of LUA Buglight, and I thought I'd solved that.)

See whether this helps: Start LUA Buglight, go into the %TEMP% folder, open NoiseFilter.xml with Notepad, and add this line at the beginning of the file:

<?xml version="1.0" encoding="windows-1252" ?>

# re: LUA Buglight

Friday, November 06, 2009 6:29 AM by Stephane Harvey

Hi,

I'm running Windows Server 2008 Enterprise SP2 English.

The line is not present in the NoiseFilter.xml file generated but adding this line at the beginning of the the file don't fix the problem.

Regards,

Stephane

[Aaron Margosis]  Hmm.  What happens if you run LuaBuglight.exe and before starting the Reporter, go into the %TEMP% folder and delete NoiseFilter.xml?

# re: LUA Buglight

Friday, November 06, 2009 7:06 AM by Stephane Harvey

Hi,

I don't receive the first error message : "Could not load noise filter file C:\Users\has005\AppData\Local\Temp\2\NoiseFilter.xml: The selected filter is not a LUA Buglight 2.0 or newer filter." but when I try to open the log file generated by LUA Buglight 2.1, I always receive the following error message : "ERROR: The selected report is not a LUA Buglight 2.0 or newer report.".

Regards,

Stephane

[Aaron Margosis]  Does it work correctly on any other machines you have?

BTW, follow up by contacting me directly through the Email link and I'll post an update here if/when we resolve this.

Leave a Comment

(required) 
required 
(required) 

  
Enter Code Here: Required
 
Page view tracker