Delen via


LUA Buglight

LUA Buglight 2.1 is here.  LUA Buglight identifies admin-permissions issues ("LUA bugs") in desktop applications.  I've made a lot of changes to LUA Buglight since the last "2.0 Preview" that I posted, so the version number has been bumped up:

  • Support for Windows 7, Vista and XP, and corresponding Servers (2008 R2, 2008, 2003)
  • Support for x64 (except on XP/2003)
  • Completely revamped Reporter -- streamlined and with more detailed results

Note:  The new Reporter has necessitated a new file format, so the new Buglight cannot read reports generated from older versions of Buglight.

One thing that is seriously missing is documentation -- I hope to have that posted here in some form soon.  The basics:

  • On XP/2003, you need to run it as a standard user, and you need the username/password for an administrative account; on Vista and higher, you need to run it non-elevated as a member of the Administrators group, with UAC and admin-approval mode enabled.
  • Tell it what program to run, then run it.  Whenever your app performs an action that fails unelevated, it will repeat the operation with admin rights before returning control back to the program.  If it fails without admin rights and succeeds with admin rights, details about that operation get logged.
  • Click the "Stop Logging" button to close the log file; by default this will also open the Reporter and show the results.

Another feature that isn't present yet is that while LUA Buglight does an excellent job of identifying when a program performs operations that succeed only when run as administrator, right now it doesn't provide the details to fix it if you can't modify the source code.  My plan is to turn that into a community effort by documenting the report's XML format and then providing some PowerShell scripts that process the results and point to app-compat shims, permissions changes, or other mitigations for the identified problems.

I wish I could work on LUA Buglight full time, but it's an unfunded, spare-time effort, outside of my day job.  I know that LUA Buglight would be a lot more useful with documentation, but it's more useful posted without documentation than it is not posted at all waiting for me to write up documentation.

More information will be posted to this blog. 

[Update 3/25/2011: LUA Buglight 2.1.1 with support for Windows 7 SP1 and Server 2008 R2 SP1 is here .]

Comments

  • Anonymous
    November 03, 2009
    The comment has been removed

  • Anonymous
    November 03, 2009
    The comment has been removed

  • Anonymous
    November 03, 2009
    I don't see any way to actually download the program from here. [Aaron Margosis]  Right below the text of the post it says "Attachment(s)" followed by a link to LuaBuglight.zip.

  • Anonymous
    November 05, 2009
    Hi, I'm trying to run the new release (2.1) on Windows Server 2008 Enterprise (Build 6002 : Service pack 2) and I receive to error messages. The first one indicate "Unable to start LUA Buglight kernel driver. (Might be a version issue.) Error = 2" and "C:Usershas005AppDataLocalTemp2LBLDriverX86.sys" I have looked in the folder and the file is present. The second one indicate "Unable to acquire a 'this-user-as-admin' token.  Cannot continue with the test.". Can you assist me ? [Aaron Margosis]  Had you run an earlier release of LUA Buglight on this system?  If so, reboot to make sure that the previous driver is not loaded.

  • Anonymous
    November 05, 2009
    Hi, Yes, I have runned 2.0 but I have tried to reboot but the two same error messages appear. Do you have another tips for me ? Regards, Stephane [Aaron Margosis]  Error #2 means "The system cannot find the file specified."  The extra 2 in the temp path seems odd.  Is that the folder you see if you start a CMD prompt and run "echo %TEMP%"? Also, you're not doing anything with RunAs or anything like that, right?  Logged on as a member of the Administrators with UAC enabled? Actually, never mind that thing about 2 -- I just tested on a Server 2008 (x64) system and saw the same thing there -- it looks like it appends the terminal services session ID to the path so that the same user can be logged on multiple times.  But on my system LUA Buglight worked correctly. :)

  • Anonymous
    November 05, 2009
    Hi, Yes, I have used "NET HELPMSG #" to know the signification.  This is why I have looked in the "C:Usershas005AppDataLocalTemp2" folder to look if the file is here. The "echo %TEMP%" result as "C:Usershas005AppDataLocalTemp2". I use "has005" as a member of "Administrators" and UAC is enabled. I have tried RunAs earlier to perform some test but not now. Do you have another tips ? Regards Stephane [Aaron Margosis]  After a reboot, is there a registry key called HKLMSystemCurrentControlSetServicesBuglightDriver ?  If so, delete it.  (Might be lingering stuff from an earlier driver that didn't clean up correctly.) Do you have any additional security restrictions on the system?  E.g., the elevated admin has the Load Drivers privilege?  Does it work on any other systems? What is the date on that driver file?  If you look at its Properties in Explorer, does it show as signed on October 15 2009?

  • Anonymous
    November 05, 2009
    Hi, Great. I have deleted the registry key and rebooted my server and it work better but not perfectly. When I click "Stop logging", I receive the following error message : "Could not load noise filter file C:Usershas005AppDataLocalTemp2NoiseFilter.xml: The selected filter is not a LUA Buglight 2.0 or newer filter." Another registry key need to be deleted ? Regards, Stephane [Aaron Margosis]  Ah, good -- need to add that to the FAQ.  As to the noise filter, try this:  close the Reporter and the main LUA Buglight app.  Go into that temp folder and make sure that any NoiseFilter.xml is deleted.  Try again.  (It might be a noise filter from a previous version.)

  • Anonymous
    November 05, 2009
    Hi, Good morning ! I have opened the temp folder "C:Usershas005AppDataLocalTemp2" and no other "NoiseFilter.xml" is present. Also, when I call LUA Buglight, I can see that the file "NoiseFilter.xml" is generated and deleted when I close LUA Buglight too. The error message appear immediately when I click on "Tools", "Run LUA Buglight Reporter". receive the following error message : "Could not load noise filter file C:Usershas005AppDataLocalTemp2NoiseFilter.xml: The selected filter is not a LUA Buglight 2.0 or newer filter." When LUA Buglight Reporter is started, if I try to open the log file generated by LUA Buglight 2.1, I receive the following error message : "ERROR: The selected report is not a LUA Buglight 2.0 or newer report.". Another clue ? Regards, Stephane [Aaron Margosis]  If you just double-click on the report file in Explorer (in the LuaBugLogs folder in your Documents folder), does it start with <?xml version="1.0" encoding="windows-1252" ?>
    <LuaBuglight version="2.0">

  • Anonymous
    November 05, 2009
    The comment has been removed

  • Anonymous
    November 05, 2009
    The comment has been removed

  • Anonymous
    November 05, 2009
    Hi, I don't receive the first error message : "Could not load noise filter file C:Usershas005AppDataLocalTemp2NoiseFilter.xml: The selected filter is not a LUA Buglight 2.0 or newer filter." but when I try to open the log file generated by LUA Buglight 2.1, I always receive the following error message : "ERROR: The selected report is not a LUA Buglight 2.0 or newer report.". Regards, Stephane [Aaron Margosis]  Does it work correctly on any other machines you have? BTW, follow up by contacting me directly through the Email link and I'll post an update here if/when we resolve this.

  • Anonymous
    December 02, 2009
    Hi, I run the latest 2.1 version on Win7(Version 6.1.7600), but get the following error message:


LBLTokenHelper-Vista

Unable to start LUA Buglight kernel driver.  (Might be a version issue.)  Error = 50 Driver path = C:UsersshurshAppDataLocalTempLBLDriverX86.sys

OK  

[Aaron Margosis]  Try rebooting -- you may have an older version of the driver stuck in memory.

  • Anonymous
    February 03, 2010
    Hi Aaron, I am getting an error message while running this application in both "Administrator" and "Standard User" mode. Is this application compatible with Windows 2008 server? If so, what is this error message means "LUA Buglight must be run unelevated by a member of the Administators group in admin-approval mode. Thanks for your help. Regards, Karthik [Aaron Margosis]  To do its work, LUA Buglight uses a user context that represents one user as both a regular user and as an administrator -- which is what UAC gives you for members of the Administrators group.  In this case, you need to use another account that is a member of the Administrators group.  The standard user account can't be used because it can't be elevated.  The default Administrator account can't be used because it runs everything elevated all the time -- "Admin Approval Mode" is disabled by default for the built-in Administrator account.

  • Anonymous
    February 06, 2010
    It's a great program. The only improvement i can think of would be to include Permissions details in the report, perhaps in SDDL format or Subinacl friendly format. Ex: [Registry] HKLMSystemCurrentControlSetServicesWinSock2Parameters=F [Files] C:Program FilesIBMLotusSymphonyframeworkrcpeclipseconfigurationwrittableArea49673.dll=CDP Then i can start scripting fixes using tools like iniman (W2K3 RK).

  • Anonymous
    March 16, 2010
    just wanted to say that this is fantastic! i have been spending days looking at permissions issues until i finally stumbled upon this. why in the world is miscrosoft NOT paying for this?  i realize vista has been out for some time, but a lot of developers (myself included) have not made the switch from xp till now with the promise of win7.  an included tool like this in the visual studio tools would be invaluable to helping win developers make the transition to the uac security model. thanks so much for all your effort and time on this, many many kudos!

  • Anonymous
    May 03, 2010
    Aaron, I've got the same problem as Stephane : "Could not load noise filter file C:Usershas005AppDataLocalTemp2NoiseFilter.xml: The selected filter is not a LUA Buglight 2.0 or newer filter." I tried the solution you suggested regarding the xml enconding to no avail. I use an XP French edition Thanks for your help Chris

  • Anonymous
    May 03, 2010
    Aaron, I change the "regional settings" from french to english US and it's working so the localization problem is still here. Chris

  • Anonymous
    May 06, 2010
    Just wanted to say thanks for your efforts. This is an excellent tool. It has helped with dealing with applications that don't play well with FDCC requirements.

  • Anonymous
    May 11, 2010
    Nice one !!! This little tool is excellent ! Thank you for your hard work !

  • Anonymous
    May 31, 2010
    "I wish I could work on LUA Buglight full time, but it's an unfunded, spare-time effort, outside of my day job.  I know that LUA Buglight would be a lot more useful with documentation, but it's more useful posted without documentation than it is not posted at all waiting for me to write up documentation." So make it open source, easy answer.

  • Anonymous
    June 14, 2010
    Hello, thanks for the program. I hope it will help a lot in solving migration issues with my old software. My plan is to test my applications in a VMware installation of Windows 7 but LUA Buglight does not start any application. I do get an error window "Timed out waiting for LBL TokenHelper-Vista.exe process to complete" Any idea what causeses that problem ? Does Lua Buglight run in a VM ? Kind regards Harald

  • Anonymous
    July 09, 2010
    I wanted to test an application using LUA Buglight running on Windows 7 x64.  Application runs fine using local Administrator's accoun, but doesn't run at all using regular user account. When running LUA Buglight I get an error: "Target process requires elevation. LUA Buglight cannot profile this app." What does this mean and what do I need to do to proceed? I'm running LUA Buglight under account that is member of local Administrators group and it runs in Admin Aproval Mode. [Aaron Margosis]  That means that Windows always insists on running the process with elevated privileges.  LUA Buglight needs to start the process un-elevated in order to test it.  There are a handful of typical causes.  One is that the app has an embedded manifest that marks it as requireAdministrator or highestAvailable.  Another is that Windows heuristically determines that the application is a legacy installer, and proactively "helps" you by prompting for elevation, since most installers require admin rights.  You can turn off this installer detection heuristic in Local Security Policy | Security Settings | Local Policies | Security Options | "User Account Control: Detect application installations and prompt for elevation" - set to Disable.  (This should actually be the preferred configuration in a managed environment.)

  • Anonymous
    July 22, 2010
    The comment has been removed

  • Anonymous
    February 16, 2011
    Hi, the program dont work in windows 7 with SP 1 (x86) I try it and get Error=50 , a problem with LBLDriverX86.sys

  • Anonymous
    February 26, 2011
    The comment has been removed

  • Anonymous
    March 04, 2011
    I have issues running the tool. The OS is Windows Server 2008 R2 Enterprise 64-bit and I need to run a 32-bit application. The error - "Unable to start LUA Buglight kernel driver. (Might be a version issue.) Error = 2 Driver Path = C:UsersMyUserAppDataLocalTemp1LBLDriverX64.sys" Also there is a second error "Unable to acqire a "This-user-as-admin" token". Any idea why this is happening? [Aaron Margosis]  Error 2 is "The system cannot find the file specified."  If you look in that folder, is the file there?  LUA Buglight works like the Sysinternals utilities -- it has the additional files it needs embedded within it, and extracts them out to the %TEMP% folder.  You should see that and other extra files such as LuaDetoursShim.dll in the same location.

  • Anonymous
    March 09, 2011
    Hi Aaron, The files are there. I checked also everything that you mentioned in a previous conversation with Stephane who ran into similar issues. It's still not working. I don't know if it makes a difference but the machine is a VM. Thanks! [Aaron Margosis]  Do you have Service Pack 1 installed?  I need to post an update to LUA Buglight for it to work with Service Pack 1.

  • Anonymous
    March 11, 2011
    Hi Aaron, The machine has Service Pack 1 installed so I will need to the update. In the meantime I tested the application on Win2K3 and got the report. Thanks!

  • Anonymous
    April 20, 2011
    Hi Iv downloaded LUA Buglight and I cont run it when I try I get the error ' ERROR: LUA Buglight must be run unelevated by a member of the administrators group in admin-approval mode' I have tright running as a restricted users and network admin user and a local adimin user I even added my network admin user as a local admin and still had the same error. any idea's? [Aaron Margosis]  On Vista/Win7 or corresponding servers - make sure UAC is not disabled; log on as a member of the Administrators group but do not run LUA Buglight with admin rights.

  • Anonymous
    April 20, 2011
    The comment has been removed

  • Anonymous
    December 18, 2011
    Fabulous!